701 lines
31 KiB
Org Mode
701 lines
31 KiB
Org Mode
|
#+title: FY23Q1 Report
|
||
|
|
#+subtitle: logs goes 4 months back
|
||
|
|
#+date: 2023-11-15
|
||
|
|
#+options: H:6 ^:nil
|
||
|
|
* IROH
|
||
|
|
** lead
|
||
|
|
|
||
|
|
|
||
|
|
*** Guillaume Buisson [23]
|
||
|
|
|
||
|
|
**** ctia [1]
|
||
|
|
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Revert "woke tool added (#1375)"
|
||
|
|
**** iroh [6]
|
||
|
|
|
||
|
|
- A new script to update a record :created in ES [[https://github.com/advthreat/iroh/pull/8574][#8574]]
|
||
|
|
- NotificationRequest Service Design [[https://github.com/advthreat/iroh/pull/8264][#8264]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Api insights compliance and tooling [[https://github.com/advthreat/iroh/pull/8204][#8204]]
|
||
|
|
- Revert "Initial API Insights support (#7938)" [[https://github.com/advthreat/iroh/pull/8200][#8200]]
|
||
|
|
- Initial API Insights support [[https://github.com/advthreat/iroh/pull/7938][#7938]]
|
||
|
|
- Initial Notification service developer documentation [[https://github.com/advthreat/iroh/pull/8166][#8166]]
|
||
|
|
**** iroh-offsite-fy24 [15]
|
||
|
|
|
||
|
|
- Added coffee section
|
||
|
|
- Added Workstation
|
||
|
|
- fixed time
|
||
|
|
- Individual Presentations Schedule
|
||
|
|
- Adding my retrospective
|
||
|
|
- updated program
|
||
|
|
- Changed the program
|
||
|
|
- moved stuff
|
||
|
|
- typo
|
||
|
|
- Added schedule CS
|
||
|
|
- Update program.org
|
||
|
|
- Update program.org
|
||
|
|
- Update README.org
|
||
|
|
- Added schedule CS
|
||
|
|
- Added Program
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Set the IROH API version [[https://github.com/advthreat/tenzin-config/pull/965][#965]]
|
||
|
|
** data
|
||
|
|
|
||
|
|
|
||
|
|
*** Mario Aquino [35]
|
||
|
|
|
||
|
|
**** iroh [29]
|
||
|
|
|
||
|
|
- Incident Summary migration re-run [[https://github.com/advthreat/iroh/pull/8597][#8597]]
|
||
|
|
- Notification request uses paginated user search [[https://github.com/advthreat/iroh/pull/8606][#8606]]
|
||
|
|
- Add support for role-targetted notification [[https://github.com/advthreat/iroh/pull/8557][#8557]]
|
||
|
|
- Issue 8438/notification request phase 1 [[https://github.com/advthreat/iroh/pull/8470][#8470]]
|
||
|
|
- Fix flaky test [[https://github.com/advthreat/iroh/pull/8521][#8521]]
|
||
|
|
- Use int-req-ctx when calling post-bundle-import [[https://github.com/advthreat/iroh/pull/8500][#8500]]
|
||
|
|
- Use incident long-id for incident summary lookup [[https://github.com/advthreat/iroh/pull/8489][#8489]]
|
||
|
|
- Establish timeout limit for incident enrichment [[https://github.com/advthreat/iroh/pull/8484][#8484]]
|
||
|
|
- Use org virtual user for threat hunt enrichment enqueuing [[https://github.com/advthreat/iroh/pull/8458][#8458]]
|
||
|
|
- Prevent incident-summary ID patching [[https://github.com/advthreat/iroh/pull/8468][#8468]]
|
||
|
|
- Limit fields returned by Incident Summary Search [[https://github.com/advthreat/iroh/pull/8435][#8435]]
|
||
|
|
- Incident summary update migration [[https://github.com/advthreat/iroh/pull/8416][#8416]]
|
||
|
|
- Incident Summary search max page size increase [[https://github.com/advthreat/iroh/pull/8414][#8414]]
|
||
|
|
- Update Incident Summary [[https://github.com/advthreat/iroh/pull/8386][#8386]]
|
||
|
|
- Fix support for sorting on source or title [[https://github.com/advthreat/iroh/pull/8392][#8392]]
|
||
|
|
- Prevent caching Talos threat hunt if missing judgements [[https://github.com/advthreat/iroh/pull/8357][#8357]]
|
||
|
|
- Set default page size to 10, max to 25 for incident summary search [[https://github.com/advthreat/iroh/pull/8344][#8344]]
|
||
|
|
- Prevent empty threat data from saving with threat hunt status [[https://github.com/advthreat/iroh/pull/8314][#8314]]
|
||
|
|
- Add info logging for visibility into incident determination [[https://github.com/advthreat/iroh/pull/8305][#8305]]
|
||
|
|
- Incident Summary timestamp and search filters support [[https://github.com/advthreat/iroh/pull/8262][#8262]]
|
||
|
|
- Incident Summary modification timestamps [[https://github.com/advthreat/iroh/pull/8229][#8229]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Async metrics doc [[https://github.com/advthreat/iroh/pull/7774][#7774]]
|
||
|
|
- [Bugfix] Enforce groups filtering when searching incident summaries [[https://github.com/advthreat/iroh/pull/8211][#8211]]
|
||
|
|
- Prepend bearer prefix if missing [[https://github.com/advthreat/iroh/pull/8190][#8190]]
|
||
|
|
- Fix CTIA auth parameter [[https://github.com/advthreat/iroh/pull/8174][#8174]]
|
||
|
|
- Incident Summary Migration (v2) [[https://github.com/advthreat/iroh/pull/8167][#8167]]
|
||
|
|
- Incident Summary Migration [[https://github.com/advthreat/iroh/pull/8092][#8092]]
|
||
|
|
- Developer doc for the migration task [[https://github.com/advthreat/iroh/pull/8087][#8087]]
|
||
|
|
- Issue 8081/configure incident summary index settings [[https://github.com/advthreat/iroh/pull/8086][#8086]]
|
||
|
|
**** iroh-offsite-fy24 [1]
|
||
|
|
|
||
|
|
- The Mario you know...
|
||
|
|
**** tenzin-config [5]
|
||
|
|
|
||
|
|
- Rerun incident summary migration and update ES index [[https://github.com/advthreat/tenzin-config/pull/1001][#1001]]
|
||
|
|
- Enable incident summary update migration [[https://github.com/advthreat/tenzin-config/pull/983][#983]]
|
||
|
|
- Config for incident summary date migration [[https://github.com/advthreat/tenzin-config/pull/968][#968]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Adds incident summary migration [[https://github.com/advthreat/tenzin-config/pull/958][#958]]
|
||
|
|
- Removes refresh parameter from incident summary index config [[https://github.com/advthreat/tenzin-config/pull/948][#948]]
|
||
|
|
|
||
|
|
*** Guillaume Erétéo [26]
|
||
|
|
|
||
|
|
**** ctia [2]
|
||
|
|
|
||
|
|
- Incident status disposition [[https://github.com/advthreat/ctia/pull/1389][#1389]]
|
||
|
|
- Update CODEOWNERS [[https://github.com/advthreat/ctia/pull/1387][#1387]]
|
||
|
|
**** iroh [15]
|
||
|
|
|
||
|
|
- entitlement-enforcement-jobs-service in default [[https://github.com/advthreat/iroh/pull/8612][#8612]]
|
||
|
|
- incident status_disposition [[https://github.com/advthreat/iroh/pull/8587][#8587]]
|
||
|
|
- introduce admin common web service for cisco services [[https://github.com/advthreat/iroh/pull/8573][#8573]]
|
||
|
|
- speed up listing of entilements [[https://github.com/advthreat/iroh/pull/8516][#8516]]
|
||
|
|
- Update CODEOWNERS [[https://github.com/advthreat/iroh/pull/8524][#8524]]
|
||
|
|
- Add entitlement summaries endpoint for external policy enforcement jobs [[https://github.com/advthreat/iroh/pull/8508][#8508]]
|
||
|
|
- ductile 0.4.8 [[https://github.com/advthreat/iroh/pull/8453][#8453]]
|
||
|
|
- XDR intel retention design [[https://github.com/advthreat/iroh/pull/8153][#8153]]
|
||
|
|
- Manual Data Deletion of Private Intel Data [[https://github.com/advthreat/iroh/pull/8384][#8384]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- SE and SCA stats [[https://github.com/advthreat/iroh/pull/8154][#8154]]
|
||
|
|
- Eventually fix incident report flaky test 2 [[https://github.com/advthreat/iroh/pull/8171][#8171]]
|
||
|
|
- Draft of proposals for migrating enrichment to CONURE [[https://github.com/advthreat/iroh/pull/7983][#7983]]
|
||
|
|
- Ductile 0.4.7 [[https://github.com/advthreat/iroh/pull/8120][#8120]]
|
||
|
|
- fix flaky test on incident summary report [[https://github.com/advthreat/iroh/pull/8083][#8083]]
|
||
|
|
- aliased ES tk-store [[https://github.com/advthreat/iroh/pull/7822][#7822]]
|
||
|
|
**** iroh-offsite-fy24 [3]
|
||
|
|
|
||
|
|
- fix
|
||
|
|
- typos
|
||
|
|
- ge
|
||
|
|
**** tenzin-config [6]
|
||
|
|
|
||
|
|
- fix config path in README.md [[https://github.com/advthreat/tenzin-config/pull/1000][#1000]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- add back incident in public intel [[https://github.com/advthreat/tenzin-config/pull/960][#960]]
|
||
|
|
- disable unsused private/public stores [[https://github.com/advthreat/tenzin-config/pull/959][#959]]
|
||
|
|
- wip [[https://github.com/advthreat/tenzin-config/pull/951][#951]]
|
||
|
|
- rename incident summary index for new params [[https://github.com/advthreat/tenzin-config/pull/950][#950]]
|
||
|
|
- add write alias and rollover [[https://github.com/advthreat/tenzin-config/pull/949][#949]]
|
||
|
|
|
||
|
|
*** Ambrose Bonnaire-Sergeant [23]
|
||
|
|
|
||
|
|
**** ctia [4]
|
||
|
|
|
||
|
|
- New bundle/import option: merge previous incident tactics/techniques [[https://github.com/advthreat/ctia/pull/1388][#1388]]
|
||
|
|
- Patch existing entities in ~POST /bundle/import~ [[https://github.com/advthreat/ctia/pull/1383][#1383]]
|
||
|
|
- Fix memory leak [[https://github.com/advthreat/ctia/pull/1382][#1382]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Do not init disabled stores [[https://github.com/advthreat/ctia/pull/1379][#1379]]
|
||
|
|
**** iroh [6]
|
||
|
|
|
||
|
|
- Enable entity patching in POST /private-intel/bundle/import [[https://github.com/advthreat/iroh/pull/8492][#8492]]
|
||
|
|
- Fix bad bulk call [[https://github.com/advthreat/iroh/pull/8333][#8333]]
|
||
|
|
- PATCH /bundle/import pass-thru route [[https://github.com/advthreat/iroh/pull/8128][#8128]]
|
||
|
|
- Fix memory leak [[https://github.com/advthreat/iroh/pull/8243][#8243]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Add missing bearer in incident summary [[https://github.com/advthreat/iroh/pull/8183][#8183]]
|
||
|
|
- Revert "Fix CTIA auth parameter" [[https://github.com/advthreat/iroh/pull/8182][#8182]]
|
||
|
|
**** iroh-offsite-fy24 [13]
|
||
|
|
|
||
|
|
- Merge branch 'main' of github.com:advthreat/iroh-offsite-fy24
|
||
|
|
- wip
|
||
|
|
- successes
|
||
|
|
- leak
|
||
|
|
- 120
|
||
|
|
- plumbing
|
||
|
|
- flaky
|
||
|
|
- stuff
|
||
|
|
- schema
|
||
|
|
- assess
|
||
|
|
- me
|
||
|
|
- stuff
|
||
|
|
- start
|
||
|
|
** integrations
|
||
|
|
|
||
|
|
|
||
|
|
*** Matthieu Sprunck [12]
|
||
|
|
|
||
|
|
**** iroh [5]
|
||
|
|
|
||
|
|
- StackOverflowError temporary fix [[https://github.com/advthreat/iroh/pull/8607][#8607]]
|
||
|
|
- Allow any header name in the remote module auth configuration [[https://github.com/advthreat/iroh/pull/8529][#8529]]
|
||
|
|
- Add ciscoxdr as a valid Feedback source [[https://github.com/advthreat/iroh/pull/8515][#8515]]
|
||
|
|
- Fix Duo Admin API Auth (sigv2) for POST requests [[https://github.com/advthreat/iroh/pull/8330][#8330]]
|
||
|
|
- Remote module: Remove duplicate / in generated URLs [[https://github.com/advthreat/iroh/pull/8095][#8095]]
|
||
|
|
**** tenzin-config [7]
|
||
|
|
|
||
|
|
- Configure new CSC domain in the provisioning service [[https://github.com/advthreat/tenzin-config/pull/988][#988]]
|
||
|
|
- New CSC domain for TEST [[https://github.com/advthreat/tenzin-config/pull/987][#987]]
|
||
|
|
- Add missing config to ExtraHop module record [[https://github.com/advthreat/tenzin-config/pull/974][#974]]
|
||
|
|
- IROH Proxy config for ExtraHop integration [[https://github.com/advthreat/tenzin-config/pull/973][#973]]
|
||
|
|
- Disable all relay apis in the Duo module [[https://github.com/advthreat/tenzin-config/pull/971][#971]]
|
||
|
|
- Configure the IROH Proxy for the Duo module [[https://github.com/advthreat/tenzin-config/pull/969][#969]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- IROH Proxy configuration for PAN Cortex XDR [[https://github.com/advthreat/tenzin-config/pull/947][#947]]
|
||
|
|
|
||
|
|
*** Kirill Chernyshov [24]
|
||
|
|
|
||
|
|
**** iroh [20]
|
||
|
|
|
||
|
|
- Add draft design for IROH Events data retention [[https://github.com/advthreat/iroh/pull/8585][#8585]]
|
||
|
|
- Fix shutdown process of Kafka Consumer [[https://github.com/advthreat/iroh/pull/8558][#8558]]
|
||
|
|
- Fixes for CTIA Transfer service [[https://github.com/advthreat/iroh/pull/8552][#8552]]
|
||
|
|
- Transfer CTIA Events [[https://github.com/advthreat/iroh/pull/8514][#8514]]
|
||
|
|
- Tiny fix for EventWebservice router [[https://github.com/advthreat/iroh/pull/8493][#8493]]
|
||
|
|
- Handle a case when no include-filters given [[https://github.com/advthreat/iroh/pull/8405][#8405]]
|
||
|
|
- Replace symbols in random nonce [[https://github.com/advthreat/iroh/pull/8374][#8374]]
|
||
|
|
- Add :client-credentials-basic-rfc auth type [[https://github.com/advthreat/iroh/pull/8367][#8367]]
|
||
|
|
- Add new authentication scheme [[https://github.com/advthreat/iroh/pull/8353][#8353]]
|
||
|
|
- Add automation events and adjust filters [[https://github.com/advthreat/iroh/pull/8349][#8349]]
|
||
|
|
- Add ~include~ query parameter to incident events [[https://github.com/advthreat/iroh/pull/8331][#8331]]
|
||
|
|
- Fix sorting for incident events [[https://github.com/advthreat/iroh/pull/8317][#8317]]
|
||
|
|
- Revert changes to events/search endpoint [[https://github.com/advthreat/iroh/pull/8292][#8292]]
|
||
|
|
- Deduplicate incident events + note events [[https://github.com/advthreat/iroh/pull/8282][#8282]]
|
||
|
|
- Trim incident keys to match response schema [[https://github.com/advthreat/iroh/pull/8273][#8273]]
|
||
|
|
- Fix double uri encoding during passing through parameter to PrivateIntel [[https://github.com/advthreat/iroh/pull/8269][#8269]]
|
||
|
|
- Add PrivateIntelEventService to default-bootstrap.cfg [[https://github.com/advthreat/iroh/pull/8267][#8267]]
|
||
|
|
- Add API endpoint to combine events from IROH and PrivateIntel [[https://github.com/advthreat/iroh/pull/8245][#8245]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Create events for incidents [[https://github.com/advthreat/iroh/pull/8162][#8162]]
|
||
|
|
- Replace kpow with akhq for kafka cluster ops [[https://github.com/advthreat/iroh/pull/8206][#8206]]
|
||
|
|
**** tenzin-config [4]
|
||
|
|
|
||
|
|
- Use strict rfc auth method for ExtraHop module [[https://github.com/advthreat/tenzin-config/pull/977][#977]]
|
||
|
|
- Fix typo [[https://github.com/advthreat/tenzin-config/pull/976][#976]]
|
||
|
|
- Configure Palo Alto Cortex proxy [[https://github.com/advthreat/tenzin-config/pull/975][#975]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- [TEST, PROD] Enable Kafka services [[https://github.com/advthreat/tenzin-config/pull/944][#944]]
|
||
|
|
|
||
|
|
*** Shafiq [11]
|
||
|
|
|
||
|
|
**** iroh [9]
|
||
|
|
|
||
|
|
- Update iroh-event developer doc [[https://github.com/advthreat/iroh/pull/8596][#8596]]
|
||
|
|
- Add x-sort header to support search_after pagination [[https://github.com/advthreat/iroh/pull/8586][#8586]]
|
||
|
|
- Identify trusted service to service req for SE [[https://github.com/advthreat/iroh/pull/8495][#8495]]
|
||
|
|
- Add error log for unsuccessful proxy health checks [[https://github.com/advthreat/iroh/pull/8442][#8442]]
|
||
|
|
- Include module flags with proxy-endpoints-metadata response [[https://github.com/advthreat/iroh/pull/8439][#8439]]
|
||
|
|
- Support Darktrace authentication for IROH-Proxy [[https://github.com/advthreat/iroh/pull/8385][#8385]]
|
||
|
|
- Generate error message with applied url-template [[https://github.com/advthreat/iroh/pull/8332][#8332]]
|
||
|
|
- Generate appropriate errors for invalid url template [[https://github.com/advthreat/iroh/pull/8322][#8322]]
|
||
|
|
- Implement proxy health checks for Relay modules [[https://github.com/advthreat/iroh/pull/8250][#8250]]
|
||
|
|
**** tenzin-config [2]
|
||
|
|
|
||
|
|
- Add darktrace module [[https://github.com/advthreat/tenzin-config/pull/985][#985]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Update rollover settings for iroh-event datastream [[https://github.com/advthreat/tenzin-config/pull/946][#946]]
|
||
|
|
** auth
|
||
|
|
|
||
|
|
|
||
|
|
*** bartuka [41]
|
||
|
|
|
||
|
|
**** iroh [23]
|
||
|
|
|
||
|
|
- [IROH Auth] Add support to accept IROH Auth JWTs and External JWTs in a WebService [[https://github.com/advthreat/iroh/pull/8528][#8528]]
|
||
|
|
- [IROH Auth] bump ~ring-jwt-middleware~ to ~1.1.5~ [[https://github.com/advthreat/iroh/pull/8568][#8568]]
|
||
|
|
- [IROH Auth] check entitlements schema in universal piam flow [[https://github.com/advthreat/iroh/pull/8560][#8560]]
|
||
|
|
- [IROH Auth] fix check of ~allowed-origins~ for ~registration_redirect~ query param [[https://github.com/advthreat/iroh/pull/8559][#8559]]
|
||
|
|
- [IROH Auth] move ~oauth2-jwkset~ to ~jwks-svc~ [[https://github.com/advthreat/iroh/pull/8534][#8534]]
|
||
|
|
- [IROH Auth] - Expose ~universal-provisioning-web-service~ [[https://github.com/advthreat/iroh/pull/8499][#8499]]
|
||
|
|
- [IROH Auth] move ~is-trusted-clients?~ to ~OAuth2ClientService~ [[https://github.com/advthreat/iroh/pull/8502][#8502]]
|
||
|
|
- [IROH Auth] add ~UniversalProvisioningService~ [[https://github.com/advthreat/iroh/pull/8459][#8459]]
|
||
|
|
- [IROH Auth] Add support to use ~jwt-pubkey-fn~ to IROH Web [[https://github.com/advthreat/iroh/pull/8450][#8450]]
|
||
|
|
- [IROH Auth] add ~JWKSService~ with ~cache-jwks~ and ~get-public-keys~ methods [[https://github.com/advthreat/iroh/pull/8449][#8449]]
|
||
|
|
- [IROH Auth] Universal Provisioning Flow - Design [[https://github.com/advthreat/iroh/pull/8300][#8300]]
|
||
|
|
- fix webhook schemas for GET search [[https://github.com/advthreat/iroh/pull/8379][#8379]]
|
||
|
|
- [IROH Auth] Add ~allow-all-role-to-login~ to ~/profile/accounts~ [[https://github.com/advthreat/iroh/pull/8271][#8271]]
|
||
|
|
- [IROH Auth] Get ~create_org~ query-param from ~origin~ at the ~/login~ endpoint [[https://github.com/advthreat/iroh/pull/8316][#8316]]
|
||
|
|
- [IROH Auth] Add ~create-org~ query-param to show Create org options in Reg UI [[https://github.com/advthreat/iroh/pull/8308][#8308]]
|
||
|
|
- [IROH Auth] make ~AO~ scope public [[https://github.com/advthreat/iroh/pull/8223][#8223]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Revert "[IROH Auth] Add ~insights:read~ scope to be visible to Admin … [[https://github.com/advthreat/iroh/pull/8225][#8225]]
|
||
|
|
- [IROH Auth] Add ~insights:read~ scope to be visible to Admin and Master users [[https://github.com/advthreat/iroh/pull/8186][#8186]]
|
||
|
|
- [IROH Auth] add ~insights~ root scope [[https://github.com/advthreat/iroh/pull/8185][#8185]]
|
||
|
|
- [IROH Auth] emit event on entitlement change [[https://github.com/advthreat/iroh/pull/8164][#8164]]
|
||
|
|
- Design doc to webhook support on Entitlement create/update [[https://github.com/advthreat/iroh/pull/8112][#8112]]
|
||
|
|
- NewEvent ~:created-at~ is optional for IROH internal calls and mandatory to HTTP events [[https://github.com/advthreat/iroh/pull/8121][#8121]]
|
||
|
|
- [IROH Auth] Support XDR ~signup-url~ [[https://github.com/advthreat/iroh/pull/8117][#8117]]
|
||
|
|
**** iroh-offsite-fy24 [4]
|
||
|
|
|
||
|
|
- Merge remote-tracking branch 'refs/remotes/origin/main'
|
||
|
|
- sync
|
||
|
|
- fix
|
||
|
|
- retro
|
||
|
|
**** ring-jwt-middleware [11]
|
||
|
|
|
||
|
|
- add test case
|
||
|
|
- update readme
|
||
|
|
- fix schema
|
||
|
|
- log the full jwt when error
|
||
|
|
- use the default value
|
||
|
|
- fix tests by adding ~post-jwt-format-fn-arg-fn~ to config and schema
|
||
|
|
- fix all tests by changing the output of ~decode~
|
||
|
|
- Merge pull request #28 from threatgrid/pubkey-fn-arg-fn
|
||
|
|
- fix config_test
|
||
|
|
- add test case
|
||
|
|
- initial commit
|
||
|
|
**** tenzin-config [3]
|
||
|
|
|
||
|
|
- add new automation hosts to webhook runner [[https://github.com/advthreat/tenzin-config/pull/979][#979]]
|
||
|
|
- update help-url [[https://github.com/advthreat/tenzin-config/pull/967][#967]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- config to support signup-url xdr [[https://github.com/advthreat/tenzin-config/pull/955][#955]]
|
||
|
|
|
||
|
|
*** Yann Esposito [63]
|
||
|
|
|
||
|
|
**** iroh [22]
|
||
|
|
|
||
|
|
- Generalize default indexes for data retention [[https://github.com/advthreat/iroh/pull/8598][#8598]]
|
||
|
|
- [Data Retention Policy]: Delete incident summaries along incident [[https://github.com/advthreat/iroh/pull/8576][#8576]]
|
||
|
|
- [Provisioning] Introduce ~product-instance-id~ [[https://github.com/advthreat/iroh/pull/8577][#8577]]
|
||
|
|
- Simply wait a lot more for ES to sync [[https://github.com/advthreat/iroh/pull/8553][#8553]]
|
||
|
|
- Quick fix on the IROH login page [[https://github.com/advthreat/iroh/pull/8564][#8564]]
|
||
|
|
- Prevent org duplication during provisioning [[https://github.com/advthreat/iroh/pull/8556][#8556]]
|
||
|
|
- Declared scopes tree [[https://github.com/advthreat/iroh/pull/8537][#8537]]
|
||
|
|
- Improve constraints against Entitlements [[https://github.com/advthreat/iroh/pull/8525][#8525]]
|
||
|
|
- Fix admin route to support combinators [[https://github.com/advthreat/iroh/pull/8377][#8377]]
|
||
|
|
- Data Retention endpoint returns immediately [[https://github.com/advthreat/iroh/pull/8486][#8486]]
|
||
|
|
- Data retention policy enforcement [[https://github.com/advthreat/iroh/pull/8431][#8431]]
|
||
|
|
- PIAM: Support filtered out onboardings [[https://github.com/advthreat/iroh/pull/8275][#8275]]
|
||
|
|
- Improved entitlement doc [[https://github.com/advthreat/iroh/pull/8261][#8261]]
|
||
|
|
- Expose XDR-enabled? SX-enabled? on whoami [[https://github.com/advthreat/iroh/pull/8274][#8274]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Fix a URL detection from HTML [[https://github.com/advthreat/iroh/pull/8165][#8165]]
|
||
|
|
- Revert "Incident Summary Migration" [[https://github.com/advthreat/iroh/pull/8163][#8163]]
|
||
|
|
- [Monetization]: Fix business logic of data retention [[https://github.com/advthreat/iroh/pull/8142][#8142]]
|
||
|
|
- Allow braces with iroh-core/strint [[https://github.com/advthreat/iroh/pull/8051][#8051]]
|
||
|
|
- Remove SecureX branding and attempt to match SCSO branding for invitation and OAuth2 authorization [[https://github.com/advthreat/iroh/pull/8111][#8111]]
|
||
|
|
- [Registration UI]: Reword to remove SX reference [[https://github.com/advthreat/iroh/pull/8110][#8110]]
|
||
|
|
- Entitlement summary technical values [[https://github.com/advthreat/iroh/pull/8094][#8094]]
|
||
|
|
- [PIAM] Make enterprise id mandatory for piam [[https://github.com/advthreat/iroh/pull/8069][#8069]]
|
||
|
|
**** iroh-offsite-fy24 [2]
|
||
|
|
|
||
|
|
- Update content + reveal
|
||
|
|
- Initial commit
|
||
|
|
**** iroh-scripts [21]
|
||
|
|
|
||
|
|
- add scope to a client
|
||
|
|
- Help support cider
|
||
|
|
- add admin to org
|
||
|
|
- Improved descriptions
|
||
|
|
- promote-to-master script
|
||
|
|
- Fix and small improvements
|
||
|
|
- Improve robustness
|
||
|
|
- Scripts for admin
|
||
|
|
- client-pass
|
||
|
|
- Improve scripting lib
|
||
|
|
- improve error message
|
||
|
|
- small rename improved search
|
||
|
|
- add search
|
||
|
|
- improve + new scripts
|
||
|
|
- Provision orgs for developers with some fixed entitlements
|
||
|
|
- attempt 2
|
||
|
|
- Attempt to fix links in README
|
||
|
|
- Improve README.org
|
||
|
|
- create an admin util ns
|
||
|
|
- add a nice example with get-client.sh
|
||
|
|
- initial commit with an example
|
||
|
|
**** ring-jwt-middleware [4]
|
||
|
|
|
||
|
|
- Version 1.1.6-SNAPSHOT
|
||
|
|
- Version 1.1.5
|
||
|
|
- v1.1.5-SNAPSHOT
|
||
|
|
- Version 1.1.4
|
||
|
|
**** tenzin-config [4]
|
||
|
|
|
||
|
|
- increase rate limit for lab [[https://github.com/advthreat/tenzin-config/pull/992][#992]]
|
||
|
|
- Typo fix #989 [[https://github.com/advthreat/tenzin-config/pull/991][#991]]
|
||
|
|
- Declare missing service [[https://github.com/advthreat/tenzin-config/pull/990][#990]]
|
||
|
|
- Configure Enforce Entitlement Jobs service [[https://github.com/advthreat/tenzin-config/pull/989][#989]]
|
||
|
|
**** xdr-provisioning [10]
|
||
|
|
|
||
|
|
- fix exit
|
||
|
|
- prevent duplicate onboard calls
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Add a script to cleanup test accounts
|
||
|
|
- rename script and improve error
|
||
|
|
- minor improvement
|
||
|
|
- fix ISO code to use 2 chars only
|
||
|
|
- use the env from the table
|
||
|
|
- fix tsv-to-commands.sh
|
||
|
|
- add tsv-to-commands.sh
|
||
|
|
- add an option to force di and csc onboarding even for org upgrade
|
||
|
|
|
||
|
|
*** Olivier Barbeau [29]
|
||
|
|
|
||
|
|
**** iroh [27]
|
||
|
|
|
||
|
|
- Implement ~Module Instance service~ event handler [[https://github.com/advthreat/iroh/pull/8592][#8592]]
|
||
|
|
- Updates to the design 'entitlement changes for integration modules' [[https://github.com/advthreat/iroh/pull/8541][#8541]]
|
||
|
|
- E8388: add new module-instance events, register Module Instance service as handler [[https://github.com/advthreat/iroh/pull/8547][#8547]]
|
||
|
|
- E8388: Issue 8531 add state to module instance schema [[https://github.com/advthreat/iroh/pull/8544][#8544]]
|
||
|
|
- Issue 8389 design entitlement changes for integration modules [[https://github.com/advthreat/iroh/pull/8510][#8510]]
|
||
|
|
- More modules restrictions tests [[https://github.com/advthreat/iroh/pull/8411][#8411]]
|
||
|
|
- Modules restrictions: Fix missing known exception [[https://github.com/advthreat/iroh/pull/8380][#8380]]
|
||
|
|
- Apply entitlements to the IntService [[https://github.com/advthreat/iroh/pull/8350][#8350]]
|
||
|
|
- Apply entitlements to the ModuleInstance API [[https://github.com/advthreat/iroh/pull/8327][#8327]]
|
||
|
|
- Clear reason of error when creating a module instance with wrong module type [[https://github.com/advthreat/iroh/pull/8320][#8320]]
|
||
|
|
- Apply entitlements to the ModuleType API [[https://github.com/advthreat/iroh/pull/8303][#8303]]
|
||
|
|
- Update ~search-module-types-response~ with combinator search query [[https://github.com/advthreat/iroh/pull/8290][#8290]]
|
||
|
|
- Stores optimization: Update search-module-instances-internal with combinator search query [[https://github.com/advthreat/iroh/pull/8287][#8287]]
|
||
|
|
- fix test: use two stores [[https://github.com/advthreat/iroh/pull/8285][#8285]]
|
||
|
|
- Stores optimization: modify ~load-module-instances~ and ~load-module-types~ [[https://github.com/advthreat/iroh/pull/8281][#8281]]
|
||
|
|
- [Cleanup] Remove the ~:xdr-roles~ feature flag [[https://github.com/advthreat/iroh/pull/8205][#8205]]
|
||
|
|
- [Cleanup] Remove the ~:merge-users-by-email~ feature flag [[https://github.com/advthreat/iroh/pull/8198][#8198]]
|
||
|
|
- [Cleanup] Remove the ~:registration~ feature flag [[https://github.com/advthreat/iroh/pull/8199][#8199]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Annotated diagram for ~check_node_types.clj~ [[https://github.com/advthreat/iroh/pull/8133][#8133]]
|
||
|
|
- Increases the time allocated to node start-up [[https://github.com/advthreat/iroh/pull/8125][#8125]]
|
||
|
|
- [IROH configuration]: Checks that each IROH node type starts correctly [[https://github.com/advthreat/iroh/pull/8043][#8043]]
|
||
|
|
- fix format-style args logs [[https://github.com/advthreat/iroh/pull/8119][#8119]]
|
||
|
|
- Adapt OrgAccessRequest to XDR [[https://github.com/advthreat/iroh/pull/8108][#8108]]
|
||
|
|
- Redirect invited user to XDR [[https://github.com/advthreat/iroh/pull/8105][#8105]]
|
||
|
|
- Duplicate ~one-click-module-service~ in bootstrap [[https://github.com/advthreat/iroh/pull/8071][#8071]]
|
||
|
|
- Start node with type and env [[https://github.com/advthreat/iroh/pull/8085][#8085]]
|
||
|
|
- matrix config for ~in-isolation~ tests [[https://github.com/advthreat/iroh/pull/8082][#8082]]
|
||
|
|
**** iroh-offsite-fy24 [1]
|
||
|
|
|
||
|
|
- Olivier's retro
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- add first-url for both SX and XDR [[https://github.com/advthreat/tenzin-config/pull/952][#952]]
|
||
|
|
|
||
|
|
*** (Yogsototh) [37]
|
||
|
|
|
||
|
|
**** iroh-offsite-fy24 [2]
|
||
|
|
|
||
|
|
- Update content + reveal
|
||
|
|
- Initial commit
|
||
|
|
**** iroh-scripts [21]
|
||
|
|
|
||
|
|
- add scope to a client
|
||
|
|
- Help support cider
|
||
|
|
- add admin to org
|
||
|
|
- Improved descriptions
|
||
|
|
- promote-to-master script
|
||
|
|
- Fix and small improvements
|
||
|
|
- Improve robustness
|
||
|
|
- Scripts for admin
|
||
|
|
- client-pass
|
||
|
|
- Improve scripting lib
|
||
|
|
- improve error message
|
||
|
|
- small rename improved search
|
||
|
|
- add search
|
||
|
|
- improve + new scripts
|
||
|
|
- Provision orgs for developers with some fixed entitlements
|
||
|
|
- attempt 2
|
||
|
|
- Attempt to fix links in README
|
||
|
|
- Improve README.org
|
||
|
|
- create an admin util ns
|
||
|
|
- add a nice example with get-client.sh
|
||
|
|
- initial commit with an example
|
||
|
|
**** ring-jwt-middleware [4]
|
||
|
|
|
||
|
|
- Version 1.1.6-SNAPSHOT
|
||
|
|
- Version 1.1.5
|
||
|
|
- v1.1.5-SNAPSHOT
|
||
|
|
- Version 1.1.4
|
||
|
|
**** xdr-provisioning [10]
|
||
|
|
|
||
|
|
- fix exit
|
||
|
|
- prevent duplicate onboard calls
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Add a script to cleanup test accounts
|
||
|
|
- rename script and improve error
|
||
|
|
- minor improvement
|
||
|
|
- fix ISO code to use 2 chars only
|
||
|
|
- use the env from the table
|
||
|
|
- fix tsv-to-commands.sh
|
||
|
|
- add tsv-to-commands.sh
|
||
|
|
- add an option to force di and csc onboarding even for org upgrade
|
||
|
|
** iroh-ops
|
||
|
|
|
||
|
|
|
||
|
|
*** Jerome Schneider [3]
|
||
|
|
|
||
|
|
**** iroh-offsite-fy24 [3]
|
||
|
|
|
||
|
|
- Jerome: last minute changes
|
||
|
|
- add percentages for my day look like
|
||
|
|
- add personal presentation
|
||
|
|
|
||
|
|
*** [0]
|
||
|
|
|
||
|
|
* Other
|
||
|
|
** Other
|
||
|
|
|
||
|
|
|
||
|
|
*** Robert Levy [5]
|
||
|
|
|
||
|
|
**** iroh [4]
|
||
|
|
|
||
|
|
- change description, title, etc on incident status tile [[https://github.com/advthreat/iroh/pull/8362][#8362]]
|
||
|
|
- change format of incident-status tile to horizontal bar chart [[https://github.com/advthreat/iroh/pull/8345][#8345]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- null the top-level data key when no rows in ctia datatable tiles [[https://github.com/advthreat/iroh/pull/8143][#8143]]
|
||
|
|
- when rows null, data.data should be null [[https://github.com/advthreat/iroh/pull/8130][#8130]]
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
- Revert "Adds cache configuration for CrowdStrike (#1002)" [[https://github.com/advthreat/tenzin-config/pull/1005][#1005]]
|
||
|
|
|
||
|
|
*** Eric Gierach [6]
|
||
|
|
|
||
|
|
**** iroh [6]
|
||
|
|
|
||
|
|
- bumping iroh-engine to 0.15.13 [[https://github.com/advthreat/iroh/pull/8520][#8520]]
|
||
|
|
- bumping iroh-engine to 0.15.12 [[https://github.com/advthreat/iroh/pull/8509][#8509]]
|
||
|
|
- Update iroh-engine dep to 0.15.11 [[https://github.com/advthreat/iroh/pull/8460][#8460]]
|
||
|
|
- updating iroh-engine to 0.15.10 [[https://github.com/advthreat/iroh/pull/8295][#8295]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- updating to iroh-engine 0.15.9 to fix query params [[https://github.com/advthreat/iroh/pull/8232][#8232]]
|
||
|
|
- updating iroh-engine to 0.15.8 to fix wait_for query param [[https://github.com/advthreat/iroh/pull/8224][#8224]]
|
||
|
|
|
||
|
|
*** II [9]
|
||
|
|
|
||
|
|
**** ctia [1]
|
||
|
|
|
||
|
|
- Bumps CTIM version to 1.3.10 [[https://github.com/advthreat/ctia/pull/1385][#1385]]
|
||
|
|
**** iroh [7]
|
||
|
|
|
||
|
|
- 8496 - relay module token cache [[https://github.com/advthreat/iroh/pull/8580][#8580]]
|
||
|
|
- Issue 8456 - Uses string instead of regex fake route to fix flaky test [[https://github.com/advthreat/iroh/pull/8462][#8462]]
|
||
|
|
- Only returns proxy endpoint metadata when v2 is configured [[https://github.com/advthreat/iroh/pull/8447][#8447]]
|
||
|
|
- 8239 migrate umbrella routes [[https://github.com/advthreat/iroh/pull/8247][#8247]]
|
||
|
|
- Issue 8383 ao header ids [[https://github.com/advthreat/iroh/pull/8433][#8433]]
|
||
|
|
- Issue 8429 bump ctim version darktrace [[https://github.com/advthreat/iroh/pull/8430][#8430]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- 8114 - API proxy for Umbrella v2 routes [[https://github.com/advthreat/iroh/pull/8228][#8228]]
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
- Adds cache configuration for CrowdStrike [[https://github.com/advthreat/tenzin-config/pull/1002][#1002]]
|
||
|
|
|
||
|
|
*** Devin Walters [4]
|
||
|
|
|
||
|
|
**** tenzin-config [4]
|
||
|
|
|
||
|
|
- Add port 443 to ctia base urls [[https://github.com/advthreat/tenzin-config/pull/996][#996]]
|
||
|
|
- Add the rest of playbook environment configs [[https://github.com/advthreat/tenzin-config/pull/981][#981]]
|
||
|
|
- Add TEST config for playbook service [[https://github.com/advthreat/tenzin-config/pull/980][#980]]
|
||
|
|
- Initial playbook config [[https://github.com/advthreat/tenzin-config/pull/972][#972]]
|
||
|
|
|
||
|
|
*** Cisco [1]
|
||
|
|
|
||
|
|
**** iroh-offsite-fy24 [1]
|
||
|
|
|
||
|
|
- Olivier's retro
|
||
|
|
|
||
|
|
*** Ag Ibragimov [1]
|
||
|
|
|
||
|
|
**** ctia [1]
|
||
|
|
|
||
|
|
- Filter incidents on timestamp not created [[https://github.com/advthreat/ctia/pull/1377][#1377]]
|
||
|
|
|
||
|
|
*** [9]
|
||
|
|
|
||
|
|
**** ctia [1]
|
||
|
|
|
||
|
|
- Bumps CTIM version to 1.3.10 [[https://github.com/advthreat/ctia/pull/1385][#1385]]
|
||
|
|
**** iroh [7]
|
||
|
|
|
||
|
|
- 8496 - relay module token cache [[https://github.com/advthreat/iroh/pull/8580][#8580]]
|
||
|
|
- Issue 8456 - Uses string instead of regex fake route to fix flaky test [[https://github.com/advthreat/iroh/pull/8462][#8462]]
|
||
|
|
- Only returns proxy endpoint metadata when v2 is configured [[https://github.com/advthreat/iroh/pull/8447][#8447]]
|
||
|
|
- 8239 migrate umbrella routes [[https://github.com/advthreat/iroh/pull/8247][#8247]]
|
||
|
|
- Issue 8383 ao header ids [[https://github.com/advthreat/iroh/pull/8433][#8433]]
|
||
|
|
- Issue 8429 bump ctim version darktrace [[https://github.com/advthreat/iroh/pull/8430][#8430]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- 8114 - API proxy for Umbrella v2 routes [[https://github.com/advthreat/iroh/pull/8228][#8228]]
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
- Adds cache configuration for CrowdStrike [[https://github.com/advthreat/tenzin-config/pull/1002][#1002]]
|
||
|
|
|
||
|
|
*** Andrew Parisi [3]
|
||
|
|
|
||
|
|
**** tenzin-config [3]
|
||
|
|
|
||
|
|
- [data-retention/update-entitlement-route-information] [[https://github.com/advthreat/tenzin-config/pull/1004][#1004]]
|
||
|
|
- [gh-607/mark-sightings-internal-based-on-module-type-map-fix-mistake] [[https://github.com/advthreat/tenzin-config/pull/984][#984]]
|
||
|
|
- conure-607/mark-sightings-internal-based-on-module-type-map [[https://github.com/advthreat/tenzin-config/pull/982][#982]]
|
||
|
|
|
||
|
|
*** shafjama [1]
|
||
|
|
|
||
|
|
**** iroh-offsite-fy24 [1]
|
||
|
|
|
||
|
|
- Last minute
|
||
|
|
|
||
|
|
*** Scott McLeod [8]
|
||
|
|
|
||
|
|
**** iroh [8]
|
||
|
|
|
||
|
|
- Filter out empty xdr-org summary reports [[https://github.com/advthreat/iroh/pull/8472][#8472]]
|
||
|
|
- XDR Org Incident Stats Summaries [[https://github.com/advthreat/iroh/pull/8441][#8441]]
|
||
|
|
- Tansform aggregate service to accept a list of AggQuery [[https://github.com/advthreat/iroh/pull/8387][#8387]]
|
||
|
|
- Add summary stats [[https://github.com/advthreat/iroh/pull/8348][#8348]]
|
||
|
|
- Add enterprise-id to incident report [[https://github.com/advthreat/iroh/pull/8258][#8258]]
|
||
|
|
|
||
|
|
_between 3 and 4 months old_
|
||
|
|
|
||
|
|
- Add percentiles aggregation [[https://github.com/advthreat/iroh/pull/8197][#8197]]
|
||
|
|
- Add stats aggregation [[https://github.com/advthreat/iroh/pull/8189][#8189]]
|
||
|
|
- Update Incident Report Service schemas [[https://github.com/advthreat/iroh/pull/8159][#8159]]
|
||
|
|
|
||
|
|
*** Matthieu Sprunck [1]
|
||
|
|
|
||
|
|
**** iroh-offsite-fy24 [1]
|
||
|
|
|
||
|
|
- Matthieu's retro
|
||
|
|
|
||
|
|
*** Patrick Patat [1]
|
||
|
|
|
||
|
|
**** iroh-offsite-fy24 [1]
|
||
|
|
|
||
|
|
- add presentation
|
||
|
|
|
||
|
|
*** t2sw [2]
|
||
|
|
|
||
|
|
**** ctia [1]
|
||
|
|
|
||
|
|
- Update CODEOWNERS [[https://github.com/advthreat/ctia/pull/1390][#1390]]
|
||
|
|
**** iroh [1]
|
||
|
|
|
||
|
|
- add new endpoint for role service to query roles by an org id; update… [[https://github.com/advthreat/iroh/pull/8364][#8364]]
|
||
|
|
|
||
|
|
*** Jerome Schneider [1]
|
||
|
|
|
||
|
|
**** iroh [1]
|
||
|
|
|
||
|
|
- Upgrade riemann server (#8253) [[https://github.com/advthreat/iroh/pull/8254][#8254]]
|
||
|
|
|
||
|
|
*** Brooke Swanson [1]
|
||
|
|
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
- Up distributor worker counts for test and prod. [[https://github.com/advthreat/tenzin-config/pull/993][#993]]
|
||
|
|
|
||
|
|
*** Jillian Flook [1]
|
||
|
|
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
- update dashboard UserResearchCTA [[https://github.com/advthreat/tenzin-config/pull/997][#997]]
|
||
|
|
|
||
|
|
*** (msprunck) [1]
|
||
|
|
|
||
|
|
**** iroh-offsite-fy24 [1]
|
||
|
|
|
||
|
|
- Matthieu's retro
|
||
|
|
|
||
|
|
*** Pawan Bahuguna [2]
|
||
|
|
|
||
|
|
**** tenzin-config [2]
|
||
|
|
|
||
|
|
- Updated Playbook URL in all regions [[https://github.com/advthreat/tenzin-config/pull/998][#998]]
|
||
|
|
- SXOPS-937 Add New Services [[https://github.com/advthreat/tenzin-config/pull/995][#995]]
|
||
|
|
|
||
|
|
*** James Brock [1]
|
||
|
|
|
||
|
|
**** easy-purescript-nix [1]
|
||
|
|
|
||
|
|
- Upgrades
|