Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upload Multiple Test Case files - Import Multiple Logs #235

Open
paraknell opened this issue May 16, 2023 · 6 comments
Open

Upload Multiple Test Case files - Import Multiple Logs #235

paraknell opened this issue May 16, 2023 · 6 comments

Comments

@paraknell
Copy link

Describe the Feature Request
I am attempting to run RedCanary's Atomic RedTeam Tests (ART) and output them to ATTiRE format and import them into Vectr for further analysis and collaboration. The upload option requires that each file be uploaded individually, if you run the suggested method in a foreach loop this can output quite a lot of files.

To Reproduce
Based on the instructions in this Repository:
https://github.com/redcanaryco/invoke-atomicredteam/wiki/Execute-Atomic-Tests-(Local)

I run the suggested foreach loop:

$techniques = gci C:\AtomicRedTeam\atomics\* -Recurse -Include T*.yaml | Get-AtomicTechnique

foreach ($technique in $techniques) {
    foreach ($atomic in $technique.atomic_tests) {
        if ($atomic.supported_platforms.contains("windows") -and ($atomic.executor -ne "manual")) {
            # Get Prereqs for test
            Invoke-AtomicTest $technique.attack_technique -TestGuids $atomic.auto_generated_guid -GetPrereqs
            # Invoke
            Invoke-AtomicTest $technique.attack_technique -TestGuids $atomic.auto_generated_guid
            # Sleep then cleanup
            Start-Sleep 3
            Invoke-AtomicTest  $technique.attack_technique -TestGuids $atomic.auto_generated_guid -Cleanup
        }
    }
}

Based on the GUI interface:
It looks like multiple file uploads are possible, but when you click/drag files it only allows one at a time.
attire1a.png

Steps to reproduce the behavior:

  1. Go to 'Campaign Dashboard'
  2. Click on 'Assessment Actions'
  3. Scroll down to 'Import Log'
  4. Click on 'Drag & Drop your files or browse'
  5. Attempt to upload more than one file.

Expected behavior
I expect to be able to import multiple files directly into the assessment based on the text inside the upload function.

Desktop (please complete the following information):

  • OS: Windows 10 running docker compose up on docker 4.18.0
  • Browser: Firefox 112
  • Vectr Version: 8.8.0-ce (latest release)

Additional context
n/a

@SRAPSpencer
Copy link
Collaborator

This would be a large enhancement given the current functionality. Noted for future consideration.

@Retrospected
Copy link

I have written a quick script to merge multiple logs into 1 file for easier upload. This merges the procedures of all files in a directory and will take a predefined execution-data values for all procedures. For more information see the README.

https://github.com/Retrospected/attire-merger

Importing these logs via an API would be very useful as well for automated test environments.

@thebleucheese
Copy link
Contributor

I have written a quick script to merge multiple logs into 1 file for easier upload. This merges the procedures of all files in a directory and will take a predefined execution-data values for all procedures. For more information see the README.

https://github.com/Retrospected/attire-merger

Importing these logs via an API would be very useful as well for automated test environments.

Awesome, thanks for publishing and sharing this! We do plan on allowing ingestion of these logs via API. There are some technical limitations regarding how this log data was stored that we're reworking as part of major backend changes we're addressing now. We expect to expose this functionality via the API sometime soon after that's completed.

@renzhexigua
Copy link

take a predefined execution-data values for all procedures

It'll be better if we can record/write multiple <execution-data, procedures[]> items in one AttireLog.json file, but it has to change the attire schema to support this need.

Like,

{
    "$schema": "http://json-schema.org/draft-07/schema",
    ...
    "required": [
        "test-cases"
    ],
    "properties": {
        "test-cases": {
            "type": "array",
            "properties": {
                "execution-data": {
                    "$id": "#/properties/execution-data",
                    "type": "object",
                    ...
                },
                "procedures": {
                    "$id": "#/properties/procedures",
                    "type": "array",
                    ...
                },
                ...
            }
            ...
        }
    }
}

@arishwani
Copy link

how do you run the command for the attire-merger.py?
is it run like below?
python attire-merger.py -json /input/*json

@SRAPSpencer
Copy link
Collaborator

SRAPSpencer commented Aug 23, 2023

how do you run the command for the attire-merger.py? is it run like below? python attire-merger.py -json /input/*json

If you want to ask questions about the python project you should open an issue there.

https://github.com/Retrospected/attire-merger

This issue is for the feature request at hand.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants