Skip to content

Commit

Permalink
Backport suspicious activity.
Browse files Browse the repository at this point in the history
  • Loading branch information
csavelief committed Oct 25, 2024
1 parent ad264f9 commit a6f661b
Show file tree
Hide file tree
Showing 6 changed files with 226 additions and 16 deletions.
4 changes: 2 additions & 2 deletions app/Models/YnhOsquery.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -462,7 +462,7 @@ public static function suspiciousEvents(Collection $servers, Carbon $cutOffTime)
(Str::startsWith($event->columns['path'], '/run/docker/') && $event->columns['type'] === 'nsfs');

if (!$isDockerMountEvent) { // drop Docker-generated 'mounts' events
if ($event->action === 'added') {
/* if ($event->action === 'added') {
return [
'id' => $event->id,
'timestamp' => $event->calendar_time->format('Y-m-d H:i:s'),
Expand All @@ -478,7 +478,7 @@ public static function suspiciousEvents(Collection $servers, Carbon $cutOffTime)
'ip' => $event->server->ip(),
'message' => "Le répertoire {$event->columns['path']} ne pointe maintenant plus vers un système de fichiers de type {$event->columns['type']}.",
];
}
} */
}
} elseif ($event->name === 'shell_check' || $event->name === 'sudoers_shell' || $event->name === 'sudoers_sha1') {
return [
Expand Down
3 changes: 3 additions & 0 deletions app/View/Components/BigNumber.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@ private function icon(string $icon): string
if ($icon === 'dns') {
return '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M19.5 7a9 9 0 0 0 -7.5 -4a8.991 8.991 0 0 0 -7.484 4" /><path d="M11.5 3a16.989 16.989 0 0 0 -1.826 4" /><path d="M12.5 3a16.989 16.989 0 0 1 1.828 4" /><path d="M19.5 17a9 9 0 0 1 -7.5 4a8.991 8.991 0 0 1 -7.484 -4" /><path d="M11.5 21a16.989 16.989 0 0 1 -1.826 -4" /><path d="M12.5 21a16.989 16.989 0 0 0 1.828 -4" /><path d="M2 10l1 4l1.5 -4l1.5 4l1 -4" /><path d="M17 10l1 4l1.5 -4l1.5 4l1 -4" /><path d="M9.5 10l1 4l1.5 -4l1.5 4l1 -4" /></svg>';
}
if ($icon === 'world') {
return '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M3 12a9 9 0 1 0 18 0a9 9 0 0 0 -18 0" /><path d="M3.6 9h16.8" /><path d="M3.6 15h16.8" /><path d="M11.5 3a17 17 0 0 0 0 18" /><path d="M12.5 3a17 17 0 0 1 0 18" /></svg>';
}
if ($icon === 'server') {
return '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M3 4m0 3a3 3 0 0 1 3 -3h12a3 3 0 0 1 3 3v2a3 3 0 0 1 -3 3h-12a3 3 0 0 1 -3 -3z" /><path d="M3 12m0 3a3 3 0 0 1 3 -3h12a3 3 0 0 1 3 3v2a3 3 0 0 1 -3 3h-12a3 3 0 0 1 -3 -3z" /><path d="M7 8l0 .01" /><path d="M7 16l0 .01" /></svg>';
}
Expand Down
37 changes: 37 additions & 0 deletions app/View/Components/SuspiciousActivity.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
<?php

namespace App\View\Components;

use App\Models\YnhOsquery;
use App\Models\YnhServer;
use App\Modules\AdversaryMeter\Models\Asset;
use App\User;
use Carbon\Carbon;
use Closure;
use Illuminate\Contracts\View\View;
use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Auth;
use Illuminate\View\Component;

class SuspiciousActivity extends Component
{
public Collection $events;
public Collection $metrics;
public Collection $assetsDiscovered;

public function __construct()
{
/** @var User $user */
$user = Auth::user();
$servers = YnhServer::forUser($user);
$cutOffTime = Carbon::now()->subDay();
$this->events = YnhOsquery::suspiciousEvents($servers, $cutOffTime);
$this->metrics = YnhOsquery::suspiciousMetrics($servers, $cutOffTime);
$this->assetsDiscovered = Asset::where('created_at', '>=', $cutOffTime)->orderBy('asset')->get();
}

public function render(): View|Closure|string
{
return view('components.suspicious-activity');
}
}
11 changes: 11 additions & 0 deletions resources/lang/fr.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,10 @@
"Apply": "Appliquer",
"Are you sure you want to delete this chunk?": "Êtes-vous sûr de vouloir supprimer ce chunk?",
"Are you sure you want to delete this prompt?": "Êtes-vous sûr de vouloir supprimer ce prompt?",
"Asset": "Actif",
"Asset Type": "Type d'actif",
"Assets": "Actifs",
"Assets Discovered During The Last 24 Hours": "Actifs découverts durant les dernières 24 heures",
"Attackers": "Attaquants",
"Authorized Keys (last :count events)": "Authorized Keys (:count derniers évènements)",
"Backups": "Sauvegardes",
Expand Down Expand Up @@ -52,6 +55,8 @@
"Delete": "Supprimer",
"Deploy": "Déployer",
"Desktop": "Bureau",
"Discovered Assets": "Actifs découverts",
"Discovery Date": "Date de découverte",
"DNS Monitored": "DNS surveillés",
"Domain": "Domaine",
"Domains": "Domaines",
Expand Down Expand Up @@ -84,6 +89,8 @@
"If you did not request a password reset, no further action is required.": "Si vous n'avez pas demandé de réinitialisation de mot de passe, vous pouvez ignorer ce message.",
"If you're having trouble clicking the \":actionText\" button, copy and paste the URL below\ninto your web browser:": "Si vous avez des difficultés à cliquer sur le bouton \":actionText\", copiez et collez l'URL ci-dessous\ndans votre navigateur Web :",
"Import your documents !": "Importez vos documents !",
"Important Metrics": "Métriques importantes",
"Important Metrics From The Last 24 Hours": "Métriques importantes des dernières 24h",
"Imported At": "Importé le",
"Imported By": "Importé par",
"Integration Status": "Statut de l'intégration",
Expand Down Expand Up @@ -151,11 +158,13 @@
"Reset Password Notification": "Notification de réinitialisation du mot de passe",
"Resources Usage": "Utilisation des ressources",
"results": "résultats",
"Scan Status": "Statut du scan",
"Security": "Sécurité",
"Security Rules": "Règles de sécurité",
"Select or create collection...": "Sélectionnez ou créez une collection...",
"Send Password Reset Link": "Envoyer le lien de réinitialisation du mot de passe",
"Sentinel protects your internal perimeter": "Sentinel protège votre périmètre interne",
"Server": "Serveur",
"Server Error": "Erreur serveur",
"Server Settings": "Paramètres serveurs",
"Servers": "Serveurs",
Expand All @@ -176,6 +185,8 @@
"Subscriptions": "Souscriptions",
"SUID Binaries (last :count events)": "Binaires SUID (:count derniers évènements)",
"Summary": "Récapitulatif",
"Suspicious Activity From The Last 24 Hours": "Activité suspect des dernières 24h",
"Suspicious Events": "Évènements suspects",
"System logins and logouts.": "Connexions et déconnexions système.",
"Tax no.": "Numéro de TVA",
"Terms": "Mentions Légales",
Expand Down
33 changes: 19 additions & 14 deletions resources/views/components/overview.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,15 @@
<div class="col-6">
<div class="row">
<div class="col col-6 pr-0">
<?php $ip_monitored = $overview['ip_monitored'] ? $overview['ip_monitored'] : 0 ?>
<?php $ip_monitored = $overview['ip_monitored'] ?: 0 ?>
<x-big-number
:number="$ip_monitored"
:title="__('IP Monitored')"
icon="ip"
color="var(--ds-background-brand-bold)"/>
</div>
<div class="col pr-0 pl-2">
<?php $dns_monitored = $overview['dns_monitored'] ? $overview['dns_monitored'] : 0 ?>
<?php $dns_monitored = $overview['dns_monitored'] ?: 0 ?>
<x-big-number
:number="$dns_monitored"
:title="__('DNS Monitored')"
Expand All @@ -43,7 +43,7 @@
</div>
</div>
<div class="col pl-2">
<?php $servers_monitored = $overview['servers_monitored'] ? $overview['servers_monitored'] : 0 ?>
<?php $servers_monitored = $overview['servers_monitored'] ?: 0 ?>
<x-big-number
:number="$servers_monitored"
:title="__('Agents Deployed')"
Expand All @@ -55,23 +55,23 @@
<div class="col-6 pr-0">
<div class="row">
<div class="col col-4 pr-0">
<?php $vulns_high = $overview['vulns_high'] ? $overview['vulns_high'] : 0 ?>
<?php $vulns_high = $overview['vulns_high'] ?: 0 ?>
<x-big-number
:number="$vulns_high"
:title="__('High')"
icon="vulnerability"
color="#dc3545"/>
</div>
<div class="col col-4 pl-2 pr-0">
<?php $vulns_medium = $overview['vulns_medium'] ? $overview['vulns_medium'] : 0 ?>
<?php $vulns_medium = $overview['vulns_medium'] ?: 0 ?>
<x-big-number
:number="$vulns_medium"
:title="__('Medium')"
icon="vulnerability"
color="#fd7e14"/>
</div>
<div class="col pl-2">
<?php $vulns_low = $overview['vulns_low'] ? $overview['vulns_low'] : 0 ?>
<?php $vulns_low = $overview['vulns_low'] ?: 0 ?>
<x-big-number
:number="$vulns_low"
:title="__('Low')"
Expand All @@ -83,24 +83,29 @@
<div class="col pl-2">
<div class="row">
<div class="col col-6 pr-0">
<?php $metrics_collected = $overview['metrics_collected'] ? $overview['metrics_collected'] : 0 ?>
<?php $events_collected = $overview['events_collected'] ?: 0 ?>
<x-big-number
:number="$metrics_collected"
:title="__('Metrics Collected')"
icon="metric"
:number="$events_collected"
:title="__('Events Collected')"
icon="event"
color="var(--ds-background-brand-bold)"/>
</div>
<div class="col pl-2">
<?php $events_collected = $overview['events_collected'] ? $overview['events_collected'] : 0 ?>
<?php $metrics_collected = $overview['metrics_collected'] ?: 0 ?>
<x-big-number
:number="$events_collected"
:title="__('Events Collected')"
icon="event"
:number="$metrics_collected"
:title="__('Metrics Collected')"
icon="metric"
color="var(--ds-background-brand-bold)"/>
</div>
</div>
</div>
</div>
@if(App\Modules\AdversaryMeter\Models\Asset::exists() > 0 || App\Models\YnhServer::exists() > 0)
<div class="row mt-2">
<x-suspicious-activity/>
</div>
@endif
<div class="row mt-2">
@if(Auth::user()->canUseAdversaryMeter())
<div class="col col-6 pr-0">
Expand Down
154 changes: 154 additions & 0 deletions resources/views/components/suspicious-activity.blade.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,154 @@
<div class="container">
<div class="row">
<div class="col-4 pr-0">
<x-big-number
:number="$assetsDiscovered->count()"
:title="__('Discovered Assets') . ' / 24h'"
icon="world"
color="var(--ds-background-brand-bold)"/>
</div>
<div class="col-4 pl-2 pr-0">
<x-big-number
:number="$events->count()"
:title="__('Suspicious Events') . ' / 24h'"
icon="event"
color="var(--ds-background-brand-bold)"/>
</div>
<div class="col-4 pl-2">
<x-big-number
:number="$metrics->count()"
:title="__('Important Metrics') . ' / 24h'"
icon="metric"
color="var(--ds-background-brand-bold)"/>
</div>
</div>
<div class="card mt-2">
<div class="card-body">
<h6 class="card-title">{{ __('Assets Discovered During The Last 24 Hours') }}</h6>
@if($assetsDiscovered->isEmpty())
<div class="row">
<div class="col">
{{ __('None.') }}
</div>
</div>
@else
<table class="table table-hover no-bottom-margin">
<thead>
<tr>
<th style="width:165px">{{ __('Discovery Date') }}</th>
<th style="width:100px">{{ __('Asset Type') }}</th>
<th>{{ __('Asset') }}</th>
<th class="text-end">{{ __('Scan Status') }}</th>
</tr>
</thead>
<tbody>
@foreach($assetsDiscovered as $asset)
<tr>
<td>
{{ $asset->created_at->format('Y-m-d H:i') }}
</td>
<td>
<span class="lozenge new">
{{ $asset->type }}
</span>
</td>
<td>
{{ $asset->asset }}
</td>
<td class="text-end">
@if($asset->scanInProgress()->isEmpty())
<span class="lozenge success">
scan terminé
</span>
@else
<span class="lozenge error">
scan en cours
</span>
@endif
</td>
</tr>
@endforeach
</tbody>
</table>
@endif
</div>
</div>
<div class="card mt-2">
<div class="card-body">
<h6 class="card-title">{{ __('Suspicious Activity From The Last 24 Hours') }}</h6>
@if($events->isEmpty())
<div class="row">
<div class="col">
{{ __('None.') }}
</div>
</div>
@else
<table class="table table-hover no-bottom-margin">
<thead>
<tr>
<th style="width:165px">{{ __('Date') }}</th>
<th>{{ __('Server') }}</th>
<th style="width:75px">{{ __('IP') }}</th>
<th>{{ __('Message') }}</th>
<th class="text-end" style="width:100px">{{ __('Event Id') }}</th>
</tr>
</thead>
<tbody>
@foreach($events as $event)
<tr>
<td>{{ $event['timestamp'] }}</td>
<td>{{ $event['server'] }}</td>
<td>{{ $event['ip'] }}</td>
<td class="text-muted">{{ $event['message'] }}</td>
<td class="text-end">
<span class="lozenge new">
{{ Illuminate\Support\Number::format($event['id'], locale:'sv') }}
</span>
</td>
</tr>
@endforeach
</tbody>
</table>
@endif
</div>
</div>
<div class="card mt-2">
<div class="card-body">
<h6 class="card-title">{{ __('Important Metrics From The Last 24 Hours') }}</h6>
@if($metrics->isEmpty())
<div class="row">
<div class="col">
{{ __('None.') }}
</div>
</div>
@else
<table class="table table-hover no-bottom-margin">
<thead>
<tr>
<th style="width:165px">{{ __('Date') }}</th>
<th>{{ __('Server') }}</th>
<th style="width:75px">{{ __('IP') }}</th>
<th>{{ __('Message') }}</th>
<th class="text-end" style="width:100px">{{ __('Metric Id') }}</th>
</tr>
</thead>
<tbody>
@foreach($metrics as $metric)
<tr>
<td>{{ $metric['timestamp'] }}</td>
<td>{{ $metric['server'] }}</td>
<td>{{ $metric['ip'] }}</td>
<td class="text-muted">{{ $metric['message'] }}</td>
<td class="text-end">
<span class="lozenge new">
{{ Illuminate\Support\Number::format($metric['id'], locale:'sv') }}
</span>
</td>
</tr>
@endforeach
</tbody>
</table>
@endif
</div>
</div>
</div>

0 comments on commit a6f661b

Please sign in to comment.