Conversation
…tegration **Added:** - Introduced `create_redteam.py` as a factory for building red team agents with preset workflows, event hooks, and system instructions for Active Directory penetration testing operations - Added a CLI command (`red-team`) to `main.py` to launch autonomous red team operations against a target, including report generation and result logging - Implemented `redteam_agent.py` orchestrator class to manage agent execution, state, and automated reporting for red team engagements - Developed `redteam_report.py` to generate detailed markdown reports of red team findings, attack paths, and MITRE ATT&CK mappings - Created `tools/redteam.py` with comprehensive toolsets for network enumeration, credential harvesting, cracking, share pilfering, golden ticket attacks, BloodHound/Certipy/Delegation workflows, and reporting integration - Added new agent and task instruction templates under `templates/redteam/agents` covering system operation, password cracking, golden ticket, and share pilfering - Added new report summary template under `templates/redteam/reports` for structured operation results **Changed:** - Extended `models.py` with new dataclasses for red team operations, including `Target`, `Host`, `User`, `Credential`, `Hash`, `Share`, and `RedTeamState` to track discoveries, credentials, progress, and success metrics **Why:** - Enables fully automated, reproducible, and observable red team engagements with systematic enumeration, privilege escalation, credential harvesting, and executive reporting suitable for penetration testing and security validation
**Added:** - Introduced red team agent tasks: `ares:red`, `ares:red:local`, and `ares:red:orchestrate` for offensive operations, supporting remote orchestration via S3/SSM and local/1Password credential loading **Changed:** - Renamed SOC agent tasks to "blue team agent" for clarity and consistency - Updated environment variable usage to standardize on `GRAFANA_API_KEY` instead of `GRAFANA_SERVICE_ACCOUNT_TOKEN` - Changed python module invocation from `src` to `ares` throughout agent commands - Improved .env file validation and error messaging for blue team agent tasks - Refined log and echo output to reduce noise and improve clarity in blue team agent tasks - Updated `ares:version` task to directly print version using Python import - Updated MITRE ATT&CK test task to reference new import path - Clarified terminology in API key checks and user messages for consistency **Removed:** - Removed redundant and verbose comments and echo statements in blue team agent tasks to streamline execution and output
…ecipe engines **Added:** - Introduced `src/ares` package structure, modularizing agents, core, integrations, reports, and tools for blue and red teams - Implemented attack chain and detection recipe engines in `ares.core.engines`, loading from new YAML configs for precursor/follow-on mapping and Windows event detection - Added extensive precursor investigation logic and detection recipe logic to MITRENavigator, enhancing investigative question generation - Created YAML files: `templates/engines/attack_chains.yaml` and `templates/engines/detection_recipes.yaml` defining attack chains, detection recipes, log patterns, and Windows event mappings for common techniques - Added new tools for blue and red teams under `ares.tools.blue` and `ares.tools.red`, including advanced investigation, observability, and completion/escalation actions - Provided shared MITRE lookup tools and core agent factories for blue/red - Added enhanced Jinja templates for initial alert prompts and precursor questions, enforcing investigation workflow and time handling **Changed:** - Refactored main agent entry points, reports, and models to reference new modular locations under `ares/` - Enhanced initial alert prompt to stress precursor investigation, correct time range usage, and stepwise evidence recording - Updated investigation workflow to enforce mandatory evidence recording after every query and prevent query loops - Improved LogQL guidance and error handling in blue team tools - Main orchestration scripts now always use absolute report directory paths and improved shutdown handling - MITRENavigator now generates precursor/detection recipe questions before follow-on and gap analysis - All file and template references adjusted to new package structure and directory layout - Updated pyproject.toml, test imports, and build config to reference new module/package names (`ares` instead of `src`) - Improved investigation completion tool to enforce stricter validation on evidence, stage, host/user findings, and timeline **Removed:** - Removed old monolithic src/agent.py, src/redteam_agent.py, and tools/__init__.py, actions.py, core/__init__.py, and other legacy glue in favor of modular ares/ package structure - Deleted src/__init__.py and obsolete src/core/create.py in favor of new factory modules - Eliminated duplicate or redundant imports and logic now covered by new engines, reports, and toolsets
… clarity **Added:** - Expanded mypy error code disables: misc, valid-type, untyped-decorator in `pyproject.toml` for broader static analysis coverage - Added detailed comments to Bandit skips and expanded the skip list to handle pentesting tool usage and code style exceptions in `pyproject.toml` - Added multiple additional ignore rules to Ruff config to account for project-specific code patterns and stylistic choices in `pyproject.toml` **Changed:** - Updated mypy module override from `src.*` to `ares.*` in `pyproject.toml` - Reordered and grouped imports for consistency and PEP8 compliance across several modules (`src/ares/__init__.py`, `src/ares/agents/blue/soc_investigator.py`, `src/ares/agents/red/pentester.py`, `src/ares/core/factories/blue_factory.py`, `src/ares/core/factories/red_factory.py`, `src/ares/tools/blue/investigation.py`) - Improved line breaking and formatting for long function calls and dict constructions for better readability (multiple files) - Updated detection of MITRE technique extraction in orchestrators to use `labels.get(key)` and `annotations.get(key)` idiom for null-safety and clarity - Simplified conditional logic in `GrafanaTools` by merging branches and flattening response handling - Streamlined error and suggestion string formatting for LokiTools and other Toolset methods - Improved handling of available recipes and their display logic in `QuestionEngineTools` - Updated some docstring examples to add `# pragma: allowlist secret` comments for password fields in red team tools - Improved import ordering and __all__ listing order in several `__init__.py` files for consistency **Removed:** - Eliminated unnecessary noqa comments for private member access in `src/ares/main.py` and other places now covered by updated lint config - Removed unused import of `InvestigationStage` from `src/ares/tools/blue/actions.py` for clarity
CAP-787 Migrate Armada Kali Red Team Agent to Ares Codebase
Description: Objective: Fully integrate Armada’s Kali Red Team agents and tools into the Ares codebase using the Dreadnode Agent SDK, providing robust offensive security testing functionality while maintaining separation and safety controls within the SOC platform. Scope of Work:
Dependencies:
Acceptance Criteria:
Additional Notes:
|
…agent-to-ares-codebase
dreadnode-renovate-bot
Bot
added
area/docs
l50
deleted the
jayson/cap-787-migrate-armada-kali-red-team-agent-to-ares-codebase
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Key Changes:
arespackage with shared core, integrations, and templatessrc/ares, modularized tools, agents, reports, and templatesAdded:
RedTeamOrchestrator) supporting Active Directory enumeration, credential harvesting, share pilfering, password cracking, BloodHound, ADCS (Certipy), delegation attacks, and golden ticket workflows -src/ares/agents/red/,src/ares/tools/red/,src/ares/reports/redteam.pysrc/ares/core/templates/engines/attack_chains.yaml,templates/engines/detection_recipes.yamltemplates/redteam/agents/,templates/redteam/reports/Taskfile.yamlfor orchestrating pentests, EC2 discovery, and SSM log monitoringREADME.md,docs/)Changed:
arescore, models, and templates (e.g.,src/agent.py→src/ares/agents/blue/soc_investigator.py)aresnamespace throughout (pyproject.toml,Taskfile.yaml)Removed:
src/root module files and legacy single-agent structuremain.py,agent.py, and old-styletools/modules (replaced withsrc/ares/main.pyand modular imports)