Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//20350112
(S) Each table row shows an Alert along with relevant information in each column,
including:
Target – the name of the Target that triggered the Alert. See 5.2.3.5.
Session Active – the current Activity state of this Alert Session. This is only
applicable if the Alert was triggered on a Flytrap with Target Monitoring enabled.
“Yes” indicates the client MAC that triggered this Alert has recently had network
activity through the Flytrap, “No” indicates the converse. “Unavailable” (or
“N/A”) indicates the Alert was triggered on a Flytrap with Target Monitoring
disabled. Section 7.6 gives a detailed description of Target Monitoring and
Session Activity. Section 9.11.9 explains how to enable/disable Target
Monitoring when planning a Mission. Note that the “Target Activity” page (see
9.20) shows this information as well.
Last Activity – the most recent time that the client MAC that triggered the Alert
had network activity through the Flytrap. Section 7.6 gives a detailed description
of Target Monitoring and Session Activity.
Windex Alert – if the Target has a Windex Action assigned, this column has a
link to any Windex Alert information related to the Target.
Copy Data – if the Target has a Copy Action, this column has a link to the Copy
Data file.
Client MAC – the MAC address of the client computer/network card that
triggered the Alert.
Client IP – the IP address of the client computer that triggered the Alert.
Client VPN IP -- the IP address to use when accessing the Target computer over
the VPN Link (see 9.27).
Flytrap – a link to the Flytrap at which the Target was detected
Mission – a link to the Mission that was executing when the Target was detected
Receive Time – the time the CherryTree received the Alert (according to the local
clock on the CherryTree server)
Actual Time – the time the Alert was actually triggered on the Flytrap. Note that
the Flytrap records a time offset between when the Alert was triggered, and when
the Alert was actually sent. Hence, the Actual Date is the Receive date minus this
offset. Receive Date and Actual Date should only be different if the Flytrap could
not successfully send the Alert and it was cached and retried at a later time.
Traffic Direction – the direction of the network packet in which the Target was
detected (incoming => from WAN to LAN/WLAN, outgoing => from
LAN/WLAN to WAN).
Id – the unique identifier of the Alert (typical used for low-level database access)
95
SECRET//20350112

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh