[Maintenance] Review SWAT Commands `emulate.py`

elastic / SWAT

Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK framework.

Apache License 2.0

161 stars 7 forks source link

Closed terrancedejesus closed 1 year ago

terrancedejesus commented 1 year ago

This issue is used to track adjustments to the emulation command. The suggestions/tasks listed were discussed during a peer code review.

Suggestions:

add argparse namespace emulate.py (similar to coverage.py)
review general approach
cleanup - track cleanup state of each step in emulations and playbooks (docstrings, methods, abstracted cleanup method)
- may involve logging verbosely related to https://github.com/elastic/SWAT/issues/26

brokensound77 commented 1 year ago

I started work on this - just figuring out some things for a small refactor. Will have a draft up as soon as I can for discussion