357 lines
17 KiB
Org Mode
357 lines
17 KiB
Org Mode
|
#+title: FY24Q2 Report
|
||
|
#+subtitle: logs goes 4 months back
|
||
|
#+date: 2024-01-26
|
||
|
#+options: H:6 ^:nil
|
||
|
* IROH
|
||
|
** lead
|
||
|
|
||
|
|
||
|
*** [1]
|
||
|
|
||
|
**** iroh [1]
|
||
|
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Don't fire disabled webhooks [[https://github.com/advthreat/iroh/pull/8741][#8741]]
|
||
|
** data
|
||
|
|
||
|
|
||
|
*** Mario Aquino [15]
|
||
|
|
||
|
**** iroh [10]
|
||
|
|
||
|
- Fix disabled threat-hunt test [[https://github.com/advthreat/iroh/pull/8814][#8814]]
|
||
|
- Update incident_time when updating incident status [[https://github.com/advthreat/iroh/pull/8801][#8801]]
|
||
|
- incident enrichment activity diagram [[https://github.com/advthreat/iroh/pull/8712][#8712]]
|
||
|
- Separate Risk score & incident enrichment [[https://github.com/advthreat/iroh/pull/8751][#8751]]
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Improve safe-filtering [[https://github.com/advthreat/iroh/pull/8731][#8731]]
|
||
|
- iroh-async: Flatten Datadog context [[https://github.com/advthreat/iroh/pull/8706][#8706]]
|
||
|
- iroh-async logging & tracing context [[https://github.com/advthreat/iroh/pull/8705][#8705]]
|
||
|
- Socket timeout milliseconds (not seconds) [[https://github.com/advthreat/iroh/pull/8690][#8690]]
|
||
|
- Risk Score socket-timeout [[https://github.com/advthreat/iroh/pull/8687][#8687]]
|
||
|
- Threat Hunt Module Exclusion [[https://github.com/advthreat/iroh/pull/8646][#8646]]
|
||
|
**** tenzin-config [5]
|
||
|
|
||
|
- Increase conn-manager thread count after PROD performance monitoring [[https://github.com/advthreat/tenzin-config/pull/1042][#1042]]
|
||
|
- Increase thread pool size for EU private intel conn mgr [[https://github.com/advthreat/tenzin-config/pull/1039][#1039]]
|
||
|
- Increase connection mgr thread pool for NAM/EU/TEST [[https://github.com/advthreat/tenzin-config/pull/1030][#1030]]
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Increase thread pool size for engine connection manager [[https://github.com/advthreat/tenzin-config/pull/1012][#1012]]
|
||
|
- Config for skipping Private Intel during investigation threat hunt [[https://github.com/advthreat/tenzin-config/pull/1009][#1009]]
|
||
|
|
||
|
*** [3]
|
||
|
|
||
|
**** ctia [1]
|
||
|
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- fix wait_for for delete search [[https://github.com/threatgrid/ctia/pull/1399][#1399]]
|
||
|
**** iroh [2]
|
||
|
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- bundle import activity diagrams [[https://github.com/advthreat/iroh/pull/8708][#8708]]
|
||
|
- scoring at bundle import [[https://github.com/advthreat/iroh/pull/8694][#8694]]
|
||
|
|
||
|
*** Ambrose Bonnaire-Sergeant [16]
|
||
|
|
||
|
**** ctia [10]
|
||
|
|
||
|
- Fix 2XX response swagger/coercion, ban ~:return~ [[https://github.com/threatgrid/ctia/pull/1407][#1407]]
|
||
|
- Remove asset properties/mapping merging during bundle patch [[https://github.com/threatgrid/ctia/pull/1408][#1408]]
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Fix :body descriptions [[https://github.com/threatgrid/ctia/pull/1409][#1409]]
|
||
|
- Fix POST /bulk schema checking [[https://github.com/threatgrid/ctia/pull/1406][#1406]]
|
||
|
- Use prn instead of pprint for logs [[https://github.com/threatgrid/ctia/pull/1401][#1401]]
|
||
|
- Eval routes and options given to ~context~ at initialization time [[https://github.com/threatgrid/ctia/pull/1394][#1394]]
|
||
|
- Use ~st/merge~ to merge schemas instead of ~into~ [[https://github.com/threatgrid/ctia/pull/1398][#1398]]
|
||
|
- Never match existing asset-* entities when patch-existing=false [[https://github.com/threatgrid/ctia/pull/1395][#1395]]
|
||
|
- Re-enable incident tests [[https://github.com/threatgrid/ctia/pull/1393][#1393]]
|
||
|
- Add external_ids to investigation select fields [[https://github.com/threatgrid/ctia/pull/1392][#1392]]
|
||
|
**** iroh [4]
|
||
|
|
||
|
- Generate valid DI auth tokens for incident subscriptions [[https://github.com/advthreat/iroh/pull/8804][#8804]]
|
||
|
- Fix ~(reset)~ [[https://github.com/advthreat/iroh/pull/8799][#8799]]
|
||
|
- Subscribe to incident asset rescoring via DI [[https://github.com/advthreat/iroh/pull/8699][#8699]]
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Only pass default patch-existing query params in bundle/import proxy if patch-existing=true [[https://github.com/advthreat/iroh/pull/8725][#8725]]
|
||
|
**** tenzin-config [2]
|
||
|
|
||
|
- Add config for DI client in iroh-engine [[https://github.com/advthreat/tenzin-config/pull/1036][#1036]]
|
||
|
- Add device insights url to iroh-engine config [[https://github.com/advthreat/tenzin-config/pull/1014][#1014]]
|
||
|
** integrations
|
||
|
|
||
|
|
||
|
*** [4]
|
||
|
|
||
|
**** iroh [4]
|
||
|
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- JMX metrics for clj-http connection manager [[https://github.com/advthreat/iroh/pull/8765][#8765]]
|
||
|
- Always decompress the body when status is not 2xx [[https://github.com/advthreat/iroh/pull/8527][#8527]]
|
||
|
- Restore default expiration (24h) for the local session token [[https://github.com/advthreat/iroh/pull/8747][#8747]]
|
||
|
- Workflow event schema changes [[https://github.com/advthreat/iroh/pull/8656][#8656]]
|
||
|
|
||
|
*** Kirill Chernyshov [10]
|
||
|
|
||
|
**** iroh [7]
|
||
|
|
||
|
- Refactor data streams service [[https://github.com/advthreat/iroh/pull/8793][#8793]]
|
||
|
- DRY'ed out client-creds-token namespace [[https://github.com/advthreat/iroh/pull/8783][#8783]]
|
||
|
- Kafka connect monitoring [[https://github.com/advthreat/iroh/pull/8278][#8278]]
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Handle undelivered records [[https://github.com/advthreat/iroh/pull/8634][#8634]]
|
||
|
- Events data retention enforcement job [[https://github.com/advthreat/iroh/pull/8722][#8722]]
|
||
|
- Iroh events data retention implementation [[https://github.com/advthreat/iroh/pull/8666][#8666]]
|
||
|
- Iroh events postgres data retention [[https://github.com/advthreat/iroh/pull/8693][#8693]]
|
||
|
**** tenzin-config [3]
|
||
|
|
||
|
- Add ES sink connector v2 to test full migration [[https://github.com/advthreat/tenzin-config/pull/1035][#1035]]
|
||
|
- Fix broken data stream on TEST [[https://github.com/advthreat/tenzin-config/pull/1034][#1034]]
|
||
|
- Config for DataStreams service [[https://github.com/advthreat/tenzin-config/pull/1033][#1033]]
|
||
|
|
||
|
*** Shafiq [7]
|
||
|
|
||
|
**** iroh [4]
|
||
|
|
||
|
- Fix schema of proxy health check [[https://github.com/advthreat/iroh/pull/8827][#8827]]
|
||
|
- Add string matching for health check [[https://github.com/advthreat/iroh/pull/8815][#8815]]
|
||
|
- Fallback to iroh-events store when kafka send fails [[https://github.com/advthreat/iroh/pull/8786][#8786]]
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Fix mapping for incident events [[https://github.com/advthreat/iroh/pull/8703][#8703]]
|
||
|
**** tenzin-config [3]
|
||
|
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Swtich to new sink-connector in INT [[https://github.com/advthreat/tenzin-config/pull/1024][#1024]]
|
||
|
- Add updated sink connector for all envs [[https://github.com/advthreat/tenzin-config/pull/1021][#1021]]
|
||
|
- Add sink connector for new iroh-event datastream [[https://github.com/advthreat/tenzin-config/pull/1019][#1019]]
|
||
|
** auth
|
||
|
|
||
|
|
||
|
*** bartuka [26]
|
||
|
|
||
|
**** iroh [22]
|
||
|
|
||
|
- [IROH Auth] Support FMC in the ~jwks~ service [[https://github.com/advthreat/iroh/pull/8830][#8830]]
|
||
|
- [IROH Auth] Fix DI onboarding in Universal Provisioning Flow [[https://github.com/advthreat/iroh/pull/8813][#8813]]
|
||
|
- Revert "[IROH Auth] support for FMC token in JWKS Service" [[https://github.com/advthreat/iroh/pull/8816][#8816]]
|
||
|
- [IROH Auth] support for FMC token in JWKS Service [[https://github.com/advthreat/iroh/pull/8808][#8808]]
|
||
|
- [IROH Auth] Check QA ~callback_url~ to complete provisioning tests [[https://github.com/advthreat/iroh/pull/8763][#8763]]
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- [IROH Auth] better swagger descriptions for Universal Provisioning [[https://github.com/advthreat/iroh/pull/8752][#8752]]
|
||
|
- [IROH Auth] remove empty strings from ~client-id~ got from Vault [[https://github.com/advthreat/iroh/pull/8760][#8760]]
|
||
|
- [IROH Auth] add missing scope to get OKTA JWT [[https://github.com/advthreat/iroh/pull/8759][#8759]]
|
||
|
- [IROH Auth] add logs to investigate get okta jwt [[https://github.com/advthreat/iroh/pull/8758][#8758]]
|
||
|
- [IROH Auth] bugfix - ~client/post~ should use ~:form-params~ instead of ~:body~ [[https://github.com/advthreat/iroh/pull/8753][#8753]]
|
||
|
- [IROH Auth] bugfixes - arity exception, change ~product-response~ datatype, change ~pmap~ to ~map~ [[https://github.com/advthreat/iroh/pull/8738][#8738]]
|
||
|
- [IROH Auth] bugfix - fix urls in ~POST /tenants~ returned value and payload field names [[https://github.com/advthreat/iroh/pull/8733][#8733]]
|
||
|
- [IROH Auth] Cache OKTA JWT used for provisioning callback [[https://github.com/advthreat/iroh/pull/8727][#8727]]
|
||
|
- [IROH Auth] Improvements on logs and error handling to UniversalProvisioning and JWKSService [[https://github.com/advthreat/iroh/pull/8707][#8707]]
|
||
|
- [IROH Auth] Duplicate ~universal-provisioning~ web routes to accept IROH JWTs [[https://github.com/advthreat/iroh/pull/8675][#8675]]
|
||
|
- [IROH Auth] Expose ~callbacks packages~ store to check Universal Provisioning status [[https://github.com/advthreat/iroh/pull/8702][#8702]]
|
||
|
- [IROH Auth] Improve 202 Accepted response for ~/universal-provisioning/create-tenants~ [[https://github.com/advthreat/iroh/pull/8701][#8701]]
|
||
|
- [IROH Auth] Fix name convention to callbacks route in Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/8691][#8691]]
|
||
|
- [IROH Auth] Gen OKTA JWT to callback request in Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/8673][#8673]]
|
||
|
- bugfix - missing ~UniversalProvisioningCallbackService~ to deploy IROH nodes [[https://github.com/advthreat/iroh/pull/8680][#8680]]
|
||
|
- [IROH Auth] Check pending provisions from time-to-time. Endpoint that will be called by OPS tick [[https://github.com/advthreat/iroh/pull/8674][#8674]]
|
||
|
- [IROH Auth] Add callback handler to receive provisioning status from downstream apps [[https://github.com/advthreat/iroh/pull/8633][#8633]]
|
||
|
**** tenzin-config [4]
|
||
|
|
||
|
- FMC base-urls to configure JWKS [[https://github.com/advthreat/tenzin-config/pull/1040][#1040]]
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- [IROH Auth] bugfix - add config to okta jwks [[https://github.com/advthreat/tenzin-config/pull/1017][#1017]]
|
||
|
- [IROH Auth] add OKTA config for Universal Provisioning flow #1010 [[https://github.com/advthreat/tenzin-config/pull/1013][#1013]]
|
||
|
- add universal_provisioning_callbacks store [[https://github.com/advthreat/tenzin-config/pull/1011][#1011]]
|
||
|
|
||
|
*** Yann Esposito [27]
|
||
|
|
||
|
**** iroh [17]
|
||
|
|
||
|
- Fix PIAM Universal Provisioning routes [[https://github.com/advthreat/iroh/pull/8828][#8828]]
|
||
|
- Should fix open impersonate flaky test [[https://github.com/advthreat/iroh/pull/8809][#8809]]
|
||
|
- Keep track of impersonators [[https://github.com/advthreat/iroh/pull/8736][#8736]]
|
||
|
- Restrict TAC routes to admins [[https://github.com/advthreat/iroh/pull/8794][#8794]]
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Remove with-tk [[https://github.com/advthreat/iroh/pull/8779][#8779]]
|
||
|
- Code/Test Improvements [[https://github.com/advthreat/iroh/pull/8767][#8767]]
|
||
|
- add a test for matching schema [[https://github.com/advthreat/iroh/pull/8770][#8770]]
|
||
|
- Custom Role Design doc [[https://github.com/advthreat/iroh/pull/8497][#8497]]
|
||
|
- Attempt to improve error message of match? [[https://github.com/advthreat/iroh/pull/8769][#8769]]
|
||
|
- Use ~cid~ for ~trace_id~ when present [[https://github.com/advthreat/iroh/pull/8754][#8754]]
|
||
|
- Support public client for custom routes [[https://github.com/advthreat/iroh/pull/8749][#8749]]
|
||
|
- Add playbook scope [[https://github.com/advthreat/iroh/pull/8739][#8739]]
|
||
|
- Fix webhook race condition risk [[https://github.com/advthreat/iroh/pull/8728][#8728]]
|
||
|
- Call get-org only once for org-virtual user [[https://github.com/advthreat/iroh/pull/8724][#8724]]
|
||
|
- Use a cache for entitlement summaries [[https://github.com/advthreat/iroh/pull/8667][#8667]]
|
||
|
- upgrade jetty version [[https://github.com/advthreat/iroh/pull/8714][#8714]]
|
||
|
- Remove a forgotten pretty printer [[https://github.com/advthreat/iroh/pull/8713][#8713]]
|
||
|
**** iroh-scripts [6]
|
||
|
|
||
|
- save improvements
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- create dashboard clients
|
||
|
- Support client aliases in get-client
|
||
|
- Update client with client-aliases
|
||
|
- many new scripts
|
||
|
- added a 1-time script
|
||
|
**** tenzin-config [2]
|
||
|
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Check vault templating error [[https://github.com/advthreat/tenzin-config/pull/1023][#1023]]
|
||
|
- Add Universal Provisioning Services [[https://github.com/advthreat/tenzin-config/pull/1015][#1015]]
|
||
|
**** xdr-provisioning [2]
|
||
|
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Manage entitlements add-ons
|
||
|
- add a re-provisioning script that rerun onboardings
|
||
|
|
||
|
*** Olivier Barbeau [25]
|
||
|
|
||
|
**** iroh [15]
|
||
|
|
||
|
- Check the list of services for a node type [[https://github.com/advthreat/iroh/pull/8800][#8800]]
|
||
|
- Fix merge error on PR 8784 [[https://github.com/advthreat/iroh/pull/8797][#8797]]
|
||
|
- [IROH configuration]: Move role-web-service config to default tk files [[https://github.com/advthreat/iroh/pull/8782][#8782]]
|
||
|
- [IROH configuration]: Universal Provisioning Services config refactor [[https://github.com/advthreat/iroh/pull/8784][#8784]]
|
||
|
- [IROH configuration]: explicit name for generated conf and meta [[https://github.com/advthreat/iroh/pull/8785][#8785]]
|
||
|
- Clean bootstrap.cfg; remove tmp file [[https://github.com/advthreat/iroh/pull/8781][#8781]]
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Add few additional tests to iroh services [[https://github.com/advthreat/iroh/pull/8762][#8762]]
|
||
|
- rewrite tests [[https://github.com/advthreat/iroh/pull/8773][#8773]]
|
||
|
- more info for debugging [[https://github.com/advthreat/iroh/pull/8717][#8717]]
|
||
|
- [IROH configuration]: general documentation [[https://github.com/advthreat/iroh/pull/8764][#8764]]
|
||
|
- update developer doc for api-gateway [[https://github.com/advthreat/iroh/pull/8723][#8723]]
|
||
|
- Some test clean-up [[https://github.com/advthreat/iroh/pull/8716][#8716]]
|
||
|
- High volume of SQL queries for a single observe/deliberate call [[https://github.com/advthreat/iroh/pull/8682][#8682]]
|
||
|
- Remove the state of module instances in ~obfuscate-module-instance~ [[https://github.com/advthreat/iroh/pull/8670][#8670]]
|
||
|
- E8388: update proxy-endpoints-metadata endpoint and metadata [[https://github.com/advthreat/iroh/pull/8663][#8663]]
|
||
|
**** tenzin-config [10]
|
||
|
|
||
|
- Deep merge for vectors and sets with duplicates check [[https://github.com/advthreat/tenzin-config/pull/1032][#1032]]
|
||
|
- Reduce configuration duplicates - config.edn part [[https://github.com/advthreat/tenzin-config/pull/1031][#1031]]
|
||
|
- Reduce configuration duplicates - bootstrap.cfg part [[https://github.com/advthreat/tenzin-config/pull/1028][#1028]]
|
||
|
- Move role-web-service config to IROH [[https://github.com/advthreat/tenzin-config/pull/1026][#1026]]
|
||
|
- Move Universal Provisioning Services config to IROH [[https://github.com/advthreat/tenzin-config/pull/1027][#1027]]
|
||
|
- Clean bootstrap cfg [[https://github.com/advthreat/tenzin-config/pull/1025][#1025]]
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Remove the ~:registration~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/963][#963]]
|
||
|
- Remove the ~:merge-users-by-email~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/962][#962]]
|
||
|
- Remove the ~:account-activation-optim~ flag in all environments as it is now activated everywhere. [[https://github.com/advthreat/tenzin-config/pull/961][#961]]
|
||
|
- Remove the ~xdr-roles~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/964][#964]]
|
||
|
|
||
|
*** (Yogsototh) [8]
|
||
|
|
||
|
**** iroh-scripts [6]
|
||
|
|
||
|
- save improvements
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- create dashboard clients
|
||
|
- Support client aliases in get-client
|
||
|
- Update client with client-aliases
|
||
|
- many new scripts
|
||
|
- added a 1-time script
|
||
|
**** xdr-provisioning [2]
|
||
|
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Manage entitlements add-ons
|
||
|
- add a re-provisioning script that rerun onboardings
|
||
|
** iroh-ops
|
||
|
|
||
|
|
||
|
*** [0]
|
||
|
|
||
|
|
||
|
*** [0]
|
||
|
|
||
|
* Other
|
||
|
** Other
|
||
|
|
||
|
|
||
|
*** II [4]
|
||
|
|
||
|
**** iroh [4]
|
||
|
|
||
|
- Merges module type props on create and update health check [[https://github.com/advthreat/iroh/pull/8845][#8845]]
|
||
|
- Implements v2 threat hunting [[https://github.com/advthreat/iroh/pull/8833][#8833]]
|
||
|
- This should fix issue with parent settings not used on create-patch [[https://github.com/advthreat/iroh/pull/8822][#8822]]
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Adds insights scope to allowed Automation scopes in gen-ao-jwt [[https://github.com/advthreat/iroh/pull/8678][#8678]]
|
||
|
|
||
|
*** [4]
|
||
|
|
||
|
**** iroh [4]
|
||
|
|
||
|
- Merges module type props on create and update health check [[https://github.com/advthreat/iroh/pull/8845][#8845]]
|
||
|
- Implements v2 threat hunting [[https://github.com/advthreat/iroh/pull/8833][#8833]]
|
||
|
- This should fix issue with parent settings not used on create-patch [[https://github.com/advthreat/iroh/pull/8822][#8822]]
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Adds insights scope to allowed Automation scopes in gen-ao-jwt [[https://github.com/advthreat/iroh/pull/8678][#8678]]
|
||
|
|
||
|
*** Scott McLeod [1]
|
||
|
|
||
|
**** iroh [1]
|
||
|
|
||
|
- tk store: Add delete-search method #8213 [[https://github.com/advthreat/iroh/pull/8692][#8692]]
|
||
|
|
||
|
*** Brooke Swanson [3]
|
||
|
|
||
|
**** ctia [1]
|
||
|
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Add brookeswanson to codeowners. [[https://github.com/threatgrid/ctia/pull/1396][#1396]]
|
||
|
**** iroh [1]
|
||
|
|
||
|
|
||
|
_between 3 and 4 months old_
|
||
|
|
||
|
- Add no-doc true and prevent explosion due to mismatched types. [[https://github.com/advthreat/iroh/pull/8548][#8548]]
|
||
|
**** tenzin-config [1]
|
||
|
|
||
|
- Playbook automation config. [[https://github.com/advthreat/tenzin-config/pull/1037][#1037]]
|