yogsototh/deft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deft/reports/FY23Q1-report.html

1339 lines
50 KiB
HTML
Raw Permalink Normal View History

save
2024-02-01 14:16:14 +00:00
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="dcterms.date" content="2023-11-15" />
<title>FY23Q1 Report</title>
<style>
html {
line-height: 1.5;
font-family: Georgia, serif;
font-size: 20px;
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 1em;
}
h1 {
font-size: 1.8em;
}
}
@media print {
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
font-size: 85%;
margin: 0;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
</style>
<style>
body { font-family: monospace; font-size: 14px; line-height: 1.5em; max-width: 60em; margin: 0 auto; padding-top: 0; }
h1,h2,h3,h4 { margin: 0.25em 0; }
header { margin-bottom: 0; }
header h1 { border: none; }
h1 { border-top: solid 10px; border-bottom: solid 10px; margin-bottom: 1em; padding: 0.5em 0; width: 100%; text-align: center;}
h2 { border-top: solid; text-align: center; margin-top: 1em; padding-top: 1em; }
h3 { margin-left: 1em; color: #cb4b16; }
h4 { margin-left: 2em; }
u { display: inline-block; margin-left: 2.75em; opacity: 0.3; }
hr { opacity: 0; }
a { color: #06a;}
ul { margin-left: 3em; }
#TOC ul { margin-left: 0.5em; }
li { clear: both; }
li > a { float: right; }
nav li a { float: none; }
blockquote { opacity: 0.7; }
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">FY23Q1 Report</h1>
<p class="subtitle">logs goes 4 months back</p>
<p class="date">2023-11-15</p>
</header>
<nav id="TOC" role="doc-toc">
<ul>
<li><a href="#iroh">IROH</a>
<ul>
<li><a href="#lead">lead</a>
<ul>
<li><a href="#guillaume-buisson-23">Guillaume Buisson [23]</a>
<ul>
<li><a href="#ctia-1">ctia [1]</a></li>
<li><a href="#iroh-6">iroh [6]</a></li>
<li><a href="#iroh-offsite-fy24-15">iroh-offsite-fy24 [15]</a></li>
<li><a href="#tenzin-config-1">tenzin-config [1]</a></li>
</ul></li>
</ul></li>
<li><a href="#data">data</a>
<ul>
<li><a href="#mario-aquino-35">Mario Aquino [35]</a>
<ul>
<li><a href="#iroh-29">iroh [29]</a></li>
<li><a href="#iroh-offsite-fy24-1">iroh-offsite-fy24 [1]</a></li>
<li><a href="#tenzin-config-5">tenzin-config [5]</a></li>
</ul></li>
<li><a href="#guillaume-erétéo-26">Guillaume Erétéo [26]</a>
<ul>
<li><a href="#ctia-2">ctia [2]</a></li>
<li><a href="#iroh-15">iroh [15]</a></li>
<li><a href="#iroh-offsite-fy24-3">iroh-offsite-fy24 [3]</a></li>
<li><a href="#tenzin-config-6">tenzin-config [6]</a></li>
</ul></li>
<li><a href="#ambrose-bonnaire-sergeant-23">Ambrose Bonnaire-Sergeant
[23]</a>
<ul>
<li><a href="#ctia-4">ctia [4]</a></li>
<li><a href="#iroh-6-1">iroh [6]</a></li>
<li><a href="#iroh-offsite-fy24-13">iroh-offsite-fy24 [13]</a></li>
</ul></li>
</ul></li>
<li><a href="#integrations">integrations</a>
<ul>
<li><a href="#matthieu-sprunck-12">Matthieu Sprunck [12]</a>
<ul>
<li><a href="#iroh-5">iroh [5]</a></li>
<li><a href="#tenzin-config-7">tenzin-config [7]</a></li>
</ul></li>
<li><a href="#kirill-chernyshov-24">Kirill Chernyshov [24]</a>
<ul>
<li><a href="#iroh-20">iroh [20]</a></li>
<li><a href="#tenzin-config-4">tenzin-config [4]</a></li>
</ul></li>
<li><a href="#shafiq-11">Shafiq [11]</a>
<ul>
<li><a href="#iroh-9">iroh [9]</a></li>
<li><a href="#tenzin-config-2">tenzin-config [2]</a></li>
</ul></li>
</ul></li>
<li><a href="#auth">auth</a>
<ul>
<li><a href="#bartuka-41">bartuka [41]</a>
<ul>
<li><a href="#iroh-23">iroh [23]</a></li>
<li><a href="#iroh-offsite-fy24-4">iroh-offsite-fy24 [4]</a></li>
<li><a href="#ring-jwt-middleware-11">ring-jwt-middleware [11]</a></li>
<li><a href="#tenzin-config-3">tenzin-config [3]</a></li>
</ul></li>
<li><a href="#yann-esposito-63">Yann Esposito [63]</a>
<ul>
<li><a href="#iroh-22">iroh [22]</a></li>
<li><a href="#iroh-offsite-fy24-2">iroh-offsite-fy24 [2]</a></li>
<li><a href="#iroh-scripts-21">iroh-scripts [21]</a></li>
<li><a href="#ring-jwt-middleware-4">ring-jwt-middleware [4]</a></li>
<li><a href="#tenzin-config-4-1">tenzin-config [4]</a></li>
<li><a href="#xdr-provisioning-10">xdr-provisioning [10]</a></li>
</ul></li>
<li><a href="#olivier-barbeau-29">Olivier Barbeau [29]</a>
<ul>
<li><a href="#iroh-27">iroh [27]</a></li>
<li><a href="#iroh-offsite-fy24-1-1">iroh-offsite-fy24 [1]</a></li>
<li><a href="#tenzin-config-1-1">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#yogsototh-37">(Yogsototh) [37]</a>
<ul>
<li><a href="#iroh-offsite-fy24-2-1">iroh-offsite-fy24 [2]</a></li>
<li><a href="#iroh-scripts-21-1">iroh-scripts [21]</a></li>
<li><a href="#ring-jwt-middleware-4-1">ring-jwt-middleware [4]</a></li>
<li><a href="#xdr-provisioning-10-1">xdr-provisioning [10]</a></li>
</ul></li>
</ul></li>
<li><a href="#iroh-ops">iroh-ops</a>
<ul>
<li><a href="#jerome-schneider-3">Jerome Schneider [3]</a>
<ul>
<li><a href="#iroh-offsite-fy24-3-1">iroh-offsite-fy24 [3]</a></li>
</ul></li>
<li><a href="#section">[0]</a></li>
</ul></li>
</ul></li>
<li><a href="#other">Other</a>
<ul>
<li><a href="#other-1">Other</a>
<ul>
<li><a href="#robert-levy-5">Robert Levy [5]</a>
<ul>
<li><a href="#iroh-4">iroh [4]</a></li>
<li><a href="#tenzin-config-1-2">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#eric-gierach-6">Eric Gierach [6]</a>
<ul>
<li><a href="#iroh-6-2">iroh [6]</a></li>
</ul></li>
<li><a href="#ii-9">II [9]</a>
<ul>
<li><a href="#ctia-1-1">ctia [1]</a></li>
<li><a href="#iroh-7">iroh [7]</a></li>
<li><a href="#tenzin-config-1-3">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#devin-walters-4">Devin Walters [4]</a>
<ul>
<li><a href="#tenzin-config-4-2">tenzin-config [4]</a></li>
</ul></li>
<li><a href="#cisco-1">Cisco [1]</a>
<ul>
<li><a href="#iroh-offsite-fy24-1-2">iroh-offsite-fy24 [1]</a></li>
</ul></li>
<li><a href="#ag-ibragimov-1">Ag Ibragimov [1]</a>
<ul>
<li><a href="#ctia-1-2">ctia [1]</a></li>
</ul></li>
<li><a href="#section-1">[9]</a>
<ul>
<li><a href="#ctia-1-3">ctia [1]</a></li>
<li><a href="#iroh-7-1">iroh [7]</a></li>
<li><a href="#tenzin-config-1-4">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#andrew-parisi-3">Andrew Parisi [3]</a>
<ul>
<li><a href="#tenzin-config-3-1">tenzin-config [3]</a></li>
</ul></li>
<li><a href="#shafjama-1">shafjama [1]</a>
<ul>
<li><a href="#iroh-offsite-fy24-1-3">iroh-offsite-fy24 [1]</a></li>
</ul></li>
<li><a href="#scott-mcleod-8">Scott McLeod [8]</a>
<ul>
<li><a href="#iroh-8">iroh [8]</a></li>
</ul></li>
<li><a href="#matthieu-sprunck-1">Matthieu Sprunck [1]</a>
<ul>
<li><a href="#iroh-offsite-fy24-1-4">iroh-offsite-fy24 [1]</a></li>
</ul></li>
<li><a href="#patrick-patat-1">Patrick Patat [1]</a>
<ul>
<li><a href="#iroh-offsite-fy24-1-5">iroh-offsite-fy24 [1]</a></li>
</ul></li>
<li><a href="#t2sw-2">t2sw [2]</a>
<ul>
<li><a href="#ctia-1-4">ctia [1]</a></li>
<li><a href="#iroh-1">iroh [1]</a></li>
</ul></li>
<li><a href="#jerome-schneider-1">Jerome Schneider [1]</a>
<ul>
<li><a href="#iroh-1-1">iroh [1]</a></li>
</ul></li>
<li><a href="#brooke-swanson-1">Brooke Swanson [1]</a>
<ul>
<li><a href="#tenzin-config-1-5">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#jillian-flook-1">Jillian Flook [1]</a>
<ul>
<li><a href="#tenzin-config-1-6">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#msprunck-1">(msprunck) [1]</a>
<ul>
<li><a href="#iroh-offsite-fy24-1-6">iroh-offsite-fy24 [1]</a></li>
</ul></li>
<li><a href="#pawan-bahuguna-2">Pawan Bahuguna [2]</a>
<ul>
<li><a href="#tenzin-config-2-1">tenzin-config [2]</a></li>
</ul></li>
<li><a href="#james-brock-1">James Brock [1]</a>
<ul>
<li><a href="#easy-purescript-nix-1">easy-purescript-nix [1]</a></li>
</ul></li>
</ul></li>
</ul></li>
</ul>
</nav>
<h1 id="iroh">IROH</h1>
<h2 id="lead">lead</h2>
<h3 id="guillaume-buisson-23">Guillaume Buisson [23]</h3>
<h4 id="ctia-1">ctia [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Revert "woke tool added (#1375)"</li>
</ul>
<h4 id="iroh-6">iroh [6]</h4>
<ul>
<li>A new script to update a record :created in ES <a
href="https://github.com/advthreat/iroh/pull/8574">#8574</a></li>
<li>NotificationRequest Service Design <a
href="https://github.com/advthreat/iroh/pull/8264">#8264</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Api insights compliance and tooling <a
href="https://github.com/advthreat/iroh/pull/8204">#8204</a></li>
<li>Revert "Initial API Insights support (#7938)" <a
href="https://github.com/advthreat/iroh/pull/8200">#8200</a></li>
<li>Initial API Insights support <a
href="https://github.com/advthreat/iroh/pull/7938">#7938</a></li>
<li>Initial Notification service developer documentation <a
href="https://github.com/advthreat/iroh/pull/8166">#8166</a></li>
</ul>
<h4 id="iroh-offsite-fy24-15">iroh-offsite-fy24 [15]</h4>
<ul>
<li>Added coffee section</li>
<li>Added Workstation</li>
<li>fixed time</li>
<li>Individual Presentations Schedule</li>
<li>Adding my retrospective</li>
<li>updated program</li>
<li>Changed the program</li>
<li>moved stuff</li>
<li>typo</li>
<li>Added schedule CS</li>
<li>Update program.org</li>
<li>Update program.org</li>
<li>Update README.org</li>
<li>Added schedule CS</li>
<li>Added Program</li>
</ul>
<h4 id="tenzin-config-1">tenzin-config [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Set the IROH API version <a
href="https://github.com/advthreat/tenzin-config/pull/965">#965</a></li>
</ul>
<h2 id="data">data</h2>
<h3 id="mario-aquino-35">Mario Aquino [35]</h3>
<h4 id="iroh-29">iroh [29]</h4>
<ul>
<li>Incident Summary migration re-run <a
href="https://github.com/advthreat/iroh/pull/8597">#8597</a></li>
<li>Notification request uses paginated user search <a
href="https://github.com/advthreat/iroh/pull/8606">#8606</a></li>
<li>Add support for role-targetted notification <a
href="https://github.com/advthreat/iroh/pull/8557">#8557</a></li>
<li>Issue 8438/notification request phase 1 <a
href="https://github.com/advthreat/iroh/pull/8470">#8470</a></li>
<li>Fix flaky test <a
href="https://github.com/advthreat/iroh/pull/8521">#8521</a></li>
<li>Use int-req-ctx when calling post-bundle-import <a
href="https://github.com/advthreat/iroh/pull/8500">#8500</a></li>
<li>Use incident long-id for incident summary lookup <a
href="https://github.com/advthreat/iroh/pull/8489">#8489</a></li>
<li>Establish timeout limit for incident enrichment <a
href="https://github.com/advthreat/iroh/pull/8484">#8484</a></li>
<li>Use org virtual user for threat hunt enrichment enqueuing <a
href="https://github.com/advthreat/iroh/pull/8458">#8458</a></li>
<li>Prevent incident-summary ID patching <a
href="https://github.com/advthreat/iroh/pull/8468">#8468</a></li>
<li>Limit fields returned by Incident Summary Search <a
href="https://github.com/advthreat/iroh/pull/8435">#8435</a></li>
<li>Incident summary update migration <a
href="https://github.com/advthreat/iroh/pull/8416">#8416</a></li>
<li>Incident Summary search max page size increase <a
href="https://github.com/advthreat/iroh/pull/8414">#8414</a></li>
<li>Update Incident Summary <a
href="https://github.com/advthreat/iroh/pull/8386">#8386</a></li>
<li>Fix support for sorting on source or title <a
href="https://github.com/advthreat/iroh/pull/8392">#8392</a></li>
<li>Prevent caching Talos threat hunt if missing judgements <a
href="https://github.com/advthreat/iroh/pull/8357">#8357</a></li>
<li>Set default page size to 10, max to 25 for incident summary search
<a href="https://github.com/advthreat/iroh/pull/8344">#8344</a></li>
<li>Prevent empty threat data from saving with threat hunt status <a
href="https://github.com/advthreat/iroh/pull/8314">#8314</a></li>
<li>Add info logging for visibility into incident determination <a
href="https://github.com/advthreat/iroh/pull/8305">#8305</a></li>
<li>Incident Summary timestamp and search filters support <a
href="https://github.com/advthreat/iroh/pull/8262">#8262</a></li>
<li>Incident Summary modification timestamps <a
href="https://github.com/advthreat/iroh/pull/8229">#8229</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Async metrics doc <a
href="https://github.com/advthreat/iroh/pull/7774">#7774</a></li>
<li>[Bugfix] Enforce groups filtering when searching incident summaries
<a href="https://github.com/advthreat/iroh/pull/8211">#8211</a></li>
<li>Prepend bearer prefix if missing <a
href="https://github.com/advthreat/iroh/pull/8190">#8190</a></li>
<li>Fix CTIA auth parameter <a
href="https://github.com/advthreat/iroh/pull/8174">#8174</a></li>
<li>Incident Summary Migration (v2) <a
href="https://github.com/advthreat/iroh/pull/8167">#8167</a></li>
<li>Incident Summary Migration <a
href="https://github.com/advthreat/iroh/pull/8092">#8092</a></li>
<li>Developer doc for the migration task <a
href="https://github.com/advthreat/iroh/pull/8087">#8087</a></li>
<li>Issue 8081/configure incident summary index settings <a
href="https://github.com/advthreat/iroh/pull/8086">#8086</a></li>
</ul>
<h4 id="iroh-offsite-fy24-1">iroh-offsite-fy24 [1]</h4>
<ul>
<li>The Mario you know…</li>
</ul>
<h4 id="tenzin-config-5">tenzin-config [5]</h4>
<ul>
<li>Rerun incident summary migration and update ES index <a
href="https://github.com/advthreat/tenzin-config/pull/1001">#1001</a></li>
<li>Enable incident summary update migration <a
href="https://github.com/advthreat/tenzin-config/pull/983">#983</a></li>
<li>Config for incident summary date migration <a
href="https://github.com/advthreat/tenzin-config/pull/968">#968</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Adds incident summary migration <a
href="https://github.com/advthreat/tenzin-config/pull/958">#958</a></li>
<li>Removes refresh parameter from incident summary index config <a
href="https://github.com/advthreat/tenzin-config/pull/948">#948</a></li>
</ul>
<h3 id="guillaume-erétéo-26">Guillaume Erétéo [26]</h3>
<h4 id="ctia-2">ctia [2]</h4>
<ul>
<li>Incident status disposition <a
href="https://github.com/advthreat/ctia/pull/1389">#1389</a></li>
<li>Update CODEOWNERS <a
href="https://github.com/advthreat/ctia/pull/1387">#1387</a></li>
</ul>
<h4 id="iroh-15">iroh [15]</h4>
<ul>
<li>entitlement-enforcement-jobs-service in default <a
href="https://github.com/advthreat/iroh/pull/8612">#8612</a></li>
<li>incident status_disposition <a
href="https://github.com/advthreat/iroh/pull/8587">#8587</a></li>
<li>introduce admin common web service for cisco services <a
href="https://github.com/advthreat/iroh/pull/8573">#8573</a></li>
<li>speed up listing of entilements <a
href="https://github.com/advthreat/iroh/pull/8516">#8516</a></li>
<li>Update CODEOWNERS <a
href="https://github.com/advthreat/iroh/pull/8524">#8524</a></li>
<li>Add entitlement summaries endpoint for external policy enforcement
jobs <a
href="https://github.com/advthreat/iroh/pull/8508">#8508</a></li>
<li>ductile 0.4.8 <a
href="https://github.com/advthreat/iroh/pull/8453">#8453</a></li>
<li>XDR intel retention design <a
href="https://github.com/advthreat/iroh/pull/8153">#8153</a></li>
<li>Manual Data Deletion of Private Intel Data <a
href="https://github.com/advthreat/iroh/pull/8384">#8384</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>SE and SCA stats <a
href="https://github.com/advthreat/iroh/pull/8154">#8154</a></li>
<li>Eventually fix incident report flaky test 2 <a
href="https://github.com/advthreat/iroh/pull/8171">#8171</a></li>
<li>Draft of proposals for migrating enrichment to CONURE <a
href="https://github.com/advthreat/iroh/pull/7983">#7983</a></li>
<li>Ductile 0.4.7 <a
href="https://github.com/advthreat/iroh/pull/8120">#8120</a></li>
<li>fix flaky test on incident summary report <a
href="https://github.com/advthreat/iroh/pull/8083">#8083</a></li>
<li>aliased ES tk-store <a
href="https://github.com/advthreat/iroh/pull/7822">#7822</a></li>
</ul>
<h4 id="iroh-offsite-fy24-3">iroh-offsite-fy24 [3]</h4>
<ul>
<li>fix</li>
<li>typos</li>
<li>ge</li>
</ul>
<h4 id="tenzin-config-6">tenzin-config [6]</h4>
<ul>
<li>fix config path in README.md <a
href="https://github.com/advthreat/tenzin-config/pull/1000">#1000</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>add back incident in public intel <a
href="https://github.com/advthreat/tenzin-config/pull/960">#960</a></li>
<li>disable unsused private/public stores <a
href="https://github.com/advthreat/tenzin-config/pull/959">#959</a></li>
<li>wip <a
href="https://github.com/advthreat/tenzin-config/pull/951">#951</a></li>
<li>rename incident summary index for new params <a
href="https://github.com/advthreat/tenzin-config/pull/950">#950</a></li>
<li>add write alias and rollover <a
href="https://github.com/advthreat/tenzin-config/pull/949">#949</a></li>
</ul>
<h3 id="ambrose-bonnaire-sergeant-23">Ambrose Bonnaire-Sergeant
[23]</h3>
<h4 id="ctia-4">ctia [4]</h4>
<ul>
<li>New bundle/import option: merge previous incident tactics/techniques
<a href="https://github.com/advthreat/ctia/pull/1388">#1388</a></li>
<li>Patch existing entities in <code>POST /bundle/import</code> <a
href="https://github.com/advthreat/ctia/pull/1383">#1383</a></li>
<li>Fix memory leak <a
href="https://github.com/advthreat/ctia/pull/1382">#1382</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Do not init disabled stores <a
href="https://github.com/advthreat/ctia/pull/1379">#1379</a></li>
</ul>
<h4 id="iroh-6-1">iroh [6]</h4>
<ul>
<li>Enable entity patching in POST /private-intel/bundle/import <a
href="https://github.com/advthreat/iroh/pull/8492">#8492</a></li>
<li>Fix bad bulk call <a
href="https://github.com/advthreat/iroh/pull/8333">#8333</a></li>
<li>PATCH /bundle/import pass-thru route <a
href="https://github.com/advthreat/iroh/pull/8128">#8128</a></li>
<li>Fix memory leak <a
href="https://github.com/advthreat/iroh/pull/8243">#8243</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Add missing bearer in incident summary <a
href="https://github.com/advthreat/iroh/pull/8183">#8183</a></li>
<li>Revert "Fix CTIA auth parameter" <a
href="https://github.com/advthreat/iroh/pull/8182">#8182</a></li>
</ul>
<h4 id="iroh-offsite-fy24-13">iroh-offsite-fy24 [13]</h4>
<ul>
<li>Merge branch 'main' of github.com:advthreat/iroh-offsite-fy24</li>
<li>wip</li>
<li>successes</li>
<li>leak</li>
<li>120</li>
<li>plumbing</li>
<li>flaky</li>
<li>stuff</li>
<li>schema</li>
<li>assess</li>
<li>me</li>
<li>stuff</li>
<li>start</li>
</ul>
<h2 id="integrations">integrations</h2>
<h3 id="matthieu-sprunck-12">Matthieu Sprunck [12]</h3>
<h4 id="iroh-5">iroh [5]</h4>
<ul>
<li>StackOverflowError temporary fix <a
href="https://github.com/advthreat/iroh/pull/8607">#8607</a></li>
<li>Allow any header name in the remote module auth configuration <a
href="https://github.com/advthreat/iroh/pull/8529">#8529</a></li>
<li>Add ciscoxdr as a valid Feedback source <a
href="https://github.com/advthreat/iroh/pull/8515">#8515</a></li>
<li>Fix Duo Admin API Auth (sigv2) for POST requests <a
href="https://github.com/advthreat/iroh/pull/8330">#8330</a></li>
<li>Remote module: Remove duplicate / in generated URLs <a
href="https://github.com/advthreat/iroh/pull/8095">#8095</a></li>
</ul>
<h4 id="tenzin-config-7">tenzin-config [7]</h4>
<ul>
<li>Configure new CSC domain in the provisioning service <a
href="https://github.com/advthreat/tenzin-config/pull/988">#988</a></li>
<li>New CSC domain for TEST <a
href="https://github.com/advthreat/tenzin-config/pull/987">#987</a></li>
<li>Add missing config to ExtraHop module record <a
href="https://github.com/advthreat/tenzin-config/pull/974">#974</a></li>
<li>IROH Proxy config for ExtraHop integration <a
href="https://github.com/advthreat/tenzin-config/pull/973">#973</a></li>
<li>Disable all relay apis in the Duo module <a
href="https://github.com/advthreat/tenzin-config/pull/971">#971</a></li>
<li>Configure the IROH Proxy for the Duo module <a
href="https://github.com/advthreat/tenzin-config/pull/969">#969</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>IROH Proxy configuration for PAN Cortex XDR <a
href="https://github.com/advthreat/tenzin-config/pull/947">#947</a></li>
</ul>
<h3 id="kirill-chernyshov-24">Kirill Chernyshov [24]</h3>
<h4 id="iroh-20">iroh [20]</h4>
<ul>
<li>Add draft design for IROH Events data retention <a
href="https://github.com/advthreat/iroh/pull/8585">#8585</a></li>
<li>Fix shutdown process of Kafka Consumer <a
href="https://github.com/advthreat/iroh/pull/8558">#8558</a></li>
<li>Fixes for CTIA Transfer service <a
href="https://github.com/advthreat/iroh/pull/8552">#8552</a></li>
<li>Transfer CTIA Events <a
href="https://github.com/advthreat/iroh/pull/8514">#8514</a></li>
<li>Tiny fix for EventWebservice router <a
href="https://github.com/advthreat/iroh/pull/8493">#8493</a></li>
<li>Handle a case when no include-filters given <a
href="https://github.com/advthreat/iroh/pull/8405">#8405</a></li>
<li>Replace symbols in random nonce <a
href="https://github.com/advthreat/iroh/pull/8374">#8374</a></li>
<li>Add :client-credentials-basic-rfc auth type <a
href="https://github.com/advthreat/iroh/pull/8367">#8367</a></li>
<li>Add new authentication scheme <a
href="https://github.com/advthreat/iroh/pull/8353">#8353</a></li>
<li>Add automation events and adjust filters <a
href="https://github.com/advthreat/iroh/pull/8349">#8349</a></li>
<li>Add <code>include</code> query parameter to incident events <a
href="https://github.com/advthreat/iroh/pull/8331">#8331</a></li>
<li>Fix sorting for incident events <a
href="https://github.com/advthreat/iroh/pull/8317">#8317</a></li>
<li>Revert changes to events/search endpoint <a
href="https://github.com/advthreat/iroh/pull/8292">#8292</a></li>
<li>Deduplicate incident events + note events <a
href="https://github.com/advthreat/iroh/pull/8282">#8282</a></li>
<li>Trim incident keys to match response schema <a
href="https://github.com/advthreat/iroh/pull/8273">#8273</a></li>
<li>Fix double uri encoding during passing through parameter to
PrivateIntel <a
href="https://github.com/advthreat/iroh/pull/8269">#8269</a></li>
<li>Add PrivateIntelEventService to default-bootstrap.cfg <a
href="https://github.com/advthreat/iroh/pull/8267">#8267</a></li>
<li>Add API endpoint to combine events from IROH and PrivateIntel <a
href="https://github.com/advthreat/iroh/pull/8245">#8245</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Create events for incidents <a
href="https://github.com/advthreat/iroh/pull/8162">#8162</a></li>
<li>Replace kpow with akhq for kafka cluster ops <a
href="https://github.com/advthreat/iroh/pull/8206">#8206</a></li>
</ul>
<h4 id="tenzin-config-4">tenzin-config [4]</h4>
<ul>
<li>Use strict rfc auth method for ExtraHop module <a
href="https://github.com/advthreat/tenzin-config/pull/977">#977</a></li>
<li>Fix typo <a
href="https://github.com/advthreat/tenzin-config/pull/976">#976</a></li>
<li>Configure Palo Alto Cortex proxy <a
href="https://github.com/advthreat/tenzin-config/pull/975">#975</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>[TEST, PROD] Enable Kafka services <a
href="https://github.com/advthreat/tenzin-config/pull/944">#944</a></li>
</ul>
<h3 id="shafiq-11">Shafiq [11]</h3>
<h4 id="iroh-9">iroh [9]</h4>
<ul>
<li>Update iroh-event developer doc <a
href="https://github.com/advthreat/iroh/pull/8596">#8596</a></li>
<li>Add x-sort header to support search_after pagination <a
href="https://github.com/advthreat/iroh/pull/8586">#8586</a></li>
<li>Identify trusted service to service req for SE <a
href="https://github.com/advthreat/iroh/pull/8495">#8495</a></li>
<li>Add error log for unsuccessful proxy health checks <a
href="https://github.com/advthreat/iroh/pull/8442">#8442</a></li>
<li>Include module flags with proxy-endpoints-metadata response <a
href="https://github.com/advthreat/iroh/pull/8439">#8439</a></li>
<li>Support Darktrace authentication for IROH-Proxy <a
href="https://github.com/advthreat/iroh/pull/8385">#8385</a></li>
<li>Generate error message with applied url-template <a
href="https://github.com/advthreat/iroh/pull/8332">#8332</a></li>
<li>Generate appropriate errors for invalid url template <a
href="https://github.com/advthreat/iroh/pull/8322">#8322</a></li>
<li>Implement proxy health checks for Relay modules <a
href="https://github.com/advthreat/iroh/pull/8250">#8250</a></li>
</ul>
<h4 id="tenzin-config-2">tenzin-config [2]</h4>
<ul>
<li>Add darktrace module <a
href="https://github.com/advthreat/tenzin-config/pull/985">#985</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Update rollover settings for iroh-event datastream <a
href="https://github.com/advthreat/tenzin-config/pull/946">#946</a></li>
</ul>
<h2 id="auth">auth</h2>
<h3 id="bartuka-41">bartuka [41]</h3>
<h4 id="iroh-23">iroh [23]</h4>
<ul>
<li>[IROH Auth] Add support to accept IROH Auth JWTs and External JWTs
in a WebService <a
href="https://github.com/advthreat/iroh/pull/8528">#8528</a></li>
<li>[IROH Auth] bump <code>ring-jwt-middleware</code> to
<code>1.1.5</code> <a
href="https://github.com/advthreat/iroh/pull/8568">#8568</a></li>
<li>[IROH Auth] check entitlements schema in universal piam flow <a
href="https://github.com/advthreat/iroh/pull/8560">#8560</a></li>
<li>[IROH Auth] fix check of <code>allowed-origins</code> for
<code>registration_redirect</code> query param <a
href="https://github.com/advthreat/iroh/pull/8559">#8559</a></li>
<li>[IROH Auth] move <code>oauth2-jwkset</code> to <code>jwks-svc</code>
<a href="https://github.com/advthreat/iroh/pull/8534">#8534</a></li>
<li>[IROH Auth] - Expose <code>universal-provisioning-web-service</code>
<a href="https://github.com/advthreat/iroh/pull/8499">#8499</a></li>
<li>[IROH Auth] move <code>is-trusted-clients?</code> to
<code>OAuth2ClientService</code> <a
href="https://github.com/advthreat/iroh/pull/8502">#8502</a></li>
<li>[IROH Auth] add <code>UniversalProvisioningService</code> <a
href="https://github.com/advthreat/iroh/pull/8459">#8459</a></li>
<li>[IROH Auth] Add support to use <code>jwt-pubkey-fn</code> to IROH
Web <a href="https://github.com/advthreat/iroh/pull/8450">#8450</a></li>
<li>[IROH Auth] add <code>JWKSService</code> with
<code>cache-jwks</code> and <code>get-public-keys</code> methods <a
href="https://github.com/advthreat/iroh/pull/8449">#8449</a></li>
<li>[IROH Auth] Universal Provisioning Flow - Design <a
href="https://github.com/advthreat/iroh/pull/8300">#8300</a></li>
<li>fix webhook schemas for GET search <a
href="https://github.com/advthreat/iroh/pull/8379">#8379</a></li>
<li>[IROH Auth] Add <code>allow-all-role-to-login</code> to
<code>/profile/accounts</code> <a
href="https://github.com/advthreat/iroh/pull/8271">#8271</a></li>
<li>[IROH Auth] Get <code>create_org</code> query-param from
<code>origin</code> at the <code>/login</code> endpoint <a
href="https://github.com/advthreat/iroh/pull/8316">#8316</a></li>
<li>[IROH Auth] Add <code>create-org</code> query-param to show Create
org options in Reg UI <a
href="https://github.com/advthreat/iroh/pull/8308">#8308</a></li>
<li>[IROH Auth] make <code>AO</code> scope public <a
href="https://github.com/advthreat/iroh/pull/8223">#8223</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Revert "[IROH Auth] Add <code>insights:read</code> scope to be
visible to Admin … <a
href="https://github.com/advthreat/iroh/pull/8225">#8225</a></li>
<li>[IROH Auth] Add <code>insights:read</code> scope to be visible to
Admin and Master users <a
href="https://github.com/advthreat/iroh/pull/8186">#8186</a></li>
<li>[IROH Auth] add <code>insights</code> root scope <a
href="https://github.com/advthreat/iroh/pull/8185">#8185</a></li>
<li>[IROH Auth] emit event on entitlement change <a
href="https://github.com/advthreat/iroh/pull/8164">#8164</a></li>
<li>Design doc to webhook support on Entitlement create/update <a
href="https://github.com/advthreat/iroh/pull/8112">#8112</a></li>
<li>NewEvent <code>:created-at</code> is optional for IROH internal
calls and mandatory to HTTP events <a
href="https://github.com/advthreat/iroh/pull/8121">#8121</a></li>
<li>[IROH Auth] Support XDR <code>signup-url</code> <a
href="https://github.com/advthreat/iroh/pull/8117">#8117</a></li>
</ul>
<h4 id="iroh-offsite-fy24-4">iroh-offsite-fy24 [4]</h4>
<ul>
<li>Merge remote-tracking branch 'refs/remotes/origin/main'</li>
<li>sync</li>
<li>fix</li>
<li>retro</li>
</ul>
<h4 id="ring-jwt-middleware-11">ring-jwt-middleware [11]</h4>
<ul>
<li>add test case</li>
<li>update readme</li>
<li>fix schema</li>
<li>log the full jwt when error</li>
<li>use the default value</li>
<li>fix tests by adding <code>post-jwt-format-fn-arg-fn</code> to config
and schema</li>
<li>fix all tests by changing the output of <code>decode</code></li>
<li>Merge pull request #28 from threatgrid/pubkey-fn-arg-fn</li>
<li>fix config_test</li>
<li>add test case</li>
<li>initial commit</li>
</ul>
<h4 id="tenzin-config-3">tenzin-config [3]</h4>
<ul>
<li>add new automation hosts to webhook runner <a
href="https://github.com/advthreat/tenzin-config/pull/979">#979</a></li>
<li>update help-url <a
href="https://github.com/advthreat/tenzin-config/pull/967">#967</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>config to support signup-url xdr <a
href="https://github.com/advthreat/tenzin-config/pull/955">#955</a></li>
</ul>
<h3 id="yann-esposito-63">Yann Esposito [63]</h3>
<h4 id="iroh-22">iroh [22]</h4>
<ul>
<li>Generalize default indexes for data retention <a
href="https://github.com/advthreat/iroh/pull/8598">#8598</a></li>
<li>[Data Retention Policy]: Delete incident summaries along incident <a
href="https://github.com/advthreat/iroh/pull/8576">#8576</a></li>
<li>[Provisioning] Introduce <code>product-instance-id</code> <a
href="https://github.com/advthreat/iroh/pull/8577">#8577</a></li>
<li>Simply wait a lot more for ES to sync <a
href="https://github.com/advthreat/iroh/pull/8553">#8553</a></li>
<li>Quick fix on the IROH login page <a
href="https://github.com/advthreat/iroh/pull/8564">#8564</a></li>
<li>Prevent org duplication during provisioning <a
href="https://github.com/advthreat/iroh/pull/8556">#8556</a></li>
<li>Declared scopes tree <a
href="https://github.com/advthreat/iroh/pull/8537">#8537</a></li>
<li>Improve constraints against Entitlements <a
href="https://github.com/advthreat/iroh/pull/8525">#8525</a></li>
<li>Fix admin route to support combinators <a
href="https://github.com/advthreat/iroh/pull/8377">#8377</a></li>
<li>Data Retention endpoint returns immediately <a
href="https://github.com/advthreat/iroh/pull/8486">#8486</a></li>
<li>Data retention policy enforcement <a
href="https://github.com/advthreat/iroh/pull/8431">#8431</a></li>
<li>PIAM: Support filtered out onboardings <a
href="https://github.com/advthreat/iroh/pull/8275">#8275</a></li>
<li>Improved entitlement doc <a
href="https://github.com/advthreat/iroh/pull/8261">#8261</a></li>
<li>Expose XDR-enabled? SX-enabled? on whoami <a
href="https://github.com/advthreat/iroh/pull/8274">#8274</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Fix a URL detection from HTML <a
href="https://github.com/advthreat/iroh/pull/8165">#8165</a></li>
<li>Revert "Incident Summary Migration" <a
href="https://github.com/advthreat/iroh/pull/8163">#8163</a></li>
<li>[Monetization]: Fix business logic of data retention <a
href="https://github.com/advthreat/iroh/pull/8142">#8142</a></li>
<li>Allow braces with iroh-core/strint <a
href="https://github.com/advthreat/iroh/pull/8051">#8051</a></li>
<li>Remove SecureX branding and attempt to match SCSO branding for
invitation and OAuth2 authorization <a
href="https://github.com/advthreat/iroh/pull/8111">#8111</a></li>
<li>[Registration UI]: Reword to remove SX reference <a
href="https://github.com/advthreat/iroh/pull/8110">#8110</a></li>
<li>Entitlement summary technical values <a
href="https://github.com/advthreat/iroh/pull/8094">#8094</a></li>
<li>[PIAM] Make enterprise id mandatory for piam <a
href="https://github.com/advthreat/iroh/pull/8069">#8069</a></li>
</ul>
<h4 id="iroh-offsite-fy24-2">iroh-offsite-fy24 [2]</h4>
<ul>
<li>Update content + reveal</li>
<li>Initial commit</li>
</ul>
<h4 id="iroh-scripts-21">iroh-scripts [21]</h4>
<ul>
<li>add scope to a client</li>
<li>Help support cider</li>
<li>add admin to org</li>
<li>Improved descriptions</li>
<li>promote-to-master script</li>
<li>Fix and small improvements</li>
<li>Improve robustness</li>
<li>Scripts for admin</li>
<li>client-pass</li>
<li>Improve scripting lib</li>
<li>improve error message</li>
<li>small rename improved search</li>
<li>add search</li>
<li>improve + new scripts</li>
<li>Provision orgs for developers with some fixed entitlements</li>
<li>attempt 2</li>
<li>Attempt to fix links in README</li>
<li>Improve README.org</li>
<li>create an admin util ns</li>
<li>add a nice example with get-client.sh</li>
<li>initial commit with an example</li>
</ul>
<h4 id="ring-jwt-middleware-4">ring-jwt-middleware [4]</h4>
<ul>
<li>Version 1.1.6-SNAPSHOT</li>
<li>Version 1.1.5</li>
<li>v1.1.5-SNAPSHOT</li>
<li>Version 1.1.4</li>
</ul>
<h4 id="tenzin-config-4-1">tenzin-config [4]</h4>
<ul>
<li>increase rate limit for lab <a
href="https://github.com/advthreat/tenzin-config/pull/992">#992</a></li>
<li>Typo fix #989 <a
href="https://github.com/advthreat/tenzin-config/pull/991">#991</a></li>
<li>Declare missing service <a
href="https://github.com/advthreat/tenzin-config/pull/990">#990</a></li>
<li>Configure Enforce Entitlement Jobs service <a
href="https://github.com/advthreat/tenzin-config/pull/989">#989</a></li>
</ul>
<h4 id="xdr-provisioning-10">xdr-provisioning [10]</h4>
<ul>
<li>fix exit</li>
<li>prevent duplicate onboard calls</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Add a script to cleanup test accounts</li>
<li>rename script and improve error</li>
<li>minor improvement</li>
<li>fix ISO code to use 2 chars only</li>
<li>use the env from the table</li>
<li>fix tsv-to-commands.sh</li>
<li>add tsv-to-commands.sh</li>
<li>add an option to force di and csc onboarding even for org
upgrade</li>
</ul>
<h3 id="olivier-barbeau-29">Olivier Barbeau [29]</h3>
<h4 id="iroh-27">iroh [27]</h4>
<ul>
<li>Implement <code>Module Instance service</code> event handler <a
href="https://github.com/advthreat/iroh/pull/8592">#8592</a></li>
<li>Updates to the design 'entitlement changes for integration modules'
<a href="https://github.com/advthreat/iroh/pull/8541">#8541</a></li>
<li>E8388: add new module-instance events, register Module Instance
service as handler <a
href="https://github.com/advthreat/iroh/pull/8547">#8547</a></li>
<li>E8388: Issue 8531 add state to module instance schema <a
href="https://github.com/advthreat/iroh/pull/8544">#8544</a></li>
<li>Issue 8389 design entitlement changes for integration modules <a
href="https://github.com/advthreat/iroh/pull/8510">#8510</a></li>
<li>More modules restrictions tests <a
href="https://github.com/advthreat/iroh/pull/8411">#8411</a></li>
<li>Modules restrictions: Fix missing known exception <a
href="https://github.com/advthreat/iroh/pull/8380">#8380</a></li>
<li>Apply entitlements to the IntService <a
href="https://github.com/advthreat/iroh/pull/8350">#8350</a></li>
<li>Apply entitlements to the ModuleInstance API <a
href="https://github.com/advthreat/iroh/pull/8327">#8327</a></li>
<li>Clear reason of error when creating a module instance with wrong
module type <a
href="https://github.com/advthreat/iroh/pull/8320">#8320</a></li>
<li>Apply entitlements to the ModuleType API <a
href="https://github.com/advthreat/iroh/pull/8303">#8303</a></li>
<li>Update <code>search-module-types-response</code> with combinator
search query <a
href="https://github.com/advthreat/iroh/pull/8290">#8290</a></li>
<li>Stores optimization: Update search-module-instances-internal with
combinator search query <a
href="https://github.com/advthreat/iroh/pull/8287">#8287</a></li>
<li>fix test: use two stores <a
href="https://github.com/advthreat/iroh/pull/8285">#8285</a></li>
<li>Stores optimization: modify <code>load-module-instances</code> and
<code>load-module-types</code> <a
href="https://github.com/advthreat/iroh/pull/8281">#8281</a></li>
<li>[Cleanup] Remove the <code>:xdr-roles</code> feature flag <a
href="https://github.com/advthreat/iroh/pull/8205">#8205</a></li>
<li>[Cleanup] Remove the <code>:merge-users-by-email</code> feature flag
<a href="https://github.com/advthreat/iroh/pull/8198">#8198</a></li>
<li>[Cleanup] Remove the <code>:registration</code> feature flag <a
href="https://github.com/advthreat/iroh/pull/8199">#8199</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Annotated diagram for <code>check_node_types.clj</code> <a
href="https://github.com/advthreat/iroh/pull/8133">#8133</a></li>
<li>Increases the time allocated to node start-up <a
href="https://github.com/advthreat/iroh/pull/8125">#8125</a></li>
<li>[IROH configuration]: Checks that each IROH node type starts
correctly <a
href="https://github.com/advthreat/iroh/pull/8043">#8043</a></li>
<li>fix format-style args logs <a
href="https://github.com/advthreat/iroh/pull/8119">#8119</a></li>
<li>Adapt OrgAccessRequest to XDR <a
href="https://github.com/advthreat/iroh/pull/8108">#8108</a></li>
<li>Redirect invited user to XDR <a
href="https://github.com/advthreat/iroh/pull/8105">#8105</a></li>
<li>Duplicate <code>one-click-module-service</code> in bootstrap <a
href="https://github.com/advthreat/iroh/pull/8071">#8071</a></li>
<li>Start node with type and env <a
href="https://github.com/advthreat/iroh/pull/8085">#8085</a></li>
<li>matrix config for <code>in-isolation</code> tests <a
href="https://github.com/advthreat/iroh/pull/8082">#8082</a></li>
</ul>
<h4 id="iroh-offsite-fy24-1-1">iroh-offsite-fy24 [1]</h4>
<ul>
<li>Olivier's retro</li>
</ul>
<h4 id="tenzin-config-1-1">tenzin-config [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>add first-url for both SX and XDR <a
href="https://github.com/advthreat/tenzin-config/pull/952">#952</a></li>
</ul>
<h3 id="yogsototh-37">(Yogsototh) [37]</h3>
<h4 id="iroh-offsite-fy24-2-1">iroh-offsite-fy24 [2]</h4>
<ul>
<li>Update content + reveal</li>
<li>Initial commit</li>
</ul>
<h4 id="iroh-scripts-21-1">iroh-scripts [21]</h4>
<ul>
<li>add scope to a client</li>
<li>Help support cider</li>
<li>add admin to org</li>
<li>Improved descriptions</li>
<li>promote-to-master script</li>
<li>Fix and small improvements</li>
<li>Improve robustness</li>
<li>Scripts for admin</li>
<li>client-pass</li>
<li>Improve scripting lib</li>
<li>improve error message</li>
<li>small rename improved search</li>
<li>add search</li>
<li>improve + new scripts</li>
<li>Provision orgs for developers with some fixed entitlements</li>
<li>attempt 2</li>
<li>Attempt to fix links in README</li>
<li>Improve README.org</li>
<li>create an admin util ns</li>
<li>add a nice example with get-client.sh</li>
<li>initial commit with an example</li>
</ul>
<h4 id="ring-jwt-middleware-4-1">ring-jwt-middleware [4]</h4>
<ul>
<li>Version 1.1.6-SNAPSHOT</li>
<li>Version 1.1.5</li>
<li>v1.1.5-SNAPSHOT</li>
<li>Version 1.1.4</li>
</ul>
<h4 id="xdr-provisioning-10-1">xdr-provisioning [10]</h4>
<ul>
<li>fix exit</li>
<li>prevent duplicate onboard calls</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Add a script to cleanup test accounts</li>
<li>rename script and improve error</li>
<li>minor improvement</li>
<li>fix ISO code to use 2 chars only</li>
<li>use the env from the table</li>
<li>fix tsv-to-commands.sh</li>
<li>add tsv-to-commands.sh</li>
<li>add an option to force di and csc onboarding even for org
upgrade</li>
</ul>
<h2 id="iroh-ops">iroh-ops</h2>
<h3 id="jerome-schneider-3">Jerome Schneider [3]</h3>
<h4 id="iroh-offsite-fy24-3-1">iroh-offsite-fy24 [3]</h4>
<ul>
<li>Jerome: last minute changes</li>
<li>add percentages for my day look like</li>
<li>add personal presentation</li>
</ul>
<h3 id="section">[0]</h3>
<h1 id="other">Other</h1>
<h2 id="other-1">Other</h2>
<h3 id="robert-levy-5">Robert Levy [5]</h3>
<h4 id="iroh-4">iroh [4]</h4>
<ul>
<li>change description, title, etc on incident status tile <a
href="https://github.com/advthreat/iroh/pull/8362">#8362</a></li>
<li>change format of incident-status tile to horizontal bar chart <a
href="https://github.com/advthreat/iroh/pull/8345">#8345</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>null the top-level data key when no rows in ctia datatable tiles <a
href="https://github.com/advthreat/iroh/pull/8143">#8143</a></li>
<li>when rows null, data.data should be null <a
href="https://github.com/advthreat/iroh/pull/8130">#8130</a></li>
</ul>
<h4 id="tenzin-config-1-2">tenzin-config [1]</h4>
<ul>
<li>Revert "Adds cache configuration for CrowdStrike (#1002)" <a
href="https://github.com/advthreat/tenzin-config/pull/1005">#1005</a></li>
</ul>
<h3 id="eric-gierach-6">Eric Gierach [6]</h3>
<h4 id="iroh-6-2">iroh [6]</h4>
<ul>
<li>bumping iroh-engine to 0.15.13 <a
href="https://github.com/advthreat/iroh/pull/8520">#8520</a></li>
<li>bumping iroh-engine to 0.15.12 <a
href="https://github.com/advthreat/iroh/pull/8509">#8509</a></li>
<li>Update iroh-engine dep to 0.15.11 <a
href="https://github.com/advthreat/iroh/pull/8460">#8460</a></li>
<li>updating iroh-engine to 0.15.10 <a
href="https://github.com/advthreat/iroh/pull/8295">#8295</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>updating to iroh-engine 0.15.9 to fix query params <a
href="https://github.com/advthreat/iroh/pull/8232">#8232</a></li>
<li>updating iroh-engine to 0.15.8 to fix wait_for query param <a
href="https://github.com/advthreat/iroh/pull/8224">#8224</a></li>
</ul>
<h3 id="ii-9">II [9]</h3>
<h4 id="ctia-1-1">ctia [1]</h4>
<ul>
<li>Bumps CTIM version to 1.3.10 <a
href="https://github.com/advthreat/ctia/pull/1385">#1385</a></li>
</ul>
<h4 id="iroh-7">iroh [7]</h4>
<ul>
<li>8496 - relay module token cache <a
href="https://github.com/advthreat/iroh/pull/8580">#8580</a></li>
<li>Issue 8456 - Uses string instead of regex fake route to fix flaky
test <a
href="https://github.com/advthreat/iroh/pull/8462">#8462</a></li>
<li>Only returns proxy endpoint metadata when v2 is configured <a
href="https://github.com/advthreat/iroh/pull/8447">#8447</a></li>
<li>8239 migrate umbrella routes <a
href="https://github.com/advthreat/iroh/pull/8247">#8247</a></li>
<li>Issue 8383 ao header ids <a
href="https://github.com/advthreat/iroh/pull/8433">#8433</a></li>
<li>Issue 8429 bump ctim version darktrace <a
href="https://github.com/advthreat/iroh/pull/8430">#8430</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>8114 - API proxy for Umbrella v2 routes <a
href="https://github.com/advthreat/iroh/pull/8228">#8228</a></li>
</ul>
<h4 id="tenzin-config-1-3">tenzin-config [1]</h4>
<ul>
<li>Adds cache configuration for CrowdStrike <a
href="https://github.com/advthreat/tenzin-config/pull/1002">#1002</a></li>
</ul>
<h3 id="devin-walters-4">Devin Walters [4]</h3>
<h4 id="tenzin-config-4-2">tenzin-config [4]</h4>
<ul>
<li>Add port 443 to ctia base urls <a
href="https://github.com/advthreat/tenzin-config/pull/996">#996</a></li>
<li>Add the rest of playbook environment configs <a
href="https://github.com/advthreat/tenzin-config/pull/981">#981</a></li>
<li>Add TEST config for playbook service <a
href="https://github.com/advthreat/tenzin-config/pull/980">#980</a></li>
<li>Initial playbook config <a
href="https://github.com/advthreat/tenzin-config/pull/972">#972</a></li>
</ul>
<h3 id="cisco-1">Cisco [1]</h3>
<h4 id="iroh-offsite-fy24-1-2">iroh-offsite-fy24 [1]</h4>
<ul>
<li>Olivier's retro</li>
</ul>
<h3 id="ag-ibragimov-1">Ag Ibragimov [1]</h3>
<h4 id="ctia-1-2">ctia [1]</h4>
<ul>
<li>Filter incidents on timestamp not created <a
href="https://github.com/advthreat/ctia/pull/1377">#1377</a></li>
</ul>
<h3 id="section-1">[9]</h3>
<h4 id="ctia-1-3">ctia [1]</h4>
<ul>
<li>Bumps CTIM version to 1.3.10 <a
href="https://github.com/advthreat/ctia/pull/1385">#1385</a></li>
</ul>
<h4 id="iroh-7-1">iroh [7]</h4>
<ul>
<li>8496 - relay module token cache <a
href="https://github.com/advthreat/iroh/pull/8580">#8580</a></li>
<li>Issue 8456 - Uses string instead of regex fake route to fix flaky
test <a
href="https://github.com/advthreat/iroh/pull/8462">#8462</a></li>
<li>Only returns proxy endpoint metadata when v2 is configured <a
href="https://github.com/advthreat/iroh/pull/8447">#8447</a></li>
<li>8239 migrate umbrella routes <a
href="https://github.com/advthreat/iroh/pull/8247">#8247</a></li>
<li>Issue 8383 ao header ids <a
href="https://github.com/advthreat/iroh/pull/8433">#8433</a></li>
<li>Issue 8429 bump ctim version darktrace <a
href="https://github.com/advthreat/iroh/pull/8430">#8430</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>8114 - API proxy for Umbrella v2 routes <a
href="https://github.com/advthreat/iroh/pull/8228">#8228</a></li>
</ul>
<h4 id="tenzin-config-1-4">tenzin-config [1]</h4>
<ul>
<li>Adds cache configuration for CrowdStrike <a
href="https://github.com/advthreat/tenzin-config/pull/1002">#1002</a></li>
</ul>
<h3 id="andrew-parisi-3">Andrew Parisi [3]</h3>
<h4 id="tenzin-config-3-1">tenzin-config [3]</h4>
<ul>
<li>[data-retention/update-entitlement-route-information] <a
href="https://github.com/advthreat/tenzin-config/pull/1004">#1004</a></li>
<li>[gh-607/mark-sightings-internal-based-on-module-type-map-fix-mistake]
<a
href="https://github.com/advthreat/tenzin-config/pull/984">#984</a></li>
<li>conure-607/mark-sightings-internal-based-on-module-type-map <a
href="https://github.com/advthreat/tenzin-config/pull/982">#982</a></li>
</ul>
<h3 id="shafjama-1">shafjama [1]</h3>
<h4 id="iroh-offsite-fy24-1-3">iroh-offsite-fy24 [1]</h4>
<ul>
<li>Last minute</li>
</ul>
<h3 id="scott-mcleod-8">Scott McLeod [8]</h3>
<h4 id="iroh-8">iroh [8]</h4>
<ul>
<li>Filter out empty xdr-org summary reports <a
href="https://github.com/advthreat/iroh/pull/8472">#8472</a></li>
<li>XDR Org Incident Stats Summaries <a
href="https://github.com/advthreat/iroh/pull/8441">#8441</a></li>
<li>Tansform aggregate service to accept a list of AggQuery <a
href="https://github.com/advthreat/iroh/pull/8387">#8387</a></li>
<li>Add summary stats <a
href="https://github.com/advthreat/iroh/pull/8348">#8348</a></li>
<li>Add enterprise-id to incident report <a
href="https://github.com/advthreat/iroh/pull/8258">#8258</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Add percentiles aggregation <a
href="https://github.com/advthreat/iroh/pull/8197">#8197</a></li>
<li>Add stats aggregation <a
href="https://github.com/advthreat/iroh/pull/8189">#8189</a></li>
<li>Update Incident Report Service schemas <a
href="https://github.com/advthreat/iroh/pull/8159">#8159</a></li>
</ul>
<h3 id="matthieu-sprunck-1">Matthieu Sprunck [1]</h3>
<h4 id="iroh-offsite-fy24-1-4">iroh-offsite-fy24 [1]</h4>
<ul>
<li>Matthieu's retro</li>
</ul>
<h3 id="patrick-patat-1">Patrick Patat [1]</h3>
<h4 id="iroh-offsite-fy24-1-5">iroh-offsite-fy24 [1]</h4>
<ul>
<li>add presentation</li>
</ul>
<h3 id="t2sw-2">t2sw [2]</h3>
<h4 id="ctia-1-4">ctia [1]</h4>
<ul>
<li>Update CODEOWNERS <a
href="https://github.com/advthreat/ctia/pull/1390">#1390</a></li>
</ul>
<h4 id="iroh-1">iroh [1]</h4>
<ul>
<li>add new endpoint for role service to query roles by an org id;
update… <a
href="https://github.com/advthreat/iroh/pull/8364">#8364</a></li>
</ul>
<h3 id="jerome-schneider-1">Jerome Schneider [1]</h3>
<h4 id="iroh-1-1">iroh [1]</h4>
<ul>
<li>Upgrade riemann server (#8253) <a
href="https://github.com/advthreat/iroh/pull/8254">#8254</a></li>
</ul>
<h3 id="brooke-swanson-1">Brooke Swanson [1]</h3>
<h4 id="tenzin-config-1-5">tenzin-config [1]</h4>
<ul>
<li>Up distributor worker counts for test and prod. <a
href="https://github.com/advthreat/tenzin-config/pull/993">#993</a></li>
</ul>
<h3 id="jillian-flook-1">Jillian Flook [1]</h3>
<h4 id="tenzin-config-1-6">tenzin-config [1]</h4>
<ul>
<li>update dashboard UserResearchCTA <a
href="https://github.com/advthreat/tenzin-config/pull/997">#997</a></li>
</ul>
<h3 id="msprunck-1">(msprunck) [1]</h3>
<h4 id="iroh-offsite-fy24-1-6">iroh-offsite-fy24 [1]</h4>
<ul>
<li>Matthieu's retro</li>
</ul>
<h3 id="pawan-bahuguna-2">Pawan Bahuguna [2]</h3>
<h4 id="tenzin-config-2-1">tenzin-config [2]</h4>
<ul>
<li>Updated Playbook URL in all regions <a
href="https://github.com/advthreat/tenzin-config/pull/998">#998</a></li>
<li>SXOPS-937 Add New Services <a
href="https://github.com/advthreat/tenzin-config/pull/995">#995</a></li>
</ul>
<h3 id="james-brock-1">James Brock [1]</h3>
<h4 id="easy-purescript-nix-1">easy-purescript-nix [1]</h4>
<ul>
<li>Upgrades</li>
</ul>
</body>
</html>
Reference in a new issue Copy permalink