997 lines
61 KiB
Org Mode
997 lines
61 KiB
Org Mode
|
#+title: FY24Q3 Report
|
||
|
|
#+subtitle: logs goes 7 month back
|
||
|
|
#+date: 2024-05-13
|
||
|
|
#+options: H:6 ^:nil
|
||
|
|
* IROH
|
||
|
|
** lead
|
||
|
|
|
||
|
|
|
||
|
|
*** Guillaume Buisson [12]
|
||
|
|
|
||
|
|
**** ctia [2]
|
||
|
|
|
||
|
|
- Properly filter Relationships to assemble a Feed View [[https://github.com/threatgrid/ctia/pull/1421][#1421]]
|
||
|
|
- Filter out some infrastructure details from Error API Responses [[https://github.com/threatgrid/ctia/pull/1412][#1412]]
|
||
|
|
**** iroh [8]
|
||
|
|
|
||
|
|
- fix a flaky test in iroh-web [[https://github.com/advthreat/iroh/pull/9250][#9250]]
|
||
|
|
- Don't use pp-str to log the request in the rate limiter service [[https://github.com/advthreat/iroh/pull/9249][#9249]]
|
||
|
|
- Fix iroh-kafka* logs [[https://github.com/advthreat/iroh/pull/9240][#9240]]
|
||
|
|
- Update the json appender to rename the output level key [[https://github.com/advthreat/iroh/pull/9187][#9187]]
|
||
|
|
- update the logstash-v2 logging preset [[https://github.com/advthreat/iroh/pull/9178][#9178]]
|
||
|
|
- Don't fire disabled webhooks [[https://github.com/advthreat/iroh/pull/8741][#8741]]
|
||
|
|
- upgrade ctia-investigate to use transit+json instead of edn [[https://github.com/advthreat/iroh/pull/8623][#8623]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- A new script to update a record :created in ES [[https://github.com/advthreat/iroh/pull/8574][#8574]]
|
||
|
|
**** tenzin-config [2]
|
||
|
|
|
||
|
|
- setup the IROH json logging appender
|
||
|
|
- Re-apply the default rate limit for the NGFW Incident promotion client [[https://github.com/advthreat/tenzin-config/pull/1063][#1063]]
|
||
|
|
** data
|
||
|
|
|
||
|
|
|
||
|
|
*** Mario Aquino [41]
|
||
|
|
|
||
|
|
**** iroh [33]
|
||
|
|
|
||
|
|
- Threat hunt integration tests [[https://github.com/advthreat/iroh/pull/9218][#9218]]
|
||
|
|
- Threat hunt module instance pagination [[https://github.com/advthreat/iroh/pull/9200][#9200]]
|
||
|
|
- iroh-async Telemetry Identity Data [[https://github.com/advthreat/iroh/pull/9166][#9166]]
|
||
|
|
- Xdr 1086/crud store fields filtering [[https://github.com/advthreat/iroh/pull/9147][#9147]]
|
||
|
|
- iroh-async task (metric) tag [[https://github.com/advthreat/iroh/pull/9123][#9123]]
|
||
|
|
- iroh-metrics in default bootstrap [[https://github.com/advthreat/iroh/pull/9118][#9118]]
|
||
|
|
- Metrics Service (micrometer) [[https://github.com/advthreat/iroh/pull/9029][#9029]]
|
||
|
|
- Disable color logging for test execution [[https://github.com/advthreat/iroh/pull/9097][#9097]]
|
||
|
|
- Carmine & Timbre upgrade v2 [[https://github.com/advthreat/iroh/pull/9005][#9005]]
|
||
|
|
- Loosen Risk Score Incident validation [[https://github.com/advthreat/iroh/pull/9013][#9013]]
|
||
|
|
- Apply risk score valid ranges to incident schemas [[https://github.com/advthreat/iroh/pull/8976][#8976]]
|
||
|
|
- Revert "Upgrade carmine version (#8888)" [[https://github.com/advthreat/iroh/pull/9003][#9003]]
|
||
|
|
- Log Tuning [[https://github.com/advthreat/iroh/pull/8978][#8978]]
|
||
|
|
- Upgrade carmine version [[https://github.com/advthreat/iroh/pull/8888][#8888]]
|
||
|
|
- Fix flaky test [[https://github.com/advthreat/iroh/pull/8956][#8956]]
|
||
|
|
- iroh-async high-traffic adjustments [[https://github.com/advthreat/iroh/pull/8835][#8835]]
|
||
|
|
- Fix disabled threat-hunt test [[https://github.com/advthreat/iroh/pull/8814][#8814]]
|
||
|
|
- Update incident_time when updating incident status [[https://github.com/advthreat/iroh/pull/8801][#8801]]
|
||
|
|
- incident enrichment activity diagram [[https://github.com/advthreat/iroh/pull/8712][#8712]]
|
||
|
|
- Separate Risk score & incident enrichment [[https://github.com/advthreat/iroh/pull/8751][#8751]]
|
||
|
|
- Improve safe-filtering [[https://github.com/advthreat/iroh/pull/8731][#8731]]
|
||
|
|
- iroh-async: Flatten Datadog context [[https://github.com/advthreat/iroh/pull/8706][#8706]]
|
||
|
|
- iroh-async logging & tracing context [[https://github.com/advthreat/iroh/pull/8705][#8705]]
|
||
|
|
- Socket timeout milliseconds (not seconds) [[https://github.com/advthreat/iroh/pull/8690][#8690]]
|
||
|
|
- Risk Score socket-timeout [[https://github.com/advthreat/iroh/pull/8687][#8687]]
|
||
|
|
- Threat Hunt Module Exclusion [[https://github.com/advthreat/iroh/pull/8646][#8646]]
|
||
|
|
- Remove dead code [[https://github.com/advthreat/iroh/pull/8626][#8626]]
|
||
|
|
- Incident Summary migration re-run [[https://github.com/advthreat/iroh/pull/8597][#8597]]
|
||
|
|
- Notification request uses paginated user search [[https://github.com/advthreat/iroh/pull/8606][#8606]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- Add support for role-targetted notification [[https://github.com/advthreat/iroh/pull/8557][#8557]]
|
||
|
|
- Issue 8438/notification request phase 1 [[https://github.com/advthreat/iroh/pull/8470][#8470]]
|
||
|
|
- Fix flaky test [[https://github.com/advthreat/iroh/pull/8521][#8521]]
|
||
|
|
- Use int-req-ctx when calling post-bundle-import [[https://github.com/advthreat/iroh/pull/8500][#8500]]
|
||
|
|
**** tenzin-config [8]
|
||
|
|
|
||
|
|
- Exclude CTIA modules from threat hunt execution [[https://github.com/advthreat/tenzin-config/pull/1122][#1122]]
|
||
|
|
- Add iroh-async client-id to rate unlimited list [[https://github.com/advthreat/tenzin-config/pull/1053][#1053]]
|
||
|
|
- Increase conn-manager thread count after PROD performance monitoring [[https://github.com/advthreat/tenzin-config/pull/1042][#1042]]
|
||
|
|
- Increase thread pool size for EU private intel conn mgr [[https://github.com/advthreat/tenzin-config/pull/1039][#1039]]
|
||
|
|
- Increase connection mgr thread pool for NAM/EU/TEST [[https://github.com/advthreat/tenzin-config/pull/1030][#1030]]
|
||
|
|
- Increase thread pool size for engine connection manager [[https://github.com/advthreat/tenzin-config/pull/1012][#1012]]
|
||
|
|
- Config for skipping Private Intel during investigation threat hunt [[https://github.com/advthreat/tenzin-config/pull/1009][#1009]]
|
||
|
|
- Rerun incident summary migration and update ES index [[https://github.com/advthreat/tenzin-config/pull/1001][#1001]]
|
||
|
|
|
||
|
|
*** Guillaume Erétéo [55]
|
||
|
|
|
||
|
|
**** ctia [11]
|
||
|
|
|
||
|
|
- remove ES5 support [[https://github.com/threatgrid/ctia/pull/1419][#1419]]
|
||
|
|
- Optimize lucene searches [[https://github.com/threatgrid/ctia/pull/1420][#1420]]
|
||
|
|
- bump ctim / remove status disposition [[https://github.com/threatgrid/ctia/pull/1417][#1417]]
|
||
|
|
- ctim 1.3.15 [[https://github.com/threatgrid/ctia/pull/1415][#1415]]
|
||
|
|
- silent this too noisy log [[https://github.com/threatgrid/ctia/pull/1414][#1414]]
|
||
|
|
- ctim-1.3.14 [[https://github.com/threatgrid/ctia/pull/1413][#1413]]
|
||
|
|
- remove un-store [[https://github.com/threatgrid/ctia/pull/1410][#1410]]
|
||
|
|
- fix wait_for for delete search [[https://github.com/threatgrid/ctia/pull/1399][#1399]]
|
||
|
|
- incident meta [[https://github.com/threatgrid/ctia/pull/1391][#1391]]
|
||
|
|
- Incident status disposition [[https://github.com/threatgrid/ctia/pull/1389][#1389]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- Update CODEOWNERS [[https://github.com/threatgrid/ctia/pull/1387][#1387]]
|
||
|
|
**** iroh [41]
|
||
|
|
|
||
|
|
- Dump events with dump metrics script [[https://github.com/advthreat/iroh/pull/9180][#9180]]
|
||
|
|
- Sca clean phase 2 [[https://github.com/advthreat/iroh/pull/9176][#9176]]
|
||
|
|
- add backup clusters for delete [[https://github.com/advthreat/iroh/pull/9173][#9173]]
|
||
|
|
- Scripts for SCA issue cleaning [[https://github.com/advthreat/iroh/pull/9161][#9161]]
|
||
|
|
- simplify sorting in telemetry reports [[https://github.com/advthreat/iroh/pull/9144][#9144]]
|
||
|
|
- Add logs to better monitor reports [[https://github.com/advthreat/iroh/pull/9142][#9142]]
|
||
|
|
- Report service: consider missing user/org ids [[https://github.com/advthreat/iroh/pull/9134][#9134]]
|
||
|
|
- filter ids on search [[https://github.com/advthreat/iroh/pull/9130][#9130]]
|
||
|
|
- Generate statistics about modules [[https://github.com/advthreat/iroh/pull/9108][#9108]]
|
||
|
|
- Refactor iops report generation [[https://github.com/advthreat/iroh/pull/9099][#9099]]
|
||
|
|
- bump ctim / remove status disposition [[https://github.com/advthreat/iroh/pull/9114][#9114]]
|
||
|
|
- fix flaky ES test: wait some more [[https://github.com/advthreat/iroh/pull/9089][#9089]]
|
||
|
|
- telemetry report: fix search iteration for batch size 10000 [[https://github.com/advthreat/iroh/pull/9082][#9082]]
|
||
|
|
- reduce logs by adding user-scopes [[https://github.com/advthreat/iroh/pull/9078][#9078]]
|
||
|
|
- tk store: update ES index state [[https://github.com/advthreat/iroh/pull/8664][#8664]]
|
||
|
|
- Add admin maintenance route to load MITRE stix [[https://github.com/advthreat/iroh/pull/8967][#8967]]
|
||
|
|
- ctim 1.3.15 [[https://github.com/advthreat/iroh/pull/9068][#9068]]
|
||
|
|
- limit walk entities to the necessary exports [[https://github.com/advthreat/iroh/pull/9039][#9039]]
|
||
|
|
- ctim 1.3.14 [[https://github.com/advthreat/iroh/pull/9016][#9016]]
|
||
|
|
- Dump ES metrics telemetry events [[https://github.com/advthreat/iroh/pull/8999][#8999]]
|
||
|
|
- script to clean SE false positive incidents and sightings [[https://github.com/advthreat/iroh/pull/8846][#8846]]
|
||
|
|
- MITRE Matrix: dynamic components design [[https://github.com/advthreat/iroh/pull/8973][#8973]]
|
||
|
|
- fix Talos threat hunt [[https://github.com/advthreat/iroh/pull/8969][#8969]]
|
||
|
|
- update the design of static MITRE matrix rendering [[https://github.com/advthreat/iroh/pull/8949][#8949]]
|
||
|
|
- replace lazyseq by iteration in reports [[https://github.com/advthreat/iroh/pull/8957][#8957]]
|
||
|
|
- For Jeetu by G2 [[https://github.com/advthreat/iroh/pull/8920][#8920]]
|
||
|
|
- Some more incident stats [[https://github.com/advthreat/iroh/pull/8861][#8861]]
|
||
|
|
- import mitre matrix backbone [[https://github.com/advthreat/iroh/pull/8899][#8899]]
|
||
|
|
- Mitre coverage static matrix [[https://github.com/advthreat/iroh/pull/8882][#8882]]
|
||
|
|
- add created and modified to IROH CTIM entities [[https://github.com/advthreat/iroh/pull/8810][#8810]]
|
||
|
|
- bundle import activity diagrams [[https://github.com/advthreat/iroh/pull/8708][#8708]]
|
||
|
|
- scoring at bundle import [[https://github.com/advthreat/iroh/pull/8694][#8694]]
|
||
|
|
- Meta incident field [[https://github.com/advthreat/iroh/pull/8617][#8617]]
|
||
|
|
- entitlement-enforcement-jobs-service in default [[https://github.com/advthreat/iroh/pull/8612][#8612]]
|
||
|
|
- incident status_disposition [[https://github.com/advthreat/iroh/pull/8587][#8587]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- introduce admin common web service for cisco services [[https://github.com/advthreat/iroh/pull/8573][#8573]]
|
||
|
|
- speed up listing of entilements [[https://github.com/advthreat/iroh/pull/8516][#8516]]
|
||
|
|
- Update CODEOWNERS [[https://github.com/advthreat/iroh/pull/8524][#8524]]
|
||
|
|
- Add entitlement summaries endpoint for external policy enforcement jobs [[https://github.com/advthreat/iroh/pull/8508][#8508]]
|
||
|
|
- ductile 0.4.8 [[https://github.com/advthreat/iroh/pull/8453][#8453]]
|
||
|
|
- XDR intel retention design [[https://github.com/advthreat/iroh/pull/8153][#8153]]
|
||
|
|
**** tenzin-config [3]
|
||
|
|
|
||
|
|
- configure / tune private intel proxy cm [[https://github.com/advthreat/tenzin-config/pull/1074][#1074]]
|
||
|
|
- increase bundle-batch-size [[https://github.com/advthreat/tenzin-config/pull/1071][#1071]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- fix config path in README.md [[https://github.com/advthreat/tenzin-config/pull/1000][#1000]]
|
||
|
|
|
||
|
|
*** Ambrose Bonnaire-Sergeant [43]
|
||
|
|
|
||
|
|
**** ctia [15]
|
||
|
|
|
||
|
|
- Bump ring-swagger with proof of memory leak fix [[https://github.com/threatgrid/ctia/pull/1423][#1423]]
|
||
|
|
- Clojure 1.11.1 -> 1.11.2 [[https://github.com/threatgrid/ctia/pull/1416][#1416]]
|
||
|
|
- Revert patch bundle commits [[https://github.com/threatgrid/ctia/pull/1411][#1411]]
|
||
|
|
- Fix 2XX response swagger/coercion, ban ~:return~ [[https://github.com/threatgrid/ctia/pull/1407][#1407]]
|
||
|
|
- Remove asset properties/mapping merging during bundle patch [[https://github.com/threatgrid/ctia/pull/1408][#1408]]
|
||
|
|
- Fix :body descriptions [[https://github.com/threatgrid/ctia/pull/1409][#1409]]
|
||
|
|
- Fix POST /bulk schema checking [[https://github.com/threatgrid/ctia/pull/1406][#1406]]
|
||
|
|
- Use prn instead of pprint for logs [[https://github.com/threatgrid/ctia/pull/1401][#1401]]
|
||
|
|
- Eval routes and options given to ~context~ at initialization time [[https://github.com/threatgrid/ctia/pull/1394][#1394]]
|
||
|
|
- Use ~st/merge~ to merge schemas instead of ~into~ [[https://github.com/threatgrid/ctia/pull/1398][#1398]]
|
||
|
|
- Never match existing asset-* entities when patch-existing=false [[https://github.com/threatgrid/ctia/pull/1395][#1395]]
|
||
|
|
- Re-enable incident tests [[https://github.com/threatgrid/ctia/pull/1393][#1393]]
|
||
|
|
- Add external_ids to investigation select fields [[https://github.com/threatgrid/ctia/pull/1392][#1392]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- New bundle/import option: merge previous incident tactics/techniques [[https://github.com/threatgrid/ctia/pull/1388][#1388]]
|
||
|
|
- Patch existing entities in ~POST /bundle/import~ [[https://github.com/threatgrid/ctia/pull/1383][#1383]]
|
||
|
|
**** iroh [24]
|
||
|
|
|
||
|
|
- Bump ring-swagger and prove it fixes the memory leak [[https://github.com/advthreat/iroh/pull/9244][#9244]]
|
||
|
|
- Fix typo in debug log [[https://github.com/advthreat/iroh/pull/9228][#9228]]
|
||
|
|
- Debug logs to investigate person assets not being imported [[https://github.com/advthreat/iroh/pull/9227][#9227]]
|
||
|
|
- Update status endpoint to keep conure updated [[https://github.com/advthreat/iroh/pull/9209][#9209]]
|
||
|
|
- Update test for new carmine non-FIFO queues: ~queue-status-report-test~ [[https://github.com/advthreat/iroh/pull/9103][#9103]]
|
||
|
|
- Make generated tk meta easier to review using pprint [[https://github.com/advthreat/iroh/pull/8805][#8805]]
|
||
|
|
- Restrict possible values for updated asset properties [[https://github.com/advthreat/iroh/pull/9022][#9022]]
|
||
|
|
- Don't forward response headers from CTIA to IROH [[https://github.com/advthreat/iroh/pull/9014][#9014]]
|
||
|
|
- Only subscribe incidents with supported observables [[https://github.com/advthreat/iroh/pull/9000][#9000]]
|
||
|
|
- Fix flaky test [[https://github.com/advthreat/iroh/pull/9001][#9001]]
|
||
|
|
- Redis: Set NX / XX [[https://github.com/advthreat/iroh/pull/8970][#8970]]
|
||
|
|
- Bulk asset update + rescoring route [[https://github.com/advthreat/iroh/pull/8963][#8963]]
|
||
|
|
- Fix logf call [[https://github.com/advthreat/iroh/pull/8925][#8925]]
|
||
|
|
- Fix incident subscription args, and only subscribe incident if observables/identities are non-empty [[https://github.com/advthreat/iroh/pull/8921][#8921]]
|
||
|
|
- Fix DI subscription URL [[https://github.com/advthreat/iroh/pull/8914][#8914]]
|
||
|
|
- Revert patch bundle commits [[https://github.com/advthreat/iroh/pull/8903][#8903]]
|
||
|
|
- Fix swagger description [[https://github.com/advthreat/iroh/pull/8905][#8905]]
|
||
|
|
- Asset properties update and incident rescoring route [[https://github.com/advthreat/iroh/pull/8843][#8843]]
|
||
|
|
- Rescoring task [[https://github.com/advthreat/iroh/pull/8869][#8869]]
|
||
|
|
- Generate valid DI auth tokens for incident subscriptions [[https://github.com/advthreat/iroh/pull/8804][#8804]]
|
||
|
|
- Fix ~(reset)~ [[https://github.com/advthreat/iroh/pull/8799][#8799]]
|
||
|
|
- Subscribe to incident asset rescoring via DI [[https://github.com/advthreat/iroh/pull/8699][#8699]]
|
||
|
|
- Only pass default patch-existing query params in bundle/import proxy if patch-existing=true [[https://github.com/advthreat/iroh/pull/8725][#8725]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- Enable entity patching in POST /private-intel/bundle/import [[https://github.com/advthreat/iroh/pull/8492][#8492]]
|
||
|
|
**** tenzin-config [4]
|
||
|
|
|
||
|
|
- Bulk asset update limits [[https://github.com/advthreat/tenzin-config/pull/1059][#1059]]
|
||
|
|
- Add Conure url to Private intel config [[https://github.com/advthreat/tenzin-config/pull/1052][#1052]]
|
||
|
|
- Add config for DI client in iroh-engine [[https://github.com/advthreat/tenzin-config/pull/1036][#1036]]
|
||
|
|
- Add device insights url to iroh-engine config [[https://github.com/advthreat/tenzin-config/pull/1014][#1014]]
|
||
|
|
** integrations
|
||
|
|
|
||
|
|
|
||
|
|
*** Matthieu Sprunck [22]
|
||
|
|
|
||
|
|
**** iroh [18]
|
||
|
|
|
||
|
|
- Rename automation_workflow_disabled to automation_workflow_definition [[https://github.com/advthreat/iroh/pull/9196][#9196]]
|
||
|
|
- Revert "Update the json appender to rename the output level key (#9187)" [[https://github.com/advthreat/iroh/pull/9191][#9191]]
|
||
|
|
- Change Incident Assignment Notification wording [[https://github.com/advthreat/iroh/pull/9189][#9189]]
|
||
|
|
- Add title and link to the incident in the incident assignment notification [[https://github.com/advthreat/iroh/pull/9188][#9188]]
|
||
|
|
- Add a log when an unexpected status is returned from KafkaConnect [[https://github.com/advthreat/iroh/pull/9153][#9153]]
|
||
|
|
- IROH Proxy: Correct handling for path with spaces (%20) [[https://github.com/advthreat/iroh/pull/9149][#9149]]
|
||
|
|
- Build notification type name from notification type [[https://github.com/advthreat/iroh/pull/9140][#9140]]
|
||
|
|
- JMX metrics for clj-http connection manager [[https://github.com/advthreat/iroh/pull/8765][#8765]]
|
||
|
|
- Always decompress the body when status is not 2xx [[https://github.com/advthreat/iroh/pull/8527][#8527]]
|
||
|
|
- Restore default expiration (24h) for the local session token [[https://github.com/advthreat/iroh/pull/8747][#8747]]
|
||
|
|
- Workflow event schema changes [[https://github.com/advthreat/iroh/pull/8656][#8656]]
|
||
|
|
- IROH Proxy: remove headers set by the reverse proxy [[https://github.com/advthreat/iroh/pull/8655][#8655]]
|
||
|
|
- More log context to investigate #8638 [[https://github.com/advthreat/iroh/pull/8654][#8654]]
|
||
|
|
- Add logging info to investigate #8638 [[https://github.com/advthreat/iroh/pull/8653][#8653]]
|
||
|
|
- StackOverflowError temporary fix [[https://github.com/advthreat/iroh/pull/8607][#8607]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- Allow any header name in the remote module auth configuration [[https://github.com/advthreat/iroh/pull/8529][#8529]]
|
||
|
|
- Add ciscoxdr as a valid Feedback source [[https://github.com/advthreat/iroh/pull/8515][#8515]]
|
||
|
|
- Fix Duo Admin API Auth (sigv2) for POST requests [[https://github.com/advthreat/iroh/pull/8330][#8330]]
|
||
|
|
**** tenzin-config [4]
|
||
|
|
|
||
|
|
- Configure XDR URL in the PrivateIntel service for the Assignment notification [[https://github.com/advthreat/tenzin-config/pull/1116][#1116]]
|
||
|
|
- Create a module record for Microsoft Graph API [[https://github.com/advthreat/tenzin-config/pull/1050][#1050]]
|
||
|
|
- Fix settings names for JAMF auth upgrade [[https://github.com/advthreat/tenzin-config/pull/1048][#1048]]
|
||
|
|
- Use Token Auth with the JAMF Classic API [[https://github.com/advthreat/tenzin-config/pull/1038][#1038]]
|
||
|
|
|
||
|
|
*** Kirill Chernyshov [46]
|
||
|
|
|
||
|
|
**** iroh [39]
|
||
|
|
|
||
|
|
- Draft design [[https://github.com/advthreat/iroh/pull/9201][#9201]]
|
||
|
|
- Format redirect url for email notification [[https://github.com/advthreat/iroh/pull/9211][#9211]]
|
||
|
|
- Use static string 'Cisco' as a subtitle [[https://github.com/advthreat/iroh/pull/9210][#9210]]
|
||
|
|
- Coerce incoming notification before email format [[https://github.com/advthreat/iroh/pull/9204][#9204]]
|
||
|
|
- [REFACTORING] Standardize trapperkeeper usage [[https://github.com/advthreat/iroh/pull/9177][#9177]]
|
||
|
|
- Use ~notify!~ to create notification via API call [[https://github.com/advthreat/iroh/pull/9162][#9162]]
|
||
|
|
- Fix copyright notice in email template [[https://github.com/advthreat/iroh/pull/9159][#9159]]
|
||
|
|
- Add simple template for notification email [[https://github.com/advthreat/iroh/pull/9150][#9150]]
|
||
|
|
- Allow nil as a correlation id [[https://github.com/advthreat/iroh/pull/9143][#9143]]
|
||
|
|
- Fix for EventService initialization [[https://github.com/advthreat/iroh/pull/9141][#9141]]
|
||
|
|
- Respect user notification preferences [[https://github.com/advthreat/iroh/pull/9133][#9133]]
|
||
|
|
- Add default config for NotificationInDelivery [[https://github.com/advthreat/iroh/pull/9128][#9128]]
|
||
|
|
- 8938 e8811 process email notification delivery [[https://github.com/advthreat/iroh/pull/9127][#9127]]
|
||
|
|
- Fix config key [[https://github.com/advthreat/iroh/pull/9115][#9115]]
|
||
|
|
- Fix dev config for NotificationInDeliveryService [[https://github.com/advthreat/iroh/pull/9113][#9113]]
|
||
|
|
- On recieving NotificationRequest notify users according to their preference [[https://github.com/advthreat/iroh/pull/9087][#9087]]
|
||
|
|
- Upgrade clojure 1.11.1 -> 1.11.2 [[https://github.com/advthreat/iroh/pull/9072][#9072]]
|
||
|
|
- Remove maintenance notification type [[https://github.com/advthreat/iroh/pull/9069][#9069]]
|
||
|
|
- 8933 e8811 create notificationindeliveryservice persistence only [[https://github.com/advthreat/iroh/pull/9025][#9025]]
|
||
|
|
- "In App" -> "In-App" [[https://github.com/advthreat/iroh/pull/9020][#9020]]
|
||
|
|
- Add correct :name and :description to notification type meta [[https://github.com/advthreat/iroh/pull/9012][#9012]]
|
||
|
|
- NotificationPreference API real endpoint [[https://github.com/advthreat/iroh/pull/8995][#8995]]
|
||
|
|
- NotificationPreference Service [[https://github.com/advthreat/iroh/pull/8982][#8982]]
|
||
|
|
- Fixes for notification endpoint [[https://github.com/advthreat/iroh/pull/8964][#8964]]
|
||
|
|
- Add notification preference api endpoints [[https://github.com/advthreat/iroh/pull/8947][#8947]]
|
||
|
|
- Initial draft design of notifications delivery [[https://github.com/advthreat/iroh/pull/8844][#8844]]
|
||
|
|
- Refactor data streams service [[https://github.com/advthreat/iroh/pull/8793][#8793]]
|
||
|
|
- DRY'ed out client-creds-token namespace [[https://github.com/advthreat/iroh/pull/8783][#8783]]
|
||
|
|
- Kafka connect monitoring [[https://github.com/advthreat/iroh/pull/8278][#8278]]
|
||
|
|
- Handle undelivered records [[https://github.com/advthreat/iroh/pull/8634][#8634]]
|
||
|
|
- Events data retention enforcement job [[https://github.com/advthreat/iroh/pull/8722][#8722]]
|
||
|
|
- Iroh events data retention implementation [[https://github.com/advthreat/iroh/pull/8666][#8666]]
|
||
|
|
- Iroh events postgres data retention [[https://github.com/advthreat/iroh/pull/8693][#8693]]
|
||
|
|
- Use timbre for logging [[https://github.com/advthreat/iroh/pull/8651][#8651]]
|
||
|
|
- Add draft design for IROH Events data retention [[https://github.com/advthreat/iroh/pull/8585][#8585]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- Fix shutdown process of Kafka Consumer [[https://github.com/advthreat/iroh/pull/8558][#8558]]
|
||
|
|
- Fixes for CTIA Transfer service [[https://github.com/advthreat/iroh/pull/8552][#8552]]
|
||
|
|
- Transfer CTIA Events [[https://github.com/advthreat/iroh/pull/8514][#8514]]
|
||
|
|
- Tiny fix for EventWebservice router [[https://github.com/advthreat/iroh/pull/8493][#8493]]
|
||
|
|
**** tenzin-config [7]
|
||
|
|
|
||
|
|
- Add KafkaProducerService to all envs [[https://github.com/advthreat/tenzin-config/pull/1107][#1107]]
|
||
|
|
- Add email kafka consumer to all envs [[https://github.com/advthreat/tenzin-config/pull/1106][#1106]]
|
||
|
|
- Enable kafka consumer for email notifications [[https://github.com/advthreat/tenzin-config/pull/1099][#1099]]
|
||
|
|
- Add new kafka topics for IROH notifications [[https://github.com/advthreat/tenzin-config/pull/1070][#1070]]
|
||
|
|
- Add ES sink connector v2 to test full migration [[https://github.com/advthreat/tenzin-config/pull/1035][#1035]]
|
||
|
|
- Fix broken data stream on TEST [[https://github.com/advthreat/tenzin-config/pull/1034][#1034]]
|
||
|
|
- Config for DataStreams service [[https://github.com/advthreat/tenzin-config/pull/1033][#1033]]
|
||
|
|
|
||
|
|
*** Shafiq [31]
|
||
|
|
|
||
|
|
**** iroh [28]
|
||
|
|
|
||
|
|
- Design Automation-Remote target for iroh-proxy [[https://github.com/advthreat/iroh/pull/9190][#9190]]
|
||
|
|
- Trim whitespace when interpolating pipe transforms [[https://github.com/advthreat/iroh/pull/9121][#9121]]
|
||
|
|
- Support for GoogleAPI Authorization [[https://github.com/advthreat/iroh/pull/9106][#9106]]
|
||
|
|
- Refactor proxy health check [[https://github.com/advthreat/iroh/pull/9066][#9066]]
|
||
|
|
- Data retention cleanup of notification services [[https://github.com/advthreat/iroh/pull/9064][#9064]]
|
||
|
|
- Apply data retention policy on iroh-notifications [[https://github.com/advthreat/iroh/pull/9054][#9054]]
|
||
|
|
- Add ~:remote~ type in configuration spec fields [[https://github.com/advthreat/iroh/pull/9046][#9046]]
|
||
|
|
- Refactor proxy-health-check [[https://github.com/advthreat/iroh/pull/9033][#9033]]
|
||
|
|
- Update proxy-health-check logging [[https://github.com/advthreat/iroh/pull/9028][#9028]]
|
||
|
|
- Update proxy health check logging [[https://github.com/advthreat/iroh/pull/9024][#9024]]
|
||
|
|
- Perform relay-api request based on observable-types [[https://github.com/advthreat/iroh/pull/9017][#9017]]
|
||
|
|
- Add selection of settings for configuration-token auth [[https://github.com/advthreat/iroh/pull/9007][#9007]]
|
||
|
|
- Support for dedicated url setting for iroh-proxy requests [[https://github.com/advthreat/iroh/pull/8998][#8998]]
|
||
|
|
- Route for patching module-type documentation [[https://github.com/advthreat/iroh/pull/8981][#8981]]
|
||
|
|
- Add filtering of notifications using multiple statuses [[https://github.com/advthreat/iroh/pull/8974][#8974]]
|
||
|
|
- Support for transforming interpolated strings. [[https://github.com/advthreat/iroh/pull/8945][#8945]]
|
||
|
|
- Construct token url from base-url setting [[https://github.com/advthreat/iroh/pull/8923][#8923]]
|
||
|
|
- [IROH Proxy] Support for Rubrik and Commvault API services [[https://github.com/advthreat/iroh/pull/8902][#8902]]
|
||
|
|
- [iroh-proxy] Include POST method for proxy health check [[https://github.com/advthreat/iroh/pull/8878][#8878]]
|
||
|
|
- Update relay-module schemas for Checkpoint auth [[https://github.com/advthreat/iroh/pull/8875][#8875]]
|
||
|
|
- [iroh-proxy] Implement Checkpoint Smart-1 authentication [[https://github.com/advthreat/iroh/pull/8873][#8873]]
|
||
|
|
- Fix schema of proxy health check [[https://github.com/advthreat/iroh/pull/8827][#8827]]
|
||
|
|
- Add string matching for health check [[https://github.com/advthreat/iroh/pull/8815][#8815]]
|
||
|
|
- Fallback to iroh-events store when kafka send fails [[https://github.com/advthreat/iroh/pull/8786][#8786]]
|
||
|
|
- Fix mapping for incident events [[https://github.com/advthreat/iroh/pull/8703][#8703]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- Update iroh-event developer doc [[https://github.com/advthreat/iroh/pull/8596][#8596]]
|
||
|
|
- Add x-sort header to support search_after pagination [[https://github.com/advthreat/iroh/pull/8586][#8586]]
|
||
|
|
- Identify trusted service to service req for SE [[https://github.com/advthreat/iroh/pull/8495][#8495]]
|
||
|
|
**** tenzin-config [3]
|
||
|
|
|
||
|
|
- Swtich to new sink-connector in INT [[https://github.com/advthreat/tenzin-config/pull/1024][#1024]]
|
||
|
|
- Add updated sink connector for all envs [[https://github.com/advthreat/tenzin-config/pull/1021][#1021]]
|
||
|
|
- Add sink connector for new iroh-event datastream [[https://github.com/advthreat/tenzin-config/pull/1019][#1019]]
|
||
|
|
** auth
|
||
|
|
|
||
|
|
|
||
|
|
*** bartuka [71]
|
||
|
|
|
||
|
|
**** iroh [52]
|
||
|
|
|
||
|
|
- add ~:content-type :json~ explicitly to clj-http [[https://github.com/advthreat/iroh/pull/9090][#9090]]
|
||
|
|
- Brownfield Provisioning - make the ~region~ field available for TEST purposes only [[https://github.com/advthreat/iroh/pull/9079][#9079]]
|
||
|
|
- Improve logs for Brownfield provisioning [[https://github.com/advthreat/iroh/pull/9076][#9076]]
|
||
|
|
- [IROH Auth] update QA routes for Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/9053][#9053]]
|
||
|
|
- [IROH Auth] Fix access token brownfield provisioning [[https://github.com/advthreat/iroh/pull/9049][#9049]]
|
||
|
|
- [IROH Auth] bugfix - accept empty string as entitlement value for universal provisioning [[https://github.com/advthreat/iroh/pull/9021][#9021]]
|
||
|
|
- [IROH Auth] FMC add re-token proxy request [[https://github.com/advthreat/iroh/pull/9011][#9011]]
|
||
|
|
- [IROH Auth] fix FMC redirect call to ~/device~ [[https://github.com/advthreat/iroh/pull/8987][#8987]]
|
||
|
|
- [IROH Auth] fix device verification redirection [[https://github.com/advthreat/iroh/pull/8979][#8979]]
|
||
|
|
- fix proxy requests to FMC [[https://github.com/advthreat/iroh/pull/8972][#8972]]
|
||
|
|
- [IROH Auth] FMC OAuth2 and SSE proxies [[https://github.com/advthreat/iroh/pull/8840][#8840]]
|
||
|
|
- [IROH Auth] Improvements to universal provisioning callback [[https://github.com/advthreat/iroh/pull/8913][#8913]]
|
||
|
|
- [IROH Auth] bugfix #4: add ~:content-type :json~ to callback request [[https://github.com/advthreat/iroh/pull/8909][#8909]]
|
||
|
|
- [IROH Auth] fix payload sent to PIAM callback_url after provisioning was complete [[https://github.com/advthreat/iroh/pull/8900][#8900]]
|
||
|
|
- [IROH Auth] bugfix Universal Provisioning created schema error [[https://github.com/advthreat/iroh/pull/8892][#8892]]
|
||
|
|
- [IROH Auth] bugfix parsing OKTA JWT scopes [[https://github.com/advthreat/iroh/pull/8880][#8880]]
|
||
|
|
- [IROH Auth] Brownfield provisioning - endpoint to attach existing tenant to a SBG product [[https://github.com/advthreat/iroh/pull/8806][#8806]]
|
||
|
|
- [IROH Auth] Support FMC in the ~jwks~ service [[https://github.com/advthreat/iroh/pull/8830][#8830]]
|
||
|
|
- [IROH Auth] Fix DI onboarding in Universal Provisioning Flow [[https://github.com/advthreat/iroh/pull/8813][#8813]]
|
||
|
|
- Revert "[IROH Auth] support for FMC token in JWKS Service" [[https://github.com/advthreat/iroh/pull/8816][#8816]]
|
||
|
|
- [IROH Auth] support for FMC token in JWKS Service [[https://github.com/advthreat/iroh/pull/8808][#8808]]
|
||
|
|
- [IROH Auth] Check QA ~callback_url~ to complete provisioning tests [[https://github.com/advthreat/iroh/pull/8763][#8763]]
|
||
|
|
- [IROH Auth] better swagger descriptions for Universal Provisioning [[https://github.com/advthreat/iroh/pull/8752][#8752]]
|
||
|
|
- [IROH Auth] remove empty strings from ~client-id~ got from Vault [[https://github.com/advthreat/iroh/pull/8760][#8760]]
|
||
|
|
- [IROH Auth] add missing scope to get OKTA JWT [[https://github.com/advthreat/iroh/pull/8759][#8759]]
|
||
|
|
- [IROH Auth] add logs to investigate get okta jwt [[https://github.com/advthreat/iroh/pull/8758][#8758]]
|
||
|
|
- [IROH Auth] bugfix - ~client/post~ should use ~:form-params~ instead of ~:body~ [[https://github.com/advthreat/iroh/pull/8753][#8753]]
|
||
|
|
- [IROH Auth] bugfixes - arity exception, change ~product-response~ datatype, change ~pmap~ to ~map~ [[https://github.com/advthreat/iroh/pull/8738][#8738]]
|
||
|
|
- [IROH Auth] bugfix - fix urls in ~POST /tenants~ returned value and payload field names [[https://github.com/advthreat/iroh/pull/8733][#8733]]
|
||
|
|
- [IROH Auth] Cache OKTA JWT used for provisioning callback [[https://github.com/advthreat/iroh/pull/8727][#8727]]
|
||
|
|
- [IROH Auth] Improvements on logs and error handling to UniversalProvisioning and JWKSService [[https://github.com/advthreat/iroh/pull/8707][#8707]]
|
||
|
|
- [IROH Auth] Duplicate ~universal-provisioning~ web routes to accept IROH JWTs [[https://github.com/advthreat/iroh/pull/8675][#8675]]
|
||
|
|
- [IROH Auth] Expose ~callbacks packages~ store to check Universal Provisioning status [[https://github.com/advthreat/iroh/pull/8702][#8702]]
|
||
|
|
- [IROH Auth] Improve 202 Accepted response for ~/universal-provisioning/create-tenants~ [[https://github.com/advthreat/iroh/pull/8701][#8701]]
|
||
|
|
- [IROH Auth] Fix name convention to callbacks route in Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/8691][#8691]]
|
||
|
|
- [IROH Auth] Gen OKTA JWT to callback request in Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/8673][#8673]]
|
||
|
|
- bugfix - missing ~UniversalProvisioningCallbackService~ to deploy IROH nodes [[https://github.com/advthreat/iroh/pull/8680][#8680]]
|
||
|
|
- [IROH Auth] Check pending provisions from time-to-time. Endpoint that will be called by OPS tick [[https://github.com/advthreat/iroh/pull/8674][#8674]]
|
||
|
|
- [IROH Auth] Add callback handler to receive provisioning status from downstream apps [[https://github.com/advthreat/iroh/pull/8633][#8633]]
|
||
|
|
- [IROH Auth] Add support to UserIdentity JWTs in ~JWKSService~ [[https://github.com/advthreat/iroh/pull/8647][#8647]]
|
||
|
|
- [IROH Auth] Bugfix in JWKSService logic [[https://github.com/advthreat/iroh/pull/8659][#8659]]
|
||
|
|
- [IROH Auth] update docs for Universal Provisioning work [[https://github.com/advthreat/iroh/pull/8640][#8640]]
|
||
|
|
- [IROH Auth] Simplify IROH Web Core by leveraging ~JWKSService~ for all webservices [[https://github.com/advthreat/iroh/pull/8632][#8632]]
|
||
|
|
- [IROH Auth] Add structure to keep track of onboardings to support async flow in Universal Provisioning [[https://github.com/advthreat/iroh/pull/8599][#8599]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- [IROH Auth] Add support to accept IROH Auth JWTs and External JWTs in a WebService [[https://github.com/advthreat/iroh/pull/8528][#8528]]
|
||
|
|
- [IROH Auth] bump ~ring-jwt-middleware~ to ~1.1.5~ [[https://github.com/advthreat/iroh/pull/8568][#8568]]
|
||
|
|
- [IROH Auth] check entitlements schema in universal piam flow [[https://github.com/advthreat/iroh/pull/8560][#8560]]
|
||
|
|
- [IROH Auth] fix check of ~allowed-origins~ for ~registration_redirect~ query param [[https://github.com/advthreat/iroh/pull/8559][#8559]]
|
||
|
|
- [IROH Auth] move ~oauth2-jwkset~ to ~jwks-svc~ [[https://github.com/advthreat/iroh/pull/8534][#8534]]
|
||
|
|
- [IROH Auth] - Expose ~universal-provisioning-web-service~ [[https://github.com/advthreat/iroh/pull/8499][#8499]]
|
||
|
|
- [IROH Auth] move ~is-trusted-clients?~ to ~OAuth2ClientService~ [[https://github.com/advthreat/iroh/pull/8502][#8502]]
|
||
|
|
- [IROH Auth] add ~UniversalProvisioningService~ [[https://github.com/advthreat/iroh/pull/8459][#8459]]
|
||
|
|
**** ring-jwt-middleware [11]
|
||
|
|
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- add test case
|
||
|
|
- update readme
|
||
|
|
- fix schema
|
||
|
|
- log the full jwt when error
|
||
|
|
- use the default value
|
||
|
|
- fix tests by adding ~post-jwt-format-fn-arg-fn~ to config and schema
|
||
|
|
- fix all tests by changing the output of ~decode~
|
||
|
|
- Merge pull request #28 from threatgrid/pubkey-fn-arg-fn
|
||
|
|
- fix config_test
|
||
|
|
- add test case
|
||
|
|
- initial commit
|
||
|
|
**** tenzin-config [8]
|
||
|
|
|
||
|
|
- add fmc client id for each env [[https://github.com/advthreat/tenzin-config/pull/1065][#1065]]
|
||
|
|
- fix url for device verification [[https://github.com/advthreat/tenzin-config/pull/1058][#1058]]
|
||
|
|
- Add FMC Proxy configuration [[https://github.com/advthreat/tenzin-config/pull/1056][#1056]]
|
||
|
|
- fix okta links [[https://github.com/advthreat/tenzin-config/pull/1043][#1043]]
|
||
|
|
- FMC base-urls to configure JWKS [[https://github.com/advthreat/tenzin-config/pull/1040][#1040]]
|
||
|
|
- [IROH Auth] bugfix - add config to okta jwks [[https://github.com/advthreat/tenzin-config/pull/1017][#1017]]
|
||
|
|
- [IROH Auth] add OKTA config for Universal Provisioning flow #1010 [[https://github.com/advthreat/tenzin-config/pull/1013][#1013]]
|
||
|
|
- add universal_provisioning_callbacks store [[https://github.com/advthreat/tenzin-config/pull/1011][#1011]]
|
||
|
|
|
||
|
|
*** Yann Esposito [130]
|
||
|
|
|
||
|
|
**** iroh [55]
|
||
|
|
|
||
|
|
- improve Client credentials error message to help debug [[https://github.com/advthreat/iroh/pull/9213][#9213]]
|
||
|
|
- Attempt to provide a body to the onboarding with mustache [[https://github.com/advthreat/iroh/pull/9151][#9151]]
|
||
|
|
- provisioning API for Org apps [[https://github.com/advthreat/iroh/pull/9195][#9195]]
|
||
|
|
- Revert "add admin-ui to the gh-pages (#9222)" [[https://github.com/advthreat/iroh/pull/9223][#9223]]
|
||
|
|
- add admin-ui to the gh-pages [[https://github.com/advthreat/iroh/pull/9222][#9222]]
|
||
|
|
- Add sc-enabled? flag to profile API views [[https://github.com/advthreat/iroh/pull/9192][#9192]]
|
||
|
|
- [PIAM Brownfield Provisioning]: Provide a way to update link tenants [[https://github.com/advthreat/iroh/pull/9186][#9186]]
|
||
|
|
- Add apps field to Orgs [[https://github.com/advthreat/iroh/pull/9175][#9175]]
|
||
|
|
- improve response when PIAM returns an error [[https://github.com/advthreat/iroh/pull/9183][#9183]]
|
||
|
|
- fix flaky test invite-test paging [[https://github.com/advthreat/iroh/pull/9182][#9182]]
|
||
|
|
- Support aero configurations [[https://github.com/advthreat/iroh/pull/9170][#9170]]
|
||
|
|
- Fix invites pagination [[https://github.com/advthreat/iroh/pull/9138][#9138]]
|
||
|
|
- Support FMC returning Bearer instead of bearer [[https://github.com/advthreat/iroh/pull/9126][#9126]]
|
||
|
|
- composable jwks test helper [[https://github.com/advthreat/iroh/pull/9120][#9120]]
|
||
|
|
- Sync user-name during SCSO login [[https://github.com/advthreat/iroh/pull/9117][#9117]]
|
||
|
|
- Another IPv6 in URL fix [[https://github.com/advthreat/iroh/pull/9084][#9084]]
|
||
|
|
- Support IPv6 in URL for inspect service [[https://github.com/advthreat/iroh/pull/9083][#9083]]
|
||
|
|
- Update of the login doc [[https://github.com/advthreat/iroh/pull/9067][#9067]]
|
||
|
|
- optimize search user given a list of ids [[https://github.com/advthreat/iroh/pull/9018][#9018]]
|
||
|
|
- Fix link tenant bug [[https://github.com/advthreat/iroh/pull/8975][#8975]]
|
||
|
|
- Upgrade Org to XDR on first entitlement update. [[https://github.com/advthreat/iroh/pull/8881][#8881]]
|
||
|
|
- [IROH-Auth]: Auth Code Grant Client that do not generate any refresh token [[https://github.com/advthreat/iroh/pull/8927][#8927]]
|
||
|
|
- Specialize TAC routes access [[https://github.com/advthreat/iroh/pull/8884][#8884]]
|
||
|
|
- Remove legacy restriction of AO scopes [[https://github.com/advthreat/iroh/pull/8890][#8890]]
|
||
|
|
- Update deps to accept JWT without nbf claim [[https://github.com/advthreat/iroh/pull/8872][#8872]]
|
||
|
|
- New endpoint to ease impersonation usage [[https://github.com/advthreat/iroh/pull/8855][#8855]]
|
||
|
|
- Fix PIAM Universal Provisioning routes [[https://github.com/advthreat/iroh/pull/8828][#8828]]
|
||
|
|
- Should fix open impersonate flaky test [[https://github.com/advthreat/iroh/pull/8809][#8809]]
|
||
|
|
- Keep track of impersonators [[https://github.com/advthreat/iroh/pull/8736][#8736]]
|
||
|
|
- Restrict TAC routes to admins [[https://github.com/advthreat/iroh/pull/8794][#8794]]
|
||
|
|
- Remove with-tk [[https://github.com/advthreat/iroh/pull/8779][#8779]]
|
||
|
|
- Code/Test Improvements [[https://github.com/advthreat/iroh/pull/8767][#8767]]
|
||
|
|
- add a test for matching schema [[https://github.com/advthreat/iroh/pull/8770][#8770]]
|
||
|
|
- Custom Role Design doc [[https://github.com/advthreat/iroh/pull/8497][#8497]]
|
||
|
|
- Attempt to improve error message of match? [[https://github.com/advthreat/iroh/pull/8769][#8769]]
|
||
|
|
- Use ~cid~ for ~trace_id~ when present [[https://github.com/advthreat/iroh/pull/8754][#8754]]
|
||
|
|
- Support public client for custom routes [[https://github.com/advthreat/iroh/pull/8749][#8749]]
|
||
|
|
- Add playbook scope [[https://github.com/advthreat/iroh/pull/8739][#8739]]
|
||
|
|
- Fix webhook race condition risk [[https://github.com/advthreat/iroh/pull/8728][#8728]]
|
||
|
|
- Call get-org only once for org-virtual user [[https://github.com/advthreat/iroh/pull/8724][#8724]]
|
||
|
|
- Use a cache for entitlement summaries [[https://github.com/advthreat/iroh/pull/8667][#8667]]
|
||
|
|
- upgrade jetty version [[https://github.com/advthreat/iroh/pull/8714][#8714]]
|
||
|
|
- Remove a forgotten pretty printer [[https://github.com/advthreat/iroh/pull/8713][#8713]]
|
||
|
|
- Fast Event Notifier dispatch using event-type [[https://github.com/advthreat/iroh/pull/8650][#8650]]
|
||
|
|
- Fix DI onboarding [[https://github.com/advthreat/iroh/pull/8657][#8657]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- Generalize default indexes for data retention [[https://github.com/advthreat/iroh/pull/8598][#8598]]
|
||
|
|
- [Data Retention Policy]: Delete incident summaries along incident [[https://github.com/advthreat/iroh/pull/8576][#8576]]
|
||
|
|
- [Provisioning] Introduce ~product-instance-id~ [[https://github.com/advthreat/iroh/pull/8577][#8577]]
|
||
|
|
- Simply wait a lot more for ES to sync [[https://github.com/advthreat/iroh/pull/8553][#8553]]
|
||
|
|
- Quick fix on the IROH login page [[https://github.com/advthreat/iroh/pull/8564][#8564]]
|
||
|
|
- Prevent org duplication during provisioning [[https://github.com/advthreat/iroh/pull/8556][#8556]]
|
||
|
|
- Declared scopes tree [[https://github.com/advthreat/iroh/pull/8537][#8537]]
|
||
|
|
- Improve constraints against Entitlements [[https://github.com/advthreat/iroh/pull/8525][#8525]]
|
||
|
|
- Fix admin route to support combinators [[https://github.com/advthreat/iroh/pull/8377][#8377]]
|
||
|
|
- Data Retention endpoint returns immediately [[https://github.com/advthreat/iroh/pull/8486][#8486]]
|
||
|
|
**** iroh-scripts [43]
|
||
|
|
|
||
|
|
- fix a bug with trust client
|
||
|
|
- fix resend-invite
|
||
|
|
- script to remove flags
|
||
|
|
- fix a bug in create-super-org
|
||
|
|
- relink scc script
|
||
|
|
- prevent id collision
|
||
|
|
- cleaned-up get-org response
|
||
|
|
- Added add-flag script here
|
||
|
|
- CSE client and better patch
|
||
|
|
- resend-invite
|
||
|
|
- add SXP riles prod clients
|
||
|
|
- improve client manipulations
|
||
|
|
- Updated scripts
|
||
|
|
- use include
|
||
|
|
- use local clojure
|
||
|
|
- Added a better alias for sxo clients
|
||
|
|
- SXO rules
|
||
|
|
- added ai client with script
|
||
|
|
- Fix
|
||
|
|
- A few new scripts
|
||
|
|
- Super client should be part of XDR orgs
|
||
|
|
- Super org should have the XDR flag
|
||
|
|
- Add admin user
|
||
|
|
- updated and added scripts
|
||
|
|
- save and improve client aliases
|
||
|
|
- save improvements
|
||
|
|
- create dashboard clients
|
||
|
|
- Support client aliases in get-client
|
||
|
|
- Update client with client-aliases
|
||
|
|
- many new scripts
|
||
|
|
- added a 1-time script
|
||
|
|
- Add trusted to get-client
|
||
|
|
- Improve search and error messages
|
||
|
|
- Prepare TG to SCSO org migration
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- add scope to a client
|
||
|
|
- Help support cider
|
||
|
|
- add admin to org
|
||
|
|
- Improved descriptions
|
||
|
|
- promote-to-master script
|
||
|
|
- Fix and small improvements
|
||
|
|
- Improve robustness
|
||
|
|
- Scripts for admin
|
||
|
|
- client-pass
|
||
|
|
**** oauth2-client-demo [3]
|
||
|
|
|
||
|
|
- pin packages
|
||
|
|
- reuse authorized url
|
||
|
|
- added Meraki client to the list
|
||
|
|
**** ring-jwt-middleware [7]
|
||
|
|
|
||
|
|
- Version 1.1.7-SNAPSHOT
|
||
|
|
- Version 1.1.6
|
||
|
|
- Support missing nbf JWT [[https://github.com/advthreat/ring-jwt-middleware/pull/30][#30]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- Version 1.1.6-SNAPSHOT
|
||
|
|
- Version 1.1.5
|
||
|
|
- v1.1.5-SNAPSHOT
|
||
|
|
- Version 1.1.4
|
||
|
|
**** scopula [6]
|
||
|
|
|
||
|
|
- Version 0.3.3-SNAPSHOT
|
||
|
|
- Version 0.3.2
|
||
|
|
- real cljs support
|
||
|
|
- Version 0.3.2-SNAPSHOT
|
||
|
|
- Version 0.3.1
|
||
|
|
- support cljs
|
||
|
|
**** tenzin-config [12]
|
||
|
|
|
||
|
|
- add iroh gh-pages to allowed login origin [[https://github.com/advthreat/tenzin-config/pull/1123][#1123]]
|
||
|
|
- New SCA env for TEST/STAGING [[https://github.com/advthreat/tenzin-config/pull/1114][#1114]]
|
||
|
|
- configure automatio rules clients to not be rate limited [[https://github.com/advthreat/tenzin-config/pull/1111][#1111]]
|
||
|
|
- interpolation improvements [[https://github.com/advthreat/tenzin-config/pull/1112][#1112]]
|
||
|
|
- Add support for interpolation and self ref [[https://github.com/advthreat/tenzin-config/pull/1110][#1110]]
|
||
|
|
- Remove rate-limit for another SXO client on INT [[https://github.com/advthreat/tenzin-config/pull/1087][#1087]]
|
||
|
|
- Disable rate-limit SXO client for rules [[https://github.com/advthreat/tenzin-config/pull/1084][#1084]]
|
||
|
|
- Double threads dedicated for VirusTotal http calls [[https://github.com/advthreat/tenzin-config/pull/1051][#1051]]
|
||
|
|
- fix vault tpl transformations and checks [[https://github.com/advthreat/tenzin-config/pull/1041][#1041]]
|
||
|
|
- Remove rate-limit for automation [[https://github.com/advthreat/tenzin-config/pull/1044][#1044]]
|
||
|
|
- Check vault templating error [[https://github.com/advthreat/tenzin-config/pull/1023][#1023]]
|
||
|
|
- Add Universal Provisioning Services [[https://github.com/advthreat/tenzin-config/pull/1015][#1015]]
|
||
|
|
**** xdr-provisioning [4]
|
||
|
|
|
||
|
|
- improved re-onboarding script
|
||
|
|
- use local clojure
|
||
|
|
- Manage entitlements add-ons
|
||
|
|
- add a re-provisioning script that rerun onboardings
|
||
|
|
|
||
|
|
*** Olivier Barbeau [50]
|
||
|
|
|
||
|
|
**** iroh [34]
|
||
|
|
|
||
|
|
- Add number of incidents to each technique in the Mitre matrix [[https://github.com/advthreat/iroh/pull/9157][#9157]]
|
||
|
|
- Fix events and incidents ES stores for DEV [[https://github.com/advthreat/iroh/pull/9154][#9154]]
|
||
|
|
- E8851: XDR Native & detections [[https://github.com/advthreat/iroh/pull/9122][#9122]]
|
||
|
|
- E8851: Design of changes for XDR native detections [[https://github.com/advthreat/iroh/pull/9110][#9110]]
|
||
|
|
- E8851: Product ordering in the coverage of techniques [[https://github.com/advthreat/iroh/pull/9100][#9100]]
|
||
|
|
- E8851: Product ordering and SCA renaming [[https://github.com/advthreat/iroh/pull/9086][#9086]]
|
||
|
|
- E8851: Add Org's integrations to the Mitre matrix [[https://github.com/advthreat/iroh/pull/8993][#8993]]
|
||
|
|
- E8851: Sorting of Mitre elements [[https://github.com/advthreat/iroh/pull/8992][#8992]]
|
||
|
|
- E8851: Static matrix common to all Orgs [[https://github.com/advthreat/iroh/pull/8939][#8939]]
|
||
|
|
- E8851: Talos MITRE coverage files import [[https://github.com/advthreat/iroh/pull/8876][#8876]]
|
||
|
|
- Design of the Talos MITRE coverage files import [[https://github.com/advthreat/iroh/pull/8856][#8856]]
|
||
|
|
- 'iroh' node type and default services for all node types [[https://github.com/advthreat/iroh/pull/8817][#8817]]
|
||
|
|
- Check the list of services for a node type [[https://github.com/advthreat/iroh/pull/8800][#8800]]
|
||
|
|
- Fix merge error on PR 8784 [[https://github.com/advthreat/iroh/pull/8797][#8797]]
|
||
|
|
- [IROH configuration]: Move role-web-service config to default tk files [[https://github.com/advthreat/iroh/pull/8782][#8782]]
|
||
|
|
- [IROH configuration]: Universal Provisioning Services config refactor [[https://github.com/advthreat/iroh/pull/8784][#8784]]
|
||
|
|
- [IROH configuration]: explicit name for generated conf and meta [[https://github.com/advthreat/iroh/pull/8785][#8785]]
|
||
|
|
- Clean bootstrap.cfg; remove tmp file [[https://github.com/advthreat/iroh/pull/8781][#8781]]
|
||
|
|
- Add few additional tests to iroh services [[https://github.com/advthreat/iroh/pull/8762][#8762]]
|
||
|
|
- rewrite tests [[https://github.com/advthreat/iroh/pull/8773][#8773]]
|
||
|
|
- more info for debugging [[https://github.com/advthreat/iroh/pull/8717][#8717]]
|
||
|
|
- [IROH configuration]: general documentation [[https://github.com/advthreat/iroh/pull/8764][#8764]]
|
||
|
|
- update developer doc for api-gateway [[https://github.com/advthreat/iroh/pull/8723][#8723]]
|
||
|
|
- Some test clean-up [[https://github.com/advthreat/iroh/pull/8716][#8716]]
|
||
|
|
- High volume of SQL queries for a single observe/deliberate call [[https://github.com/advthreat/iroh/pull/8682][#8682]]
|
||
|
|
- Remove the state of module instances in ~obfuscate-module-instance~ [[https://github.com/advthreat/iroh/pull/8670][#8670]]
|
||
|
|
- E8388: update proxy-endpoints-metadata endpoint and metadata [[https://github.com/advthreat/iroh/pull/8663][#8663]]
|
||
|
|
- E8388: update x-proxy endpoint and IntService ACL filters [[https://github.com/advthreat/iroh/pull/8608][#8608]]
|
||
|
|
- E8388 : Simplifies upgrade/downgrade tests [[https://github.com/advthreat/iroh/pull/8635][#8635]]
|
||
|
|
- Implement ~Module Instance service~ event handler [[https://github.com/advthreat/iroh/pull/8592][#8592]]
|
||
|
|
- Updates to the design 'entitlement changes for integration modules' [[https://github.com/advthreat/iroh/pull/8541][#8541]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- E8388: add new module-instance events, register Module Instance service as handler [[https://github.com/advthreat/iroh/pull/8547][#8547]]
|
||
|
|
- E8388: Issue 8531 add state to module instance schema [[https://github.com/advthreat/iroh/pull/8544][#8544]]
|
||
|
|
- Issue 8389 design entitlement changes for integration modules [[https://github.com/advthreat/iroh/pull/8510][#8510]]
|
||
|
|
**** tenzin-config [16]
|
||
|
|
|
||
|
|
- add XDR native module types for PROD [[https://github.com/advthreat/tenzin-config/pull/1115][#1115]]
|
||
|
|
- add SCA module-type-id for XDR Native on TEST [temp UI fix] [[https://github.com/advthreat/tenzin-config/pull/1109][#1109]]
|
||
|
|
- add SCA module-type-id for XDR Native [temp UI fix] [[https://github.com/advthreat/tenzin-config/pull/1108][#1108]]
|
||
|
|
- Mitre: Add detections for XDR Native [[https://github.com/advthreat/tenzin-config/pull/1098][#1098]]
|
||
|
|
- product ordering and SCA renaming [[https://github.com/advthreat/tenzin-config/pull/1079][#1079]]
|
||
|
|
- Config for Mitre covering products [[https://github.com/advthreat/tenzin-config/pull/1072][#1072]]
|
||
|
|
- Deep merge for vectors and sets with duplicates check [[https://github.com/advthreat/tenzin-config/pull/1032][#1032]]
|
||
|
|
- Reduce configuration duplicates - config.edn part [[https://github.com/advthreat/tenzin-config/pull/1031][#1031]]
|
||
|
|
- Reduce configuration duplicates - bootstrap.cfg part [[https://github.com/advthreat/tenzin-config/pull/1028][#1028]]
|
||
|
|
- Move role-web-service config to IROH [[https://github.com/advthreat/tenzin-config/pull/1026][#1026]]
|
||
|
|
- Move Universal Provisioning Services config to IROH [[https://github.com/advthreat/tenzin-config/pull/1027][#1027]]
|
||
|
|
- Clean bootstrap cfg [[https://github.com/advthreat/tenzin-config/pull/1025][#1025]]
|
||
|
|
- Remove the ~:registration~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/963][#963]]
|
||
|
|
- Remove the ~:merge-users-by-email~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/962][#962]]
|
||
|
|
- Remove the ~:account-activation-optim~ flag in all environments as it is now activated everywhere. [[https://github.com/advthreat/tenzin-config/pull/961][#961]]
|
||
|
|
- Remove the ~xdr-roles~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/964][#964]]
|
||
|
|
|
||
|
|
*** (Yogsototh) [62]
|
||
|
|
|
||
|
|
**** iroh-scripts [43]
|
||
|
|
|
||
|
|
- fix a bug with trust client
|
||
|
|
- fix resend-invite
|
||
|
|
- script to remove flags
|
||
|
|
- fix a bug in create-super-org
|
||
|
|
- relink scc script
|
||
|
|
- prevent id collision
|
||
|
|
- cleaned-up get-org response
|
||
|
|
- Added add-flag script here
|
||
|
|
- CSE client and better patch
|
||
|
|
- resend-invite
|
||
|
|
- add SXP riles prod clients
|
||
|
|
- improve client manipulations
|
||
|
|
- Updated scripts
|
||
|
|
- use include
|
||
|
|
- use local clojure
|
||
|
|
- Added a better alias for sxo clients
|
||
|
|
- SXO rules
|
||
|
|
- added ai client with script
|
||
|
|
- Fix
|
||
|
|
- A few new scripts
|
||
|
|
- Super client should be part of XDR orgs
|
||
|
|
- Super org should have the XDR flag
|
||
|
|
- Add admin user
|
||
|
|
- updated and added scripts
|
||
|
|
- save and improve client aliases
|
||
|
|
- save improvements
|
||
|
|
- create dashboard clients
|
||
|
|
- Support client aliases in get-client
|
||
|
|
- Update client with client-aliases
|
||
|
|
- many new scripts
|
||
|
|
- added a 1-time script
|
||
|
|
- Add trusted to get-client
|
||
|
|
- Improve search and error messages
|
||
|
|
- Prepare TG to SCSO org migration
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- add scope to a client
|
||
|
|
- Help support cider
|
||
|
|
- add admin to org
|
||
|
|
- Improved descriptions
|
||
|
|
- promote-to-master script
|
||
|
|
- Fix and small improvements
|
||
|
|
- Improve robustness
|
||
|
|
- Scripts for admin
|
||
|
|
- client-pass
|
||
|
|
**** oauth2-client-demo [3]
|
||
|
|
|
||
|
|
- pin packages
|
||
|
|
- reuse authorized url
|
||
|
|
- added Meraki client to the list
|
||
|
|
**** ring-jwt-middleware [6]
|
||
|
|
|
||
|
|
- Version 1.1.7-SNAPSHOT
|
||
|
|
- Version 1.1.6
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- Version 1.1.6-SNAPSHOT
|
||
|
|
- Version 1.1.5
|
||
|
|
- v1.1.5-SNAPSHOT
|
||
|
|
- Version 1.1.4
|
||
|
|
**** scopula [6]
|
||
|
|
|
||
|
|
- Version 0.3.3-SNAPSHOT
|
||
|
|
- Version 0.3.2
|
||
|
|
- real cljs support
|
||
|
|
- Version 0.3.2-SNAPSHOT
|
||
|
|
- Version 0.3.1
|
||
|
|
- support cljs
|
||
|
|
**** xdr-provisioning [4]
|
||
|
|
|
||
|
|
- improved re-onboarding script
|
||
|
|
- use local clojure
|
||
|
|
- Manage entitlements add-ons
|
||
|
|
- add a re-provisioning script that rerun onboardings
|
||
|
|
** iroh-ops
|
||
|
|
|
||
|
|
|
||
|
|
*** Jerome Schneider [1]
|
||
|
|
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
- IROH migrate to new MSK SASL/SCRAM cluster!
|
||
|
|
|
||
|
|
*** Patrick Patat [1]
|
||
|
|
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
- refactor ops config with new ref system [[https://github.com/advthreat/tenzin-config/pull/1113][#1113]]
|
||
|
|
* Other
|
||
|
|
** Other
|
||
|
|
|
||
|
|
|
||
|
|
*** Robert Levy [7]
|
||
|
|
|
||
|
|
**** iroh [6]
|
||
|
|
|
||
|
|
- Inherit properties from type in hierarchical modules [[https://github.com/advthreat/iroh/pull/9042][#9042]]
|
||
|
|
- Format hierarchical modules invalid-parent-id error with context and error type [[https://github.com/advthreat/iroh/pull/8901][#8901]]
|
||
|
|
- Update hardcoded source in Secure Endpoint module [[https://github.com/advthreat/iroh/pull/8874][#8874]]
|
||
|
|
- Expose pagination & search functionality in notifications api [[https://github.com/advthreat/iroh/pull/8803][#8803]]
|
||
|
|
- Fix bug in hierarchical module logic producing empty settings/settings_effective map [[https://github.com/advthreat/iroh/pull/8745][#8745]]
|
||
|
|
- Issue 8158 hierarchical module [[https://github.com/advthreat/iroh/pull/8469][#8469]]
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
- Revert "Adds cache configuration for CrowdStrike (#1002)" [[https://github.com/advthreat/tenzin-config/pull/1005][#1005]]
|
||
|
|
|
||
|
|
*** Eric Gierach [5]
|
||
|
|
|
||
|
|
**** iroh [2]
|
||
|
|
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- bumping iroh-engine to 0.15.13 [[https://github.com/advthreat/iroh/pull/8520][#8520]]
|
||
|
|
- bumping iroh-engine to 0.15.12 [[https://github.com/advthreat/iroh/pull/8509][#8509]]
|
||
|
|
**** tenzin-config [3]
|
||
|
|
|
||
|
|
- removing duplicate entry [[https://github.com/advthreat/tenzin-config/pull/1078][#1078]]
|
||
|
|
- Swap stg and test configs for reporting. [[https://github.com/advthreat/tenzin-config/pull/1077][#1077]]
|
||
|
|
- Disabling reporting until Ops gets the infra set up. [[https://github.com/advthreat/tenzin-config/pull/1075][#1075]]
|
||
|
|
|
||
|
|
*** II [20]
|
||
|
|
|
||
|
|
**** iroh [16]
|
||
|
|
|
||
|
|
- Keeps Kondo from being run on dev start [[https://github.com/advthreat/iroh/pull/9220][#9220]]
|
||
|
|
- Xdr 1282 Adds new Umbrella service to default services [[https://github.com/advthreat/iroh/pull/9214][#9214]]
|
||
|
|
- Xdr 1282 add v 2 token cache to umbrella integration [[https://github.com/advthreat/iroh/pull/9208][#9208]]
|
||
|
|
- XDR-1411 Fixes inconsistent v1 v2 refer [[https://github.com/advthreat/iroh/pull/9197][#9197]]
|
||
|
|
- 9074 remove settings effective [[https://github.com/advthreat/iroh/pull/9075][#9075]]
|
||
|
|
- 8990 umbrella investigate v2 [[https://github.com/advthreat/iroh/pull/9030][#9030]]
|
||
|
|
- 8958 Adds Missing Umbrella v2 Sightings [[https://github.com/advthreat/iroh/pull/8960][#8960]]
|
||
|
|
- 8498 fix token cache [[https://github.com/advthreat/iroh/pull/8911][#8911]]
|
||
|
|
- 8798 create migration to add parents to existing microsoft defender modules [[https://github.com/advthreat/iroh/pull/8870][#8870]]
|
||
|
|
- Throws exception in parent validation on non-existent parent [[https://github.com/advthreat/iroh/pull/8850][#8850]]
|
||
|
|
- Merges module type props on create and update health check [[https://github.com/advthreat/iroh/pull/8845][#8845]]
|
||
|
|
- Implements v2 threat hunting [[https://github.com/advthreat/iroh/pull/8833][#8833]]
|
||
|
|
- This should fix issue with parent settings not used on create-patch [[https://github.com/advthreat/iroh/pull/8822][#8822]]
|
||
|
|
- Adds insights scope to allowed Automation scopes in gen-ao-jwt [[https://github.com/advthreat/iroh/pull/8678][#8678]]
|
||
|
|
- 8496 token cache fix [[https://github.com/advthreat/iroh/pull/8637][#8637]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- 8496 - relay module token cache [[https://github.com/advthreat/iroh/pull/8580][#8580]]
|
||
|
|
**** tenzin-config [4]
|
||
|
|
|
||
|
|
- Disables Umbrella module auto load so service does it [[https://github.com/advthreat/tenzin-config/pull/1120][#1120]]
|
||
|
|
- Enables Umbrella token caches [[https://github.com/advthreat/tenzin-config/pull/1119][#1119]]
|
||
|
|
- Revert "Revert "Adds cache configuration for CrowdStrike (#1002)" (#1005)" [[https://github.com/advthreat/tenzin-config/pull/1008][#1008]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- Adds cache configuration for CrowdStrike [[https://github.com/advthreat/tenzin-config/pull/1002][#1002]]
|
||
|
|
|
||
|
|
*** Devin Walters [9]
|
||
|
|
|
||
|
|
**** tenzin-config [9]
|
||
|
|
|
||
|
|
- Configure s3-http-client connection pool size for PROD environments [[https://github.com/advthreat/tenzin-config/pull/1105][#1105]]
|
||
|
|
- Turn on reporting pipeline in TEST [[https://github.com/advthreat/tenzin-config/pull/1097][#1097]]
|
||
|
|
- Up hikari pool size in INT for conure [[https://github.com/advthreat/tenzin-config/pull/1095][#1095]]
|
||
|
|
- Configure incident import bucket per PROD env for iroh and iroh-async [[https://github.com/advthreat/tenzin-config/pull/1092][#1092]]
|
||
|
|
- Configure incident pipeline [[https://github.com/advthreat/tenzin-config/pull/1091][#1091]]
|
||
|
|
- Fix bucket name [[https://github.com/advthreat/tenzin-config/pull/1083][#1083]]
|
||
|
|
- Match s3 bucket key [[https://github.com/advthreat/tenzin-config/pull/1082][#1082]]
|
||
|
|
- Add INT and TEST enrichment bucket names to relevant configs [[https://github.com/advthreat/tenzin-config/pull/1057][#1057]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- Add port 443 to ctia base urls [[https://github.com/advthreat/tenzin-config/pull/996][#996]]
|
||
|
|
|
||
|
|
*** Mia [5]
|
||
|
|
|
||
|
|
**** iroh [5]
|
||
|
|
|
||
|
|
- create permanent logs to unobtrusively monitor bundle import results [[https://github.com/advthreat/iroh/pull/9242][#9242]]
|
||
|
|
- New iroh event docs [[https://github.com/advthreat/iroh/pull/9181][#9181]]
|
||
|
|
- iroh-engine 0.16.2 [[https://github.com/advthreat/iroh/pull/9125][#9125]]
|
||
|
|
- Engine 0.16.1 [[https://github.com/advthreat/iroh/pull/9116][#9116]]
|
||
|
|
- Engine 0.16.0 [[https://github.com/advthreat/iroh/pull/8997][#8997]]
|
||
|
|
|
||
|
|
*** Martin Bruchanov [1]
|
||
|
|
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
- XDRSRE-64: Authentication for public CTIA in INT [[https://github.com/advthreat/tenzin-config/pull/1081][#1081]]
|
||
|
|
|
||
|
|
*** James Moser [1]
|
||
|
|
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
- added QA domain to idps email domain whitelists [[https://github.com/advthreat/tenzin-config/pull/1085][#1085]]
|
||
|
|
|
||
|
|
*** [20]
|
||
|
|
|
||
|
|
**** iroh [16]
|
||
|
|
|
||
|
|
- Keeps Kondo from being run on dev start [[https://github.com/advthreat/iroh/pull/9220][#9220]]
|
||
|
|
- Xdr 1282 Adds new Umbrella service to default services [[https://github.com/advthreat/iroh/pull/9214][#9214]]
|
||
|
|
- Xdr 1282 add v 2 token cache to umbrella integration [[https://github.com/advthreat/iroh/pull/9208][#9208]]
|
||
|
|
- XDR-1411 Fixes inconsistent v1 v2 refer [[https://github.com/advthreat/iroh/pull/9197][#9197]]
|
||
|
|
- 9074 remove settings effective [[https://github.com/advthreat/iroh/pull/9075][#9075]]
|
||
|
|
- 8990 umbrella investigate v2 [[https://github.com/advthreat/iroh/pull/9030][#9030]]
|
||
|
|
- 8958 Adds Missing Umbrella v2 Sightings [[https://github.com/advthreat/iroh/pull/8960][#8960]]
|
||
|
|
- 8498 fix token cache [[https://github.com/advthreat/iroh/pull/8911][#8911]]
|
||
|
|
- 8798 create migration to add parents to existing microsoft defender modules [[https://github.com/advthreat/iroh/pull/8870][#8870]]
|
||
|
|
- Throws exception in parent validation on non-existent parent [[https://github.com/advthreat/iroh/pull/8850][#8850]]
|
||
|
|
- Merges module type props on create and update health check [[https://github.com/advthreat/iroh/pull/8845][#8845]]
|
||
|
|
- Implements v2 threat hunting [[https://github.com/advthreat/iroh/pull/8833][#8833]]
|
||
|
|
- This should fix issue with parent settings not used on create-patch [[https://github.com/advthreat/iroh/pull/8822][#8822]]
|
||
|
|
- Adds insights scope to allowed Automation scopes in gen-ao-jwt [[https://github.com/advthreat/iroh/pull/8678][#8678]]
|
||
|
|
- 8496 token cache fix [[https://github.com/advthreat/iroh/pull/8637][#8637]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- 8496 - relay module token cache [[https://github.com/advthreat/iroh/pull/8580][#8580]]
|
||
|
|
**** tenzin-config [4]
|
||
|
|
|
||
|
|
- Disables Umbrella module auto load so service does it [[https://github.com/advthreat/tenzin-config/pull/1120][#1120]]
|
||
|
|
- Enables Umbrella token caches [[https://github.com/advthreat/tenzin-config/pull/1119][#1119]]
|
||
|
|
- Revert "Revert "Adds cache configuration for CrowdStrike (#1002)" (#1005)" [[https://github.com/advthreat/tenzin-config/pull/1008][#1008]]
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- Adds cache configuration for CrowdStrike [[https://github.com/advthreat/tenzin-config/pull/1002][#1002]]
|
||
|
|
|
||
|
|
*** Martin Bruchanov [1]
|
||
|
|
|
||
|
|
**** iroh [1]
|
||
|
|
|
||
|
|
- XDR-1344: Final version of deletion script used for PROD change [[https://github.com/advthreat/iroh/pull/9174][#9174]]
|
||
|
|
|
||
|
|
*** Ruslan Yemelianov [2]
|
||
|
|
|
||
|
|
**** tenzin-config [2]
|
||
|
|
|
||
|
|
- Revert "enable ES auth private-ctia INT"
|
||
|
|
- enable ES auth private-ctia INT
|
||
|
|
|
||
|
|
*** Andrew Parisi [2]
|
||
|
|
|
||
|
|
**** tenzin-config [2]
|
||
|
|
|
||
|
|
- [data-retention/update-iroh-internal-for-prod] [[https://github.com/advthreat/tenzin-config/pull/1018][#1018]]
|
||
|
|
- [data-retention/update-entitlement-route-information] [[https://github.com/advthreat/tenzin-config/pull/1004][#1004]]
|
||
|
|
|
||
|
|
*** Scott McLeod [7]
|
||
|
|
|
||
|
|
**** iroh [6]
|
||
|
|
|
||
|
|
- Notification service timestamp filter [[https://github.com/advthreat/iroh/pull/9252][#9252]]
|
||
|
|
- Tk store half bounded intervals [[https://github.com/advthreat/iroh/pull/9158][#9158]]
|
||
|
|
- Extend tk search with range queries [[https://github.com/advthreat/iroh/pull/8912][#8912]]
|
||
|
|
- Resolves postgres driver sql-injection vulnerability #9091 [[https://github.com/advthreat/iroh/pull/9092][#9092]]
|
||
|
|
- Implement searching risk scores by score [[https://github.com/advthreat/iroh/pull/8907][#8907]]
|
||
|
|
- tk store: Add delete-search method #8213 [[https://github.com/advthreat/iroh/pull/8692][#8692]]
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
- Increase ReportService batch size to ES maximum [[https://github.com/advthreat/tenzin-config/pull/1055][#1055]]
|
||
|
|
|
||
|
|
*** Sam Waggoner [1]
|
||
|
|
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
- hydrant/912 add clean hashes importer.
|
||
|
|
|
||
|
|
*** t2sw [2]
|
||
|
|
|
||
|
|
**** ctia [1]
|
||
|
|
|
||
|
|
|
||
|
|
_between 6 month and 7 month old_
|
||
|
|
|
||
|
|
- Update CODEOWNERS [[https://github.com/threatgrid/ctia/pull/1390][#1390]]
|
||
|
|
**** iroh [1]
|
||
|
|
|
||
|
|
- add health endpoint to tac portal and update tests [[https://github.com/advthreat/iroh/pull/9002][#9002]]
|
||
|
|
|
||
|
|
*** Jerome Schneider [1]
|
||
|
|
|
||
|
|
**** iroh [1]
|
||
|
|
|
||
|
|
- Upgrade PostgreSQL to 12.15 [[https://github.com/advthreat/iroh/pull/8618][#8618]]
|
||
|
|
|
||
|
|
*** Brooke Swanson [24]
|
||
|
|
|
||
|
|
**** ctia [2]
|
||
|
|
|
||
|
|
- XDR-1769: bump CTIM to 1.3.17. [[https://github.com/threatgrid/ctia/pull/1422][#1422]]
|
||
|
|
- Add brookeswanson to codeowners. [[https://github.com/threatgrid/ctia/pull/1396][#1396]]
|
||
|
|
**** iroh [8]
|
||
|
|
|
||
|
|
- Maintain behavior for existing events, but also notify s3 if an incid… [[https://github.com/advthreat/iroh/pull/9172][#9172]]
|
||
|
|
- XDR-1769: bump CTIM to 1.3.17. [[https://github.com/advthreat/iroh/pull/9226][#9226]]
|
||
|
|
- Reformat bucket path [[https://github.com/advthreat/iroh/pull/9102][#9102]]
|
||
|
|
- Save to s3 on bundle import. [[https://github.com/advthreat/iroh/pull/8977][#8977]]
|
||
|
|
- Replace CTIA Crud with Conure Calls [[https://github.com/advthreat/iroh/pull/8924][#8924]]
|
||
|
|
- Limit risk score [[https://github.com/advthreat/iroh/pull/8906][#8906]]
|
||
|
|
- Set Limits around observe targets call [[https://github.com/advthreat/iroh/pull/8910][#8910]]
|
||
|
|
- Add no-doc true and prevent explosion due to mismatched types. [[https://github.com/advthreat/iroh/pull/8548][#8548]]
|
||
|
|
**** tenzin-config [14]
|
||
|
|
|
||
|
|
- Failure to configure correct url. [[https://github.com/advthreat/tenzin-config/pull/1100][#1100]]
|
||
|
|
- These were flipped in TEST and we would like to test reports. [[https://github.com/advthreat/tenzin-config/pull/1094][#1094]]
|
||
|
|
- One more time see if the report tab will work. [[https://github.com/advthreat/tenzin-config/pull/1088][#1088]]
|
||
|
|
- Toggle report feature until Infrastructure is stable. [[https://github.com/advthreat/tenzin-config/pull/1086][#1086]]
|
||
|
|
- update config. [[https://github.com/advthreat/tenzin-config/pull/1080][#1080]]
|
||
|
|
- Report in test. [[https://github.com/advthreat/tenzin-config/pull/1076][#1076]]
|
||
|
|
- conure -> base-url. [[https://github.com/advthreat/tenzin-config/pull/1073][#1073]]
|
||
|
|
- Temporary flip this to not spam logs. [[https://github.com/advthreat/tenzin-config/pull/1069][#1069]]
|
||
|
|
- Output buckets. [[https://github.com/advthreat/tenzin-config/pull/1068][#1068]]
|
||
|
|
- Distributor and Conure configs. [[https://github.com/advthreat/tenzin-config/pull/1067][#1067]]
|
||
|
|
- Add base-url for incident export (and incident report). [[https://github.com/advthreat/tenzin-config/pull/1064][#1064]]
|
||
|
|
- Add playbook to conure configs. [[https://github.com/advthreat/tenzin-config/pull/1060][#1060]]
|
||
|
|
- Add ouath2 config for all regions. [[https://github.com/advthreat/tenzin-config/pull/1020][#1020]]
|
||
|
|
- Playbook automation config. [[https://github.com/advthreat/tenzin-config/pull/1037][#1037]]
|
||
|
|
|
||
|
|
*** Yurii Ivanisenko [1]
|
||
|
|
|
||
|
|
**** tenzin-config [1]
|
||
|
|
|
||
|
|
- tactical-portal moved to vercel [[https://github.com/advthreat/tenzin-config/pull/1022][#1022]]
|
||
|
|
|
||
|
|
*** James Brock [1]
|
||
|
|
|
||
|
|
**** easy-purescript-nix [1]
|
||
|
|
|
||
|
|
- purs: 0.15.10 -> 0.15.15
|
||
|
|
|
||
|
|
*** ryemelia [6]
|
||
|
|
|
||
|
|
**** tenzin-config [6]
|
||
|
|
|
||
|
|
- XDRSRE-1150: [TEST] Enable ES auth iroh/iroh-async [[https://github.com/advthreat/tenzin-config/pull/1128][#1128]]
|
||
|
|
- Enable ES auth private-ctia TEST [[https://github.com/advthreat/tenzin-config/pull/1126][#1126]]
|
||
|
|
- Enable es auth CTIA test [[https://github.com/advthreat/tenzin-config/pull/1127][#1127]]
|
||
|
|
- fix kafka connector ES AUTH for INT [[https://github.com/advthreat/tenzin-config/pull/1129][#1129]]
|
||
|
|
- Enable ES auth private-ctia INT [[https://github.com/advthreat/tenzin-config/pull/1125][#1125]]
|
||
|
|
- XDRSRE-1273: [INT] Enable ES auth for iroh iroh-async [[https://github.com/advthreat/tenzin-config/pull/1124][#1124]]
|