Refactored operation polling to only request active operation

mitre / magma

MITRE Caldera's user interface plugin powered by VueJS

Apache License 2.0

2 stars 6 forks source link

Refactored operation polling to only request active operation #53

Closed elegantmoose closed 1 month ago

elegantmoose commented 1 month ago

Potentially:

addresses https://github.com/mitre/magma/pull/52
fixes https://github.com/mitre/magma/issues/51

elegantmoose commented 1 month ago

@timbrigham-oc - Can you try this branch for me and see if it solves your problem?

i.e.

cd caldera/plugins/magma
git fetch --all
git checkout fix/operation_data_network_usage
cd caldera
python server.py --build

and let me know how it goes

timbrigham-oc commented 1 month ago

@elegantmoose, I just looked at this. I do definitely see a change in behavior, it looks like it's now only pulling the specs from the currently executing operation. Very good change IMO, something I was looking at how to do myself. :)

If I pick one of my larger lateral movement tests it's around 1.5 megabytes each pull, still much better then it has been. I am still seeing refreshes occurring on finished operations. Know that wasn't the intent of that branch, just noting its happening.

This has dropped my network usage by an order of magnitude.

elegantmoose commented 1 month ago

Awesome. Ill look at the finished operations polling and see if also quick fix. Either way Ill merge this partial fix today.

elegantmoose commented 1 month ago

@timbrigham-oc Pull branch again and see if network traffic gets more reduced. (added check for finished operations)

timbrigham-oc commented 1 month ago

@elegantmoose , I'm in the middle of a test sequence now, I'll check back on this in the morning.

elegantmoose commented 1 month ago

@timbrigham-oc no rush 👍

timbrigham-oc commented 1 month ago

Ok, following up. :)

On a preliminary look I'm still seeing operations updating on running tasks where the data refreshing only for the active operation, so that behavior still looks good. The refreshes on finished operations are also not firing, so that should be good as well.

timbrigham-oc commented 1 month ago

@elegantmoose, I'm seeing an issue that might (I haven't made any other code changes, and just noticed this now) be caused by this update. The 'Filters' view is not being restricted to only only host / agent IDs and abilities that are relevant to a given operation.

You can see that this operation ran against one agent and only used three abilities (nma, reverse lookup ip, dns match)

The abilities, in the filter view are showing every possible ability from the adversary definition, and every agent ID.

timbrigham-oc commented 1 month ago

It's strange.. the same exact contents on that dialog will also show, regardless of which operation I have selected. If I force reload the page it clears up temporarily.

I'm guessing it might be something along the line of whichever operation I select first - if I then select another operation - isn't getting updated.

elegantmoose commented 1 month ago

Yea, that was probably me that introduced those. Ill take a look at ASAP. Opened new issue - https://github.com/mitre/caldera/issues/3004