search

ait-testbed / attackmate

AttackMate is an attack orchestration tool that executes full attack-chains based on playbooks.
GNU General Public License v3.0
17 stars 3 forks source link

add support for metadata #101

Closed thorinaboenke closed 1 month ago

thorinaboenke commented 1 month ago

This PR relates to issue #76 - adds support for metadata in logging to attackmate.log

thorinaboenke commented 1 month ago

sry about the reformatting changes; can someone please share their formatter settings with me?

whotwagner commented 1 month ago

I'd prefer the metadata of the schema as an optional list of key-value-pairs. We will also add support for other output-formats like json in future. With key-value-pairs we can then format and handle that part better.

thorinaboenke commented 1 month ago

Could you clarify the requirements how that should look in a playbook and in the logging? (Or is the logging irrelevant for this issue?)

whotwagner commented 1 month ago

The metadata should be defined in a list of key-value pairs like following:

vars: 
  FOO: Bar
commands:
- type: shell
  cmd: nmap localhost
  metadata:
    - command: nmap
    - host: localhost
    - type: scan
    - something: $FOO

We will then include function "log_meta" to the base_command-class that log.info the metadata as a json-string only if the metadata of a command is defined. After that, we have 2 types of output in attackmate.log:

  1. Command Execution performed by log_command()
  2. MetaData performed by log_meta

Since these log-outputs are in different lines, this isn't really machine-readable. For that we will later also include a seperate json-output that can be activated by a commandline-parameter ( Issue #103 )