Shared Directory Audit Events (gravitational#1290)

hatched · Nov 10, 2022 · fc5af43 · fc5af43
1 parent 607889d
commit fc5af43
Show file tree

Hide file tree

Showing 5 changed files with 436 additions and 2 deletions.
diff --git a/web/packages/teleport/src/Audit/EventList/EventTypeCell.tsx b/web/packages/teleport/src/Audit/EventList/EventTypeCell.tsx
@@ -156,6 +156,12 @@ const EventIconMap: Record<EventCode, React.FC> = {
   [eventCodes.DESKTOP_SESSION_ENDED]: Icons.Desktop,
   [eventCodes.DESKTOP_CLIPBOARD_SEND]: Icons.Clipboard,
   [eventCodes.DESKTOP_CLIPBOARD_RECEIVE]: Icons.Clipboard,
+  [eventCodes.DESKTOP_SHARED_DIRECTORY_START]: Icons.FolderShared,
+  [eventCodes.DESKTOP_SHARED_DIRECTORY_START_FAILURE]: Icons.FolderShared,
+  [eventCodes.DESKTOP_SHARED_DIRECTORY_READ]: Icons.FolderShared,
+  [eventCodes.DESKTOP_SHARED_DIRECTORY_READ_FAILURE]: Icons.FolderShared,
+  [eventCodes.DESKTOP_SHARED_DIRECTORY_WRITE]: Icons.FolderShared,
+  [eventCodes.DESKTOP_SHARED_DIRECTORY_WRITE_FAILURE]: Icons.FolderShared,
   [eventCodes.MFA_DEVICE_ADD]: Icons.Info,
   [eventCodes.MFA_DEVICE_DELETE]: Icons.Info,
   [eventCodes.BILLING_CARD_CREATE]: Icons.CreditCardAlt2,

diff --git a/web/packages/teleport/src/Audit/__snapshots__/Audit.story.test.tsx.snap b/web/packages/teleport/src/Audit/__snapshots__/Audit.story.test.tsx.snap
@@ -358,12 +358,12 @@ exports[`list of all events 1`] = `
           </strong>
            - 
           <strong>
-            141
+            147
           </strong>
            of
            
           <strong>
-            141
+            147
           </strong>
         </div>
         <button
@@ -436,6 +436,228 @@ exports[`list of all events 1`] = `
       </tr>
     </thead>
     <tbody>
+      <tr>
+        <td
+          style="vertical-align: inherit;"
+        >
+          <div
+            class="c14"
+          >
+            <span
+              class="c10 c15 icon icon-folder-shared c10 c15"
+              color="light"
+              font-size="3"
+            />
+            Directory Sharing Write Failed
+          </div>
+        </td>
+        <td
+          style="word-break: break-word;"
+        >
+          User [joe] failed to write [734] bytes to file [powershell-scripts/domain-controller.ps1] in shared directory [windows-server-2012-shared] on desktop [ec2-54-162-177-255.compute-1.amazonaws.com:3389]
+        </td>
+        <td
+          style="min-width: 120px;"
+        >
+          2022-10-21T23:19:34.519058Z
+        </td>
+        <td
+          align="right"
+        >
+          <button
+            class="c16"
+            kind="border"
+            width="87px"
+          >
+            Details
+          </button>
+        </td>
+      </tr>
+      <tr>
+        <td
+          style="vertical-align: inherit;"
+        >
+          <div
+            class="c14"
+          >
+            <span
+              class="c10 c15 icon icon-folder-shared c10 c15"
+              color="light"
+              font-size="3"
+            />
+            Directory Sharing Write
+          </div>
+        </td>
+        <td
+          style="word-break: break-word;"
+        >
+          User [joe] wrote [734] bytes to file [powershell-scripts/domain-controller.ps1] in shared directory [windows-server-2012-shared] on desktop [ec2-54-162-177-255.compute-1.amazonaws.com:3389]
+        </td>
+        <td
+          style="min-width: 120px;"
+        >
+          2022-10-21T23:19:34.519058Z
+        </td>
+        <td
+          align="right"
+        >
+          <button
+            class="c16"
+            kind="border"
+            width="87px"
+          >
+            Details
+          </button>
+        </td>
+      </tr>
+      <tr>
+        <td
+          style="vertical-align: inherit;"
+        >
+          <div
+            class="c14"
+          >
+            <span
+              class="c10 c15 icon icon-folder-shared c10 c15"
+              color="light"
+              font-size="3"
+            />
+            Directory Sharing Read Failed
+          </div>
+        </td>
+        <td
+          style="word-break: break-word;"
+        >
+          User [joe] failed to read [734] bytes from file [powershell-scripts/domain-controller.ps1] in shared directory [windows-server-2012-shared] on desktop [ec2-54-162-177-255.compute-1.amazonaws.com:3389]
+        </td>
+        <td
+          style="min-width: 120px;"
+        >
+          2022-10-21T23:07:36.496189Z
+        </td>
+        <td
+          align="right"
+        >
+          <button
+            class="c16"
+            kind="border"
+            width="87px"
+          >
+            Details
+          </button>
+        </td>
+      </tr>
+      <tr>
+        <td
+          style="vertical-align: inherit;"
+        >
+          <div
+            class="c14"
+          >
+            <span
+              class="c10 c15 icon icon-folder-shared c10 c15"
+              color="light"
+              font-size="3"
+            />
+            Directory Sharing Read
+          </div>
+        </td>
+        <td
+          style="word-break: break-word;"
+        >
+          User [joe] read [734] bytes from file [powershell-scripts/domain-controller.ps1] in shared directory [windows-server-2012-shared] on desktop [ec2-54-162-177-255.compute-1.amazonaws.com:3389]
+        </td>
+        <td
+          style="min-width: 120px;"
+        >
+          2022-10-21T23:07:36.496189Z
+        </td>
+        <td
+          align="right"
+        >
+          <button
+            class="c16"
+            kind="border"
+            width="87px"
+          >
+            Details
+          </button>
+        </td>
+      </tr>
+      <tr>
+        <td
+          style="vertical-align: inherit;"
+        >
+          <div
+            class="c14"
+          >
+            <span
+              class="c10 c15 icon icon-folder-shared c10 c15"
+              color="light"
+              font-size="3"
+            />
+            Directory Sharing Start Failed
+          </div>
+        </td>
+        <td
+          style="word-break: break-word;"
+        >
+          User [joe] failed to start sharing directory [windows-server-2012-shared] to desktop [ec2-54-162-177-255.compute-1.amazonaws.com:3389]
+        </td>
+        <td
+          style="min-width: 120px;"
+        >
+          2022-10-21T22:36:27.314409Z
+        </td>
+        <td
+          align="right"
+        >
+          <button
+            class="c16"
+            kind="border"
+            width="87px"
+          >
+            Details
+          </button>
+        </td>
+      </tr>
+      <tr>
+        <td
+          style="vertical-align: inherit;"
+        >
+          <div
+            class="c14"
+          >
+            <span
+              class="c10 c15 icon icon-folder-shared c10 c15"
+              color="light"
+              font-size="3"
+            />
+            Directory Sharing Started
+          </div>
+        </td>
+        <td
+          style="word-break: break-word;"
+        >
+          User [joe] started sharing directory [windows-server-2012-shared] to desktop [ec2-54-162-177-255.compute-1.amazonaws.com:3389]
+        </td>
+        <td
+          style="min-width: 120px;"
+        >
+          2022-10-21T22:36:27.314409Z
+        </td>
+        <td
+          align="right"
+        >
+          <button
+            class="c16"
+            kind="border"
+            width="87px"
+          >
+            Details
+          </button>
+        </td>
+      </tr>
       <tr>
         <td
           style="vertical-align: inherit;"

diff --git a/web/packages/teleport/src/Audit/fixtures/index.ts b/web/packages/teleport/src/Audit/fixtures/index.ts
@@ -1690,6 +1690,114 @@ export const events = [
     user: 'joe',
     length: 512,
   },
+  {
+    'addr.remote': 'ec2-54-162-177-255.compute-1.amazonaws.com:3389',
+    cluster_name: 'im-a-cluster-name',
+    code: 'TDP04I',
+    desktop_addr: 'ec2-54-162-177-255.compute-1.amazonaws.com:3389',
+    directory_id: 2,
+    directory_name: 'windows-server-2012-shared',
+    ei: 3317,
+    event: 'desktop.directory.share',
+    proto: 'tdp',
+    sid: '6ecf916d-dedf-4769-afc0-d08e55fbebf7',
+    success: true,
+    time: '2022-10-21T22:36:27.314409Z',
+    uid: 'f38b07d4-2f3e-400b-a91a-bad7283db775',
+    user: 'joe',
+  },
+  {
+    'addr.remote': 'ec2-54-162-177-255.compute-1.amazonaws.com:3389',
+    cluster_name: 'im-a-cluster-name',
+    code: 'TDP04W',
+    desktop_addr: 'ec2-54-162-177-255.compute-1.amazonaws.com:3389',
+    directory_id: 2,
+    directory_name: 'windows-server-2012-shared',
+    ei: 3317,
+    event: 'desktop.directory.share',
+    proto: 'tdp',
+    sid: '6ecf916d-dedf-4769-afc0-d08e55fbebf7',
+    success: false,
+    time: '2022-10-21T22:36:27.314409Z',
+    uid: 'f38b07d4-2f3e-400b-a91a-bad7283db775',
+    user: 'joe',
+  },
+  {
+    'addr.remote': 'ec2-54-162-177-255.compute-1.amazonaws.com:3389',
+    cluster_name: 'im-a-cluster-name',
+    code: 'TDP05I',
+    desktop_addr: 'ec2-54-162-177-255.compute-1.amazonaws.com:3389',
+    directory_id: 2,
+    directory_name: 'windows-server-2012-shared',
+    ei: 9766,
+    event: 'desktop.directory.read',
+    file_path: 'powershell-scripts/domain-controller.ps1',
+    length: 734,
+    offset: 0,
+    proto: 'tdp',
+    sid: 'b9329a34-ab0c-4aa0-9fc8-1054d491e818',
+    success: true,
+    time: '2022-10-21T23:07:36.496189Z',
+    uid: 'a6ea5e5b-daac-47c2-9ce5-3f868e51a146',
+    user: 'joe',
+  },
+  {
+    'addr.remote': 'ec2-54-162-177-255.compute-1.amazonaws.com:3389',
+    cluster_name: 'im-a-cluster-name',
+    code: 'TDP05W',
+    desktop_addr: 'ec2-54-162-177-255.compute-1.amazonaws.com:3389',
+    directory_id: 2,
+    directory_name: 'windows-server-2012-shared',
+    ei: 9766,
+    event: 'desktop.directory.read',
+    file_path: 'powershell-scripts/domain-controller.ps1',
+    length: 734,
+    offset: 0,
+    proto: 'tdp',
+    sid: 'b9329a34-ab0c-4aa0-9fc8-1054d491e818',
+    success: false,
+    time: '2022-10-21T23:07:36.496189Z',
+    uid: 'a6ea5e5b-daac-47c2-9ce5-3f868e51a146',
+    user: 'joe',
+  },
+  {
+    'addr.remote': 'ec2-54-162-177-255.compute-1.amazonaws.com:3389',
+    cluster_name: 'im-a-cluster-name',
+    code: 'TDP06I',
+    desktop_addr: 'ec2-54-162-177-255.compute-1.amazonaws.com:3389',
+    directory_id: 2,
+    directory_name: 'windows-server-2012-shared',
+    ei: 7428,
+    event: 'desktop.directory.write',
+    file_path: 'powershell-scripts/domain-controller.ps1',
+    length: 734,
+    offset: 0,
+    proto: 'tdp',
+    sid: 'ea959406-27e4-4b11-85c4-1a485ff48417',
+    success: true,
+    time: '2022-10-21T23:19:34.519058Z',
+    uid: '6bb2ebdf-d7e2-4a03-80ae-514ff9a5c71f',
+    user: 'joe',
+  },
+  {
+    'addr.remote': 'ec2-54-162-177-255.compute-1.amazonaws.com:3389',
+    cluster_name: 'im-a-cluster-name',
+    code: 'TDP06W',
+    desktop_addr: 'ec2-54-162-177-255.compute-1.amazonaws.com:3389',
+    directory_id: 2,
+    directory_name: 'windows-server-2012-shared',
+    ei: 7428,
+    event: 'desktop.directory.write',
+    file_path: 'powershell-scripts/domain-controller.ps1',
+    length: 734,
+    offset: 0,
+    proto: 'tdp',
+    sid: 'ea959406-27e4-4b11-85c4-1a485ff48417',
+    success: false,
+    time: '2022-10-21T23:19:34.519058Z',
+    uid: '6bb2ebdf-d7e2-4a03-80ae-514ff9a5c71f',
+    user: 'joe',
+  },
   {
     'addr.local': '192.000.0.000:3022',
     'addr.remote': '127.0.0.1:50000',