cleanup

.gitignore

@@ -27,3 +27,32 @@ techniques_hash.db
 
 # Credential files
 *.creds
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+**/*.terraform.lock.hcl
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

atomics/T1562.008/T1562.008.yaml

@@ -32,14 +32,21 @@ atomic_tests:
       prereq_command: |
         terraform version
       get_prereq_command: |
-        echo Please install the terraform and run terraform apply
+        echo Please install the aws-cli and configure your AWS defult profile using: aws configure
+    - description: |
+        Check if the dependency resources are already present.
+      get_prereq_command: |
+        cd $PathToAtomicsFolder/T1562.008/src/T1562.008-1/
+        terraform init
+        terraform apply -var-file="T1562.008-1.tfvars" -auto-approve
   executor:
     command: |
        aws cloudtrail update-trail --name #{cloudtrail_name} --s3-bucket-name #{s3_bucket_name}  --is-multi-region-trail --region #{region}
        aws cloudtrail stop-logging --name #{cloudtrail_name} --region #{region}
        aws cloudtrail delete-trail --name #{cloudtrail_name} --region #{region}
     cleanup_command: |
-      echo Run terraform destroy manually
+      cd $PathToAtomicsFolder/T1562.008/src/T1562.008-1/
+      terraform destroy -var-file="T1562.008-1.tfvars" -auto-approve
     name: sh
     elevation_required: false
 - name: Azure - Eventhub Deletion
@@ -81,11 +88,17 @@ atomic_tests:
     get_prereq_command: |
       Install-Module -Name AzureAD -Force
   - description: |
-      Create dependency resources using terraform
+      Check if terraform is installed.
     prereq_command: |
       terraform version
     get_prereq_command: |
-      echo "Install terraform manually and configure it. Run terraform apply manually"
+        echo Please install the terraform and configure your Azure defult profile 
+  - description: |
+      Create dependency resources using terraform
+    get_prereq_command: |
+      cd $PathToAtomicsFolder/T1562.008/src/T1562.008-2/
+      terraform init
+      terraform apply -var-file="T1562.008-2.tfvars" -auto-approve
   executor:
     command: |
       $secure_pwd = "#{password}" | ConvertTo-SecureString -AsPlainText -Force
@@ -95,7 +108,8 @@ atomic_tests:
     name: powershell
     elevation_required: false
     cleanup_command: |
-      echo Run terraform destroy manually.
+      cd $PathToAtomicsFolder/T1562.008/src/T1562.008-2/
+      terraform destroy -var-file="T1562.008-2.tfvars" -auto-approve
 - name: Office 365 - Exchange Audit Log Disabled
   auto_generated_guid: 1ee572f3-056c-4632-a7fc-7e7c42b1543c
   description: |

atomics/T1562.008/src/T1562.008-2/T1562.008-2.tf

@@ -24,7 +24,7 @@ variable "name_space_name" {
 
 resource "azurerm_resource_group" "some_resource_group" {
   name     = "atomicredteam-rg"
-  location = "West Europe"
+  location = "East US"
 }
 
 resource "azurerm_eventhub_namespace" "some_namespace" {