Skip to content

Don't include Stratus Red Team revert logs #2

@christophetd

Description

@christophetd

For attack techniques that have a revert function in Stratus Red Team, this function is called before cleaning up: https://github.com/DataDog/stratus-red-team/blob/main/v2/pkg/stratus/runner/runner.go#L182-L192

This causes these logs to have the same UA as the detonation and be included to the logs that Grimoire pulls.

Potential solutions:

  • Modify Stratus Red Team to not call revert on cleanup (would require making sure this works for every technique)
  • Modify Stratus Red Team to use a slightly different UA when doing revert (e.g. stratus-red-team_revert_UUID

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions