Commit 2c0cb2f0 authored by Radek Ošlejšek's avatar Radek Ošlejšek
Browse files

Remove Lopatka from correct data

parent 30318804

2022-11-00 Insider-attack/README.md

+6 −2
Original line number Diff line number Diff line
@@ -9,5 +9,9 @@ Sandbox definition: 


Results:

* results-all: all measeured training runs

* lopatka-first-run: His game frozen for the first time. Therefore, he started again in an new sandbox (and skipped already played parts). This is his first run, the second is included in the results directory.

* TRAINEES-MAPPING.csv: The mapping of users to sandboxes. 8 users did not finish (see note in the CSV file).
 
* lopatka-first-run: 

   - His game frozen for the first time. Therefore, he started again in an new sandbox (and skipped already played parts). 

   - This is his first run, the second is included in the results directory.

   - First run: user ID: 83, sandbox ID: 143

   - Second run: user ID: 86, sandbox ID: 145

* TRAINEES-MAPPING.csv: The mapping of users to sandboxes. Users who did not finish are marked in the CSV file.

2022-11-00 Insider-attack/TRAINEES-MAPPING.csv

+1 −1
Original line number Diff line number Diff line
@@ -33,7 +33,7 @@ Radek Václavek;13 Nov 2022 23:33;-;running;-;157; 
Jakub Hidvégi;09 Nov 2022 20:09;-;running;-;141;

Ondřej Pavlica;11 Nov 2022 14:28;11 Nov 2022 14:43;finished;15 minutes;148;

Michal Nosáľ;13 Nov 2022 09:59;13 Nov 2022 20:21;finished;10 hours;155;

Adam Lopatka;10 Nov 2022 16:23;10 Nov 2022 21:33;finished;5 hours;145;

Adam Lopatka;10 Nov 2022 16:23;10 Nov 2022 21:33;finished;5 hours;145;SECOND RUN - see README

Dominik Lašo;13 Nov 2022 22:43;-;running;-;156;DID NOT FINISH

Zdeněk Ondra;19 Nov 2022 20:54;19 Nov 2022 22:08;finished;1 hour;203;

Petr Babič;17 Nov 2022 15:45;17 Nov 2022 20:33;finished;4 hours;166;

2022-11-00 Insider-attack/results-ok/logs/sandbox-145-useractions.json

deleted100644 → 0
+0 −180

File deleted.

Preview size limit exceeded, changes collapsed.

2022-11-00 Insider-attack/results-ok/training_events/training_run-id86-events.json

deleted100644 → 0
+0 −23
Original line number Diff line number Diff line 
{"total_assessment_level_score":0,"level":62,"training_run_id":86,"actual_score_in_level":0,"syslog":{"severity":"info","timegenerated":"2022-11-10T15:23:35+00:00","@timestamp":"2022-11-10T15:23:35.130816Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"pool_id":26,"type":"cz.muni.csirt.kypo.events.trainings.TrainingRunStarted","training_time":0,"level_order":0,"sandbox_id":145,"total_training_level_score":0,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668093815128}

{"total_assessment_level_score":0,"level":62,"training_run_id":86,"actual_score_in_level":0,"syslog":{"severity":"info","timegenerated":"2022-11-10T15:23:35+00:00","@timestamp":"2022-11-10T15:23:35.130866Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.LevelStarted","pool_id":26,"level_type":"INFO","training_time":332,"level_title":"Questionnaire","level_order":0,"max_score":0,"sandbox_id":145,"total_training_level_score":0,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668093815139}

{"total_assessment_level_score":0,"level":62,"training_run_id":86,"actual_score_in_level":0,"syslog":{"severity":"info","timegenerated":"2022-11-10T15:23:37+00:00","@timestamp":"2022-11-10T15:23:37.569988Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.LevelCompleted","pool_id":26,"level_type":"INFO","training_time":2770,"level_order":0,"sandbox_id":145,"total_training_level_score":0,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668093817573}

{"total_assessment_level_score":0,"level":42,"training_run_id":86,"actual_score_in_level":0,"syslog":{"severity":"info","timegenerated":"2022-11-10T15:23:37+00:00","@timestamp":"2022-11-10T15:23:37.570131Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.LevelStarted","pool_id":26,"level_type":"INFO","training_time":2772,"level_title":"Introduction","level_order":1,"max_score":0,"sandbox_id":145,"total_training_level_score":0,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668093817579}

{"total_assessment_level_score":0,"level":42,"training_run_id":86,"actual_score_in_level":0,"syslog":{"severity":"info","timegenerated":"2022-11-10T15:23:38+00:00","@timestamp":"2022-11-10T15:23:38.128238Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.LevelCompleted","pool_id":26,"level_type":"INFO","training_time":3328,"level_order":1,"sandbox_id":145,"total_training_level_score":0,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668093818131}

{"total_assessment_level_score":0,"level":43,"training_run_id":86,"actual_score_in_level":10,"syslog":{"severity":"info","timegenerated":"2022-11-10T15:23:38+00:00","@timestamp":"2022-11-10T15:23:38.128360Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.LevelStarted","pool_id":26,"level_type":"TRAINING","training_time":3329,"level_title":"Check remote services of the server","level_order":2,"max_score":10,"sandbox_id":145,"total_training_level_score":0,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668093818136}

{"total_assessment_level_score":0,"level":43,"training_run_id":86,"actual_score_in_level":10,"syslog":{"severity":"info","timegenerated":"2022-11-10T15:24:23+00:00","@timestamp":"2022-11-10T15:24:23.694870Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.CorrectAnswerSubmitted","pool_id":26,"answer_content":"Webmin","training_time":48895,"level_order":2,"sandbox_id":145,"total_training_level_score":10,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668093863693}

{"total_assessment_level_score":0,"level":43,"training_run_id":86,"actual_score_in_level":10,"syslog":{"severity":"info","timegenerated":"2022-11-10T15:24:23+00:00","@timestamp":"2022-11-10T15:24:23.694876Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.LevelCompleted","pool_id":26,"level_type":"TRAINING","training_time":48896,"level_order":2,"sandbox_id":145,"total_training_level_score":10,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668093863698}

{"total_assessment_level_score":0,"level":44,"training_run_id":86,"actual_score_in_level":15,"syslog":{"severity":"info","timegenerated":"2022-11-10T15:24:23+00:00","@timestamp":"2022-11-10T15:24:23.772040Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.LevelStarted","pool_id":26,"level_type":"TRAINING","training_time":48973,"level_title":" Identify a vulnerability to get remote access","level_order":3,"max_score":15,"sandbox_id":145,"total_training_level_score":10,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668093863780}

{"total_assessment_level_score":0,"level":44,"training_run_id":86,"actual_score_in_level":15,"syslog":{"severity":"info","timegenerated":"2022-11-10T15:24:30+00:00","@timestamp":"2022-11-10T15:24:30.110978Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.CorrectAnswerSubmitted","pool_id":26,"answer_content":"CVE-2019-15107","training_time":55311,"level_order":3,"sandbox_id":145,"total_training_level_score":25,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668093870109}

{"total_assessment_level_score":0,"level":44,"training_run_id":86,"actual_score_in_level":15,"syslog":{"severity":"info","timegenerated":"2022-11-10T15:24:30+00:00","@timestamp":"2022-11-10T15:24:30.111131Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.LevelCompleted","pool_id":26,"level_type":"TRAINING","training_time":55312,"level_order":3,"sandbox_id":145,"total_training_level_score":25,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668093870114}

{"total_assessment_level_score":0,"level":45,"training_run_id":86,"actual_score_in_level":20,"syslog":{"severity":"info","timegenerated":"2022-11-10T15:24:30+00:00","@timestamp":"2022-11-10T15:24:30.185960Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.LevelStarted","pool_id":26,"level_type":"TRAINING","training_time":55387,"level_title":"Exploit the vulnerability and then get into the server","level_order":4,"max_score":20,"sandbox_id":145,"total_training_level_score":25,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668093870194}

{"total_assessment_level_score":0,"level":45,"training_run_id":86,"actual_score_in_level":20,"syslog":{"severity":"info","timegenerated":"2022-11-10T19:46:08+00:00","@timestamp":"2022-11-10T19:46:08.340399Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.CorrectAnswerSubmitted","pool_id":26,"answer_content":"25790","training_time":15753540,"level_order":4,"sandbox_id":145,"total_training_level_score":45,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668109568338}

{"total_assessment_level_score":0,"level":45,"training_run_id":86,"actual_score_in_level":20,"syslog":{"severity":"info","timegenerated":"2022-11-10T19:46:08+00:00","@timestamp":"2022-11-10T19:46:08.340407Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.LevelCompleted","pool_id":26,"level_type":"TRAINING","training_time":15753541,"level_order":4,"sandbox_id":145,"total_training_level_score":45,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668109568343}

{"total_assessment_level_score":0,"level":46,"training_run_id":86,"actual_score_in_level":20,"syslog":{"severity":"info","timegenerated":"2022-11-10T19:46:08+00:00","@timestamp":"2022-11-10T19:46:08.556821Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.LevelStarted","pool_id":26,"level_type":"TRAINING","training_time":15753757,"level_title":"Find a computer possibly storing a copy of the company data","level_order":5,"max_score":20,"sandbox_id":145,"total_training_level_score":45,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668109568565}

{"total_assessment_level_score":0,"level":46,"training_run_id":86,"actual_score_in_level":20,"count":1,"syslog":{"severity":"info","timegenerated":"2022-11-10T19:53:10+00:00","@timestamp":"2022-11-10T19:53:10.116389Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.WrongAnswerSubmitted","pool_id":26,"answer_content":"192.168.128.136","training_time":16175316,"level_order":5,"sandbox_id":145,"total_training_level_score":45,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668109990114}

{"total_assessment_level_score":0,"level":46,"training_run_id":86,"actual_score_in_level":20,"count":2,"syslog":{"severity":"info","timegenerated":"2022-11-10T20:28:47+00:00","@timestamp":"2022-11-10T20:28:47.314181Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.WrongAnswerSubmitted","pool_id":26,"answer_content":"81.2.195.254","training_time":18312513,"level_order":5,"sandbox_id":145,"total_training_level_score":45,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668112127311}

{"total_assessment_level_score":0,"level":46,"training_run_id":86,"actual_score_in_level":20,"syslog":{"severity":"info","timegenerated":"2022-11-10T20:31:12+00:00","@timestamp":"2022-11-10T20:31:12.595478Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.CorrectAnswerSubmitted","pool_id":26,"answer_content":"10.1.17.4","training_time":18457795,"level_order":5,"sandbox_id":145,"total_training_level_score":65,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668112272593}

{"total_assessment_level_score":0,"level":46,"training_run_id":86,"actual_score_in_level":20,"syslog":{"severity":"info","timegenerated":"2022-11-10T20:31:12+00:00","@timestamp":"2022-11-10T20:31:12.595485Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.LevelCompleted","pool_id":26,"level_type":"TRAINING","training_time":18457796,"level_order":5,"sandbox_id":145,"total_training_level_score":65,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668112272598}

{"total_assessment_level_score":0,"level":49,"training_run_id":86,"actual_score_in_level":0,"syslog":{"severity":"info","timegenerated":"2022-11-10T20:31:12+00:00","@timestamp":"2022-11-10T20:31:12.743825Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.LevelStarted","pool_id":26,"level_type":"INFO","training_time":18457944,"level_title":"Congratulations","level_order":6,"max_score":0,"sandbox_id":145,"total_training_level_score":65,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668112272752}

{"total_assessment_level_score":0,"level":49,"training_run_id":86,"actual_score_in_level":0,"syslog":{"severity":"info","timegenerated":"2022-11-10T20:33:19+00:00","@timestamp":"2022-11-10T20:33:19.047090Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"pool_id":26,"type":"cz.muni.csirt.kypo.events.trainings.TrainingRunResumed","training_time":18584247,"level_order":6,"sandbox_id":145,"total_training_level_score":65,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668112399045}

{"total_assessment_level_score":0,"level":49,"training_run_id":86,"actual_score_in_level":0,"syslog":{"severity":"info","timegenerated":"2022-11-10T20:33:21+00:00","@timestamp":"2022-11-10T20:33:21.598502Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.LevelCompleted","pool_id":26,"level_type":"INFO","training_time":18586799,"level_order":6,"sandbox_id":145,"total_training_level_score":65,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668112401601}

{"total_assessment_level_score":0,"level":49,"training_run_id":86,"actual_score_in_level":0,"end_time":1668112401597,"syslog":{"severity":"info","timegenerated":"2022-11-10T20:33:21+00:00","@timestamp":"2022-11-10T20:33:21.598569Z","programname":"kypo-training","procid":"","@version":"1","host":"{\"ip\":\"10.42.0.221\"}","fromhost-ip":"10-42-0-118","type":"syslog","facility":"security"},"type":"cz.muni.csirt.kypo.events.trainings.TrainingRunEnded","pool_id":26,"start_time":1668093814797,"training_time":18586800,"level_order":6,"sandbox_id":145,"total_training_level_score":65,"training_instance_id":21,"user_ref_id":311,"training_definition_id":7,"timestamp":1668112401607}

2022-11-00 Insider-attack/results-ok/training_runs/training_run-id86.json

deleted100644 → 0
+0 −9
Original line number Diff line number Diff line 
{

  "id" : 86,

  "instance_id" : 21,

  "start_time" : "2022-11-10T15:23:34.797058Z",

  "end_time" : "2022-11-10T20:33:21.594298Z",

  "event_log_reference" : null,

  "state" : "FINISHED",

  "participant_ref_id" : 311

}
 
 No newline at end of file