398 lines
11 KiB
Org Mode
398 lines
11 KiB
Org Mode
|
#+title: Code Weekly Report 24
|
||
|
#+subtitle: logs goes 2 weeks back
|
||
|
#+date: 2023-06-16
|
||
|
#+options: H:6
|
||
|
* IROH
|
||
|
** lead
|
||
|
|
||
|
|
||
|
*** Guillaume Buisson [1]
|
||
|
|
||
|
**** iroh [1]
|
||
|
|
||
|
- Initial XDR Incident Manager Response 1.1 Draft Spec [[https://github.com/advthreat/iroh/pull/7847][#7847]]
|
||
|
** data
|
||
|
|
||
|
|
||
|
*** Mario Aquino [4]
|
||
|
|
||
|
**** iroh [4]
|
||
|
|
||
|
- Fix flaky test [[https://github.com/advthreat/iroh/pull/7971][#7971]]
|
||
|
- Partition and batch threat hunt observables [[https://github.com/advthreat/iroh/pull/7958][#7958]]
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- Establish a task timeout option for async work [[https://github.com/advthreat/iroh/pull/7948][#7948]]
|
||
|
- Issue 7823/incident summary mapping [[https://github.com/advthreat/iroh/pull/7907][#7907]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** Guillaume Erétéo [2]
|
||
|
|
||
|
**** iroh [2]
|
||
|
|
||
|
- Update risk-score.md [[https://github.com/advthreat/iroh/pull/7974][#7974]]
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- adding org mode for calculating data volume [[https://github.com/advthreat/iroh/pull/7941][#7941]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** Ambrose Bonnaire-Sergeant [1]
|
||
|
|
||
|
**** ctia [1]
|
||
|
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- Disable /metric/average route for irrelevant entities [[https://github.com/advthreat/ctia/pull/1372][#1372]]
|
||
|
#+END_QUOTE
|
||
|
** integrations
|
||
|
|
||
|
|
||
|
*** Matthieu Sprunck [2]
|
||
|
|
||
|
**** tenzin-config [2]
|
||
|
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- Share the same module configurations in iroh and iroh-async in PROD [[https://github.com/advthreat/tenzin-config/pull/905][#905]]
|
||
|
- Disable HTTP Proxy in IROH proxy (PROD)[[https://github.com/advthreat/tenzin-config/pull/903][#903]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** Kirill Chernyshov [8]
|
||
|
|
||
|
**** iroh [3]
|
||
|
|
||
|
- Remove try/catch for better error handling [[https://github.com/advthreat/iroh/pull/7980][#7980]]
|
||
|
- Fix NullPointerException [[https://github.com/advthreat/iroh/pull/7961][#7961]]
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- Use event id for the key of kafka record [[https://github.com/advthreat/iroh/pull/7923][#7923]]
|
||
|
#+END_QUOTE
|
||
|
**** tenzin-config [5]
|
||
|
|
||
|
- Enable KafkaServices on INT [[https://github.com/advthreat/tenzin-config/pull/921][#921]]
|
||
|
- Disable KafkaServices once again [[https://github.com/advthreat/tenzin-config/pull/918][#918]]
|
||
|
- Enable Kafka related services on INT [[https://github.com/advthreat/tenzin-config/pull/916][#916]]
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- Temporary disable services [[https://github.com/advthreat/tenzin-config/pull/914][#914]]
|
||
|
- Set SSL kafka security protocol on INT [[https://github.com/advthreat/tenzin-config/pull/912][#912]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** Shafiq [1]
|
||
|
|
||
|
**** iroh [1]
|
||
|
|
||
|
- Creating iroh-events datastream should succeed even if it exists already [[https://github.com/advthreat/iroh/pull/7959][#7959]]
|
||
|
** auth
|
||
|
|
||
|
|
||
|
*** bartuka [1]
|
||
|
|
||
|
**** iroh [1]
|
||
|
|
||
|
- [IROH Auth] RBAC JWT Revocation on ~role~ change [[https://github.com/advthreat/iroh/pull/7875][#7875]]
|
||
|
|
||
|
*** Yann Esposito [16]
|
||
|
|
||
|
**** iroh [4]
|
||
|
|
||
|
- Upgrade SX to XDR org via provisioning [[https://github.com/advthreat/iroh/pull/7981][#7981]]
|
||
|
- feature-flag scopes are considered as special [[https://github.com/advthreat/iroh/pull/7985][#7985]]
|
||
|
- fix local dev environment to be able to start locally without docker [[https://github.com/advthreat/iroh/pull/7944][#7944]]
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- Use org to display the roles as expected [[https://github.com/advthreat/iroh/pull/7952][#7952]]
|
||
|
#+END_QUOTE
|
||
|
**** ring-jwt-middleware [3]
|
||
|
|
||
|
- Version 1.1.4-SNAPSHOT
|
||
|
- Version 1.1.3
|
||
|
- Support external error via is-revoked-fn
|
||
|
**** tenzin-config [9]
|
||
|
|
||
|
- Enable XDR roles in PROD [[https://github.com/advthreat/tenzin-config/pull/919][#919]]
|
||
|
- factorize PROD [[https://github.com/advthreat/tenzin-config/pull/917][#917]]
|
||
|
- Add role-web-service config everywhere [[https://github.com/advthreat/tenzin-config/pull/911][#911]]
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- Canonicalize the configs (#913) [[https://github.com/advthreat/tenzin-config/pull/915][#915]]
|
||
|
- Canonicalize the configs [[https://github.com/advthreat/tenzin-config/pull/913][#913]]
|
||
|
- Add missing role-web-service everywhere [[https://github.com/advthreat/tenzin-config/pull/910][#910]]
|
||
|
- Gen configs git pre-commit hook [[https://github.com/advthreat/tenzin-config/pull/908][#908]]
|
||
|
- Factorisation iroh/iroh-async confs [[https://github.com/advthreat/tenzin-config/pull/904][#904]]
|
||
|
- Tree config structures to prevent config duplication. [[https://github.com/advthreat/tenzin-config/pull/901][#901]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** Olivier Barbeau [7]
|
||
|
|
||
|
**** iroh [7]
|
||
|
|
||
|
- Upgrade Babashka [[https://github.com/advthreat/iroh/pull/7967][#7967]]
|
||
|
- add missing exclusions for uberjar [[https://github.com/advthreat/iroh/pull/7963][#7963]]
|
||
|
- fix bug when Org has no entitlement [[https://github.com/advthreat/iroh/pull/7956][#7956]]
|
||
|
- [IROH configuration]: Generate service diagram [[https://github.com/advthreat/iroh/pull/7872][#7872]]
|
||
|
- GH pages updates [[https://github.com/advthreat/iroh/pull/7960][#7960]]
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- fix alias arguments [[https://github.com/advthreat/iroh/pull/7954][#7954]]
|
||
|
- Issue 7930 GitHub pages styling [[https://github.com/advthreat/iroh/pull/7932][#7932]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** (Yogsototh) [3]
|
||
|
|
||
|
**** ring-jwt-middleware [3]
|
||
|
|
||
|
- Version 1.1.4-SNAPSHOT
|
||
|
- Version 1.1.3
|
||
|
- Support external error via is-revoked-fn
|
||
|
** iroh-ops
|
||
|
|
||
|
|
||
|
*** Jerome Schneider [1]
|
||
|
|
||
|
**** tenzin [1]
|
||
|
|
||
|
- Kafka Connect: fixed cluster conf and use our own cacerts file
|
||
|
|
||
|
*** Patrick Patat [1]
|
||
|
|
||
|
**** iroh-ops [1]
|
||
|
|
||
|
- Merge pull request #75 from advthreat/squid
|
||
|
|
||
|
*** Patrick Patat [1]
|
||
|
|
||
|
**** iroh-ops [1]
|
||
|
|
||
|
- add squid server for vector in public subnet
|
||
|
* Other
|
||
|
** Other
|
||
|
|
||
|
|
||
|
*** Robert Levy [2]
|
||
|
|
||
|
**** iroh [1]
|
||
|
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- user and team mean time tiles [[https://github.com/advthreat/iroh/pull/7873][#7873]]
|
||
|
#+END_QUOTE
|
||
|
**** tenzin-config [1]
|
||
|
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- add migration for iroh issue #7819 to TEST and PROD environments [[https://github.com/advthreat/tenzin-config/pull/902][#902]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** Devin Walters [2]
|
||
|
|
||
|
**** tenzin-config [2]
|
||
|
|
||
|
- Add config.edn for other conure-distributor environments [[https://github.com/advthreat/tenzin-config/pull/920][#920]]
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- Reduce conure-distributor worker count [[https://github.com/advthreat/tenzin-config/pull/906][#906]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** Mia [3]
|
||
|
|
||
|
**** iroh [1]
|
||
|
|
||
|
- Snapshot for risk score [[https://github.com/advthreat/iroh/pull/7964][#7964]]
|
||
|
**** iroh-engine [2]
|
||
|
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- Merge pull request #1394 from advthreat/v0.15.6-rc
|
||
|
- Merge pull request #1393 from advthreat/save-asset-snapshot
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** Scott McLeod [1]
|
||
|
|
||
|
**** tenzin-config [1]
|
||
|
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- Config changes supporting IROH PR #7934 [[https://github.com/advthreat/tenzin-config/pull/899][#899]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** krishna Ganugapenta [4]
|
||
|
|
||
|
**** tenzin [4]
|
||
|
|
||
|
- COnure-distributor PROD ASG modules fix [[https://github.com/advthreat/tenzin/pull/3062][#3062]]
|
||
|
- ops_vpn_cidr removal from TEST and other backup regions as ops vpn not present there [[https://github.com/advthreat/tenzin/pull/3061][#3061]]
|
||
|
- Conure-distributor setup config for TEST/PROD [[https://github.com/advthreat/tenzin/pull/3049][#3049]]
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- Conure_distributor terraform modules config updates [[https://github.com/advthreat/tenzin/pull/3027][#3027]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** milehrer [2]
|
||
|
|
||
|
**** iroh-engine [2]
|
||
|
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- prepare for v0.15.6
|
||
|
- Remove sightings from asset enrichment response, save snapshot instead
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** Martin Bruchanov [2]
|
||
|
|
||
|
**** tenzin [2]
|
||
|
|
||
|
- Clean-up of the old ES5 deployment code [[https://github.com/advthreat/tenzin/pull/3053][#3053]]
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- Fix for consul registration of ops-openvpn service [[https://github.com/advthreat/tenzin/pull/2968][#2968]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** Kirill Chernyshov [1]
|
||
|
|
||
|
**** tenzin-config [1]
|
||
|
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- IROH Events migration to Elasticsearch [[https://github.com/advthreat/tenzin-config/pull/909][#909]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** John Jardine [2]
|
||
|
|
||
|
**** tenzin [2]
|
||
|
|
||
|
- Add endpoint generation procedure and update endpoints. [[https://github.com/advthreat/tenzin/pull/3058][#3058]]
|
||
|
- SXOPS-792: QA complaining of long queue times for incidents enrichment [[https://github.com/advthreat/tenzin/pull/3054][#3054]]
|
||
|
|
||
|
*** Sofiia Mykytiuk [9]
|
||
|
|
||
|
**** tenzin [9]
|
||
|
|
||
|
- Update ASG for ES metrics in NAM and EU [[https://github.com/advthreat/tenzin/pull/3063][#3063]]
|
||
|
- Update vpnator list [[https://github.com/advthreat/tenzin/pull/3050][#3050]]
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- Remove CSIRT_Investigator role [[https://github.com/advthreat/tenzin/pull/3045][#3045]]
|
||
|
- Policy to allow access to DynamoDB items for ROAdmin [[https://github.com/advthreat/tenzin/pull/3043][#3043]]
|
||
|
- Remove jbusboom ssh configs [[https://github.com/advthreat/tenzin/pull/3042][#3042]]
|
||
|
- Dmarc record for STAGE [[https://github.com/advthreat/tenzin/pull/3040][#3040]]
|
||
|
- Remove ssh access for Michael Simonson [[https://github.com/advthreat/tenzin/pull/3035][#3035]]
|
||
|
- Update OPS vpnator list [[https://github.com/advthreat/tenzin/pull/3034][#3034]]
|
||
|
- Consul fix for ops vpn [[https://github.com/advthreat/tenzin/pull/3032][#3032]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** muhammad-xdr-ops [4]
|
||
|
|
||
|
**** tenzin [4]
|
||
|
|
||
|
- SXOPS-805 - adding CNAMEs for secure-client-forms MFE [[https://github.com/advthreat/tenzin/pull/3065][#3065]]
|
||
|
- enabled trendmicro and defender in all prod regions [[https://github.com/advthreat/tenzin/pull/3055][#3055]]
|
||
|
- SXOPS-763 - updating integrations version [[https://github.com/advthreat/tenzin/pull/3052][#3052]]
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- SXOPS-702 removing INT access to PROD S3 bucket [[https://github.com/advthreat/tenzin/pull/3024][#3024]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** Dmytro Budko [5]
|
||
|
|
||
|
**** tenzin [5]
|
||
|
|
||
|
- SXOPS-191 Terraform: Bring INT and Test into sync with AWS [[https://github.com/advthreat/tenzin/pull/3056][#3056]]
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- SXOPS-766 [PROD] Fix 'docs' related Terraform Delta [[https://github.com/advthreat/tenzin/pull/3046][#3046]]
|
||
|
- SXOPS-636 Docs XDR Deployment, Publish and Host [[https://github.com/advthreat/tenzin/pull/3048][#3048]]
|
||
|
- SXOPS-636 Docs XDR Deployment, Publish and Host [[https://github.com/advthreat/tenzin/pull/3041][#3041]]
|
||
|
- SXOPS-636 Docs XDR Deployment, Publish and Host [[https://github.com/advthreat/tenzin/pull/3016][#3016]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** Scott McLeod [1]
|
||
|
|
||
|
**** iroh [1]
|
||
|
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- Use filter-map-search directly from CRUDStoreService [[https://github.com/advthreat/iroh/pull/7934][#7934]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** Rekha Gupta [2]
|
||
|
|
||
|
**** tenzin-config [2]
|
||
|
|
||
|
- fix: to port 4008 because ribbon uses 4007 [[https://github.com/advthreat/tenzin-config/pull/925][#925]]
|
||
|
- feat: port for new client management MFE [[https://github.com/advthreat/tenzin-config/pull/924][#924]]
|
||
|
|
||
|
*** Jerome Schneider [1]
|
||
|
|
||
|
**** tenzin [1]
|
||
|
|
||
|
- SXOPS 801: Kafka connect open port 8083 and use static port in Nomad [[https://github.com/advthreat/tenzin/pull/3059][#3059]]
|
||
|
|
||
|
*** Yurii Ivanisenko [2]
|
||
|
|
||
|
**** tenzin [2]
|
||
|
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- connected self-hosted runner [[https://github.com/advthreat/tenzin/pull/3038][#3038]]
|
||
|
- added wokeignore file [[https://github.com/advthreat/tenzin/pull/3036][#3036]]
|
||
|
#+END_QUOTE
|
||
|
|
||
|
*** Gayan Jayasundara [2]
|
||
|
|
||
|
**** tenzin [2]
|
||
|
|
||
|
- Add Adam as codeowner to Tenzin repo [[https://github.com/advthreat/tenzin/pull/3060][#3060]]
|
||
|
#+BEGIN_QUOTE
|
||
|
|
||
|
_>1w_
|
||
|
|
||
|
- SXOPS-472 & SXOPS-498 - Enable sentinelone and crowdstrike in Production for v1.122 Release [[https://github.com/advthreat/tenzin/pull/3031][#3031]]
|
||
|
#+END_QUOTE
|