deft/reports/FY23Q3-report.html

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
  <meta charset="utf-8" />
  <meta name="generator" content="pandoc" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
  <meta name="dcterms.date" content="2023-05-03" />
  <title>FY23Q3 Report</title>
  <style>
    html {
      line-height: 1.5;
      font-family: Georgia, serif;
      font-size: 20px;
      color: #1a1a1a;
      background-color: #fdfdfd;
    }
    body {
      margin: 0 auto;
      max-width: 36em;
      padding-left: 50px;
      padding-right: 50px;
      padding-top: 50px;
      padding-bottom: 50px;
      hyphens: auto;
      overflow-wrap: break-word;
      text-rendering: optimizeLegibility;
      font-kerning: normal;
    }
    @media (max-width: 600px) {
      body {
        font-size: 0.9em;
        padding: 1em;
      }
      h1 {
        font-size: 1.8em;
      }
    }
    @media print {
      body {
        background-color: transparent;
        color: black;
        font-size: 12pt;
      }
      p, h2, h3 {
        orphans: 3;
        widows: 3;
      }
      h2, h3, h4 {
        page-break-after: avoid;
      }
    }
    p {
      margin: 1em 0;
    }
    a {
      color: #1a1a1a;
    }
    a:visited {
      color: #1a1a1a;
    }
    img {
      max-width: 100%;
    }
    h1, h2, h3, h4, h5, h6 {
      margin-top: 1.4em;
    }
    h5, h6 {
      font-size: 1em;
      font-style: italic;
    }
    h6 {
      font-weight: normal;
    }
    ol, ul {
      padding-left: 1.7em;
      margin-top: 1em;
    }
    li > ol, li > ul {
      margin-top: 0;
    }
    blockquote {
      margin: 1em 0 1em 1.7em;
      padding-left: 1em;
      border-left: 2px solid #e6e6e6;
      color: #606060;
    }
    code {
      font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
      font-size: 85%;
      margin: 0;
    }
    pre {
      margin: 1em 0;
      overflow: auto;
    }
    pre code {
      padding: 0;
      overflow: visible;
      overflow-wrap: normal;
    }
    .sourceCode {
     background-color: transparent;
     overflow: visible;
    }
    hr {
      background-color: #1a1a1a;
      border: none;
      height: 1px;
      margin: 1em 0;
    }
    table {
      margin: 1em 0;
      border-collapse: collapse;
      width: 100%;
      overflow-x: auto;
      display: block;
      font-variant-numeric: lining-nums tabular-nums;
    }
    table caption {
      margin-bottom: 0.75em;
    }
    tbody {
      margin-top: 0.5em;
      border-top: 1px solid #1a1a1a;
      border-bottom: 1px solid #1a1a1a;
    }
    th {
      border-top: 1px solid #1a1a1a;
      padding: 0.25em 0.5em 0.25em 0.5em;
    }
    td {
      padding: 0.125em 0.5em 0.25em 0.5em;
    }
    header {
      margin-bottom: 4em;
      text-align: center;
    }
    #TOC li {
      list-style: none;
    }
    #TOC ul {
      padding-left: 1.3em;
    }
    #TOC > ul {
      padding-left: 0;
    }
    #TOC a:not(:hover) {
      text-decoration: none;
    }
    code{white-space: pre-wrap;}
    span.smallcaps{font-variant: small-caps;}
    span.underline{text-decoration: underline;}
    div.column{display: inline-block; vertical-align: top; width: 50%;}
    div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
    ul.task-list{list-style: none;}
    .display.math{display: block; text-align: center; margin: 0.5rem auto;}
  </style>
  <style>
  body { font-family: monospace; font-size: 14px; line-height: 1.5em; max-width: 60em; margin: 0 auto; padding-top: 0; }
  h1,h2,h3,h4 { margin: 0.25em 0; }
  header { margin-bottom: 0; }
  header h1 { border: none; }
  h1 { border-top: solid 10px; border-bottom: solid 10px; margin-bottom: 1em; padding: 0.5em 0; width: 100%; text-align: center;}
  h2 { border-top: solid; text-align: center; margin-top: 1em; padding-top: 1em; }
  h3 { margin-left: 1em; color: #cb4b16; }
  h4 { margin-left: 2em; }
  u { display: inline-block; margin-left: 2.75em; opacity: 0.3; }
  hr { opacity: 0; }
  a { color: #06a;}
  ul { margin-left: 3em; }
  #TOC ul { margin-left: 0.5em; }
  li { clear: both; }
  li > a { float: right; }
  nav li a { float: none; }
  blockquote { opacity: 0.7; }
  </style>
  <!--[if lt IE 9]>
    <script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
  <![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">FY23Q3 Report</h1>
<p class="subtitle">logs goes 4 months back</p>
<p class="date">2023-05-03</p>
</header>
<nav id="TOC" role="doc-toc">
<ul>
<li><a href="#iroh">IROH</a>
<ul>
<li><a href="#lead">lead</a>
<ul>
<li><a href="#guillaume-buisson-25">Guillaume Buisson [25]</a>
<ul>
<li><a href="#ctia-5">ctia [5]</a></li>
<li><a href="#iroh-16">iroh [16]</a></li>
<li><a href="#tenzin-config-4">tenzin-config [4]</a></li>
</ul></li>
</ul></li>
<li><a href="#data">data</a>
<ul>
<li><a href="#mario-aquino-30">Mario Aquino [30]</a>
<ul>
<li><a href="#iroh-17">iroh [17]</a></li>
<li><a href="#tenzin-config-13">tenzin-config [13]</a></li>
</ul></li>
<li><a href="#guillaume-erétéo-16">Guillaume Erétéo [16]</a>
<ul>
<li><a href="#ctia-6">ctia [6]</a></li>
<li><a href="#iroh-5">iroh [5]</a></li>
<li><a href="#tenzin-config-5">tenzin-config [5]</a></li>
</ul></li>
<li><a href="#ambrose-bonnaire-sergeant-11">Ambrose Bonnaire-Sergeant
[11]</a>
<ul>
<li><a href="#ctia-7">ctia [7]</a></li>
<li><a href="#iroh-4">iroh [4]</a></li>
</ul></li>
</ul></li>
<li><a href="#integrations">integrations</a>
<ul>
<li><a href="#matthieu-sprunck-32">Matthieu Sprunck [32]</a>
<ul>
<li><a href="#iroh-17-1">iroh [17]</a></li>
<li><a href="#tenzin-config-15">tenzin-config [15]</a></li>
</ul></li>
<li><a href="#kirill-chernyshov-11">Kirill Chernyshov [11]</a>
<ul>
<li><a href="#ctia-2">ctia [2]</a></li>
<li><a href="#iroh-9">iroh [9]</a></li>
</ul></li>
<li><a href="#shafiq-5">Shafiq [5]</a>
<ul>
<li><a href="#iroh-4-1">iroh [4]</a></li>
<li><a href="#tenzin-config-1">tenzin-config [1]</a></li>
</ul></li>
</ul></li>
<li><a href="#auth">auth</a>
<ul>
<li><a href="#olivier-barbeau-23">Olivier Barbeau [23]</a>
<ul>
<li><a href="#iroh-22">iroh [22]</a></li>
<li><a href="#tenzin-config-1-1">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#yogsototh-5">(Yogsototh) [5]</a>
<ul>
<li><a href="#xdr-provisioning-5">xdr-provisioning [5]</a></li>
</ul></li>
<li><a href="#bartuka-15">bartuka [15]</a>
<ul>
<li><a href="#iroh-13">iroh [13]</a></li>
<li><a href="#tenzin-1">tenzin [1]</a></li>
<li><a href="#tenzin-config-1-2">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#yann-esposito-44">Yann Esposito [44]</a>
<ul>
<li><a href="#ctia-1">ctia [1]</a></li>
<li><a href="#iroh-30">iroh [30]</a></li>
<li><a href="#tenzin-2">tenzin [2]</a></li>
<li><a href="#tenzin-config-6">tenzin-config [6]</a></li>
<li><a href="#xdr-provisioning-5-1">xdr-provisioning [5]</a></li>
</ul></li>
</ul></li>
<li><a href="#iroh-ops">iroh-ops</a>
<ul>
<li><a href="#patrick-patat-19">Patrick Patat [19]</a>
<ul>
<li><a href="#iroh-ops-18">iroh-ops [18]</a></li>
<li><a href="#tenzin-1-1">tenzin [1]</a></li>
</ul></li>
<li><a href="#jerome-schneider-81">Jerome Schneider [81]</a>
<ul>
<li><a href="#iroh-ops-24">iroh-ops [24]</a></li>
<li><a href="#tenzin-57">tenzin [57]</a></li>
</ul></li>
</ul></li>
</ul></li>
<li><a href="#other">Other</a>
<ul>
<li><a href="#other-1">Other</a>
<ul>
<li><a href="#krishna-ganugapenta-32">krishna Ganugapenta [32]</a>
<ul>
<li><a href="#tenzin-31">tenzin [31]</a></li>
<li><a href="#tenzin-config-1-3">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#tancredi-orlando-1">Tancredi Orlando [1]</a>
<ul>
<li><a href="#easy-purescript-nix-1">easy-purescript-nix [1]</a></li>
</ul></li>
<li><a href="#milehrer-15">milehrer [15]</a>
<ul>
<li><a href="#iroh-engine-15">iroh-engine [15]</a></li>
</ul></li>
<li><a href="#joel-holdbrooks-2">Joel Holdbrooks [2]</a>
<ul>
<li><a href="#iroh-engine-2">iroh-engine [2]</a></li>
</ul></li>
<li><a href="#michael-whitley-3">Michael Whitley [3]</a>
<ul>
<li><a href="#response-3">response [3]</a></li>
</ul></li>
<li><a href="#sofiia-mykytiuk-43">Sofiia Mykytiuk [43]</a>
<ul>
<li><a href="#tenzin-43">tenzin [43]</a></li>
</ul></li>
<li><a href="#will-lorand-1">Will Lorand [1]</a>
<ul>
<li><a href="#iroh-1">iroh [1]</a></li>
</ul></li>
<li><a href="#dmytro-budko-5">Dmytro Budko [5]</a>
<ul>
<li><a href="#tenzin-5">tenzin [5]</a></li>
</ul></li>
<li><a href="#cisco-boz-1">Cisco Boz [1]</a>
<ul>
<li><a href="#tenzin-1-2">tenzin [1]</a></li>
</ul></li>
<li><a href="#patrick-patat-72">Patrick Patat [72]</a>
<ul>
<li><a href="#iroh-ops-71">iroh-ops [71]</a></li>
<li><a href="#tenzin-1-3">tenzin [1]</a></li>
</ul></li>
<li><a href="#yurii-ivanisenko-12">Yurii Ivanisenko [12]</a>
<ul>
<li><a href="#tenzin-11">tenzin [11]</a></li>
<li><a href="#tenzin-config-1-4">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#robert-levy-5">Robert Levy [5]</a>
<ul>
<li><a href="#iroh-5-1">iroh [5]</a></li>
</ul></li>
<li><a href="#mia-36">Mia [36]</a>
<ul>
<li><a href="#iroh-22-1">iroh [22]</a></li>
<li><a href="#iroh-engine-13">iroh-engine [13]</a></li>
<li><a href="#tenzin-config-1-5">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#devin-walters-5">Devin Walters [5]</a>
<ul>
<li><a href="#iroh-engine-5">iroh-engine [5]</a></li>
</ul></li>
<li><a href="#vadym-kiz-3">Vadym Kiz [3]</a>
<ul>
<li><a href="#tenzin-3">tenzin [3]</a></li>
</ul></li>
<li><a href="#ag-ibragimov-8">Ag Ibragimov [8]</a>
<ul>
<li><a href="#iroh-4-2">iroh [4]</a></li>
<li><a href="#tenzin-config-4-1">tenzin-config [4]</a></li>
</ul></li>
<li><a href="#justin-woo-2">Justin Woo [2]</a>
<ul>
<li><a href="#easy-purescript-nix-2">easy-purescript-nix [2]</a></li>
</ul></li>
<li><a href="#dependabotbot-0">dependabot[bot] [0]</a></li>
<li><a href="#sam-waggoner-4">Sam Waggoner [4]</a>
<ul>
<li><a href="#ctia-1-1">ctia [1]</a></li>
<li><a href="#tenzin-config-3">tenzin-config [3]</a></li>
</ul></li>
<li><a href="#ii-9">II [9]</a>
<ul>
<li><a href="#iroh-7">iroh [7]</a></li>
<li><a href="#tenzin-config-2">tenzin-config [2]</a></li>
</ul></li>
<li><a href="#eric-gierach-10">Eric Gierach [10]</a>
<ul>
<li><a href="#iroh-3">iroh [3]</a></li>
<li><a href="#iroh-engine-7">iroh-engine [7]</a></li>
</ul></li>
<li><a href="#adam-sayer-26">Adam Sayer [26]</a>
<ul>
<li><a href="#tenzin-25">tenzin [25]</a></li>
<li><a href="#tenzin-config-1-6">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#tomasz-rybarczyk-1">Tomasz Rybarczyk [1]</a>
<ul>
<li><a href="#easy-purescript-nix-1-1">easy-purescript-nix [1]</a></li>
</ul></li>
<li><a href="#chris-duane-2">Chris Duane [2]</a>
<ul>
<li><a href="#response-2">response [2]</a></li>
</ul></li>
<li><a href="#section">[9]</a>
<ul>
<li><a href="#iroh-7-1">iroh [7]</a></li>
<li><a href="#tenzin-config-2-1">tenzin-config [2]</a></li>
</ul></li>
<li><a href="#john-jardine-30">John Jardine [30]</a>
<ul>
<li><a href="#tenzin-30">tenzin [30]</a></li>
</ul></li>
<li><a href="#michael-pendergrass-4">Michael Pendergrass [4]</a>
<ul>
<li><a href="#iroh-4-3">iroh [4]</a></li>
</ul></li>
<li><a href="#scott-mcleod-4">Scott McLeod [4]</a>
<ul>
<li><a href="#iroh-4-4">iroh [4]</a></li>
</ul></li>
<li><a href="#matthieu-sprunck-3">Matthieu Sprunck [3]</a>
<ul>
<li><a href="#ctia-3">ctia [3]</a></li>
</ul></li>
<li><a href="#jerome-schneider-10">Jerome Schneider [10]</a>
<ul>
<li><a href="#iroh-ops-9">iroh-ops [9]</a></li>
<li><a href="#tenzin-1-4">tenzin [1]</a></li>
</ul></li>
<li><a href="#t2sw-1">t2sw [1]</a>
<ul>
<li><a href="#iroh-1-1">iroh [1]</a></li>
</ul></li>
<li><a href="#bswanson-81">bswanson [81]</a>
<ul>
<li><a href="#iroh-10">iroh [10]</a></li>
<li><a href="#iroh-engine-68">iroh-engine [68]</a></li>
<li><a href="#tenzin-config-3-1">tenzin-config [3]</a></li>
</ul></li>
<li><a href="#pawan-bahuguna-31">Pawan Bahuguna [31]</a>
<ul>
<li><a href="#tenzin-31-1">tenzin [31]</a></li>
</ul></li>
<li><a href="#trent-boyd-2">Trent Boyd [2]</a>
<ul>
<li><a href="#tenzin-config-2-2">tenzin-config [2]</a></li>
</ul></li>
<li><a href="#devin-walters-12">Devin Walters [12]</a>
<ul>
<li><a href="#tenzin-7">tenzin [7]</a></li>
<li><a href="#tenzin-config-5-1">tenzin-config [5]</a></li>
</ul></li>
<li><a href="#martin-bruchanov-20">Martin Bruchanov [20]</a>
<ul>
<li><a href="#tenzin-20">tenzin [20]</a></li>
</ul></li>
<li><a href="#michael-simonson-3">Michael Simonson [3]</a>
<ul>
<li><a href="#tenzin-2-1">tenzin [2]</a></li>
<li><a href="#tenzin-config-1-7">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#john-jardine-5">John Jardine [5]</a>
<ul>
<li><a href="#tenzin-4">tenzin [4]</a></li>
<li><a href="#tenzin-config-1-8">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#gayan-jayasundara-7">Gayan Jayasundara [7]</a>
<ul>
<li><a href="#tenzin-7-1">tenzin [7]</a></li>
</ul></li>
</ul></li>
</ul></li>
</ul>
</nav>
<h1 id="iroh">IROH</h1>
<h2 id="lead">lead</h2>
<h3 id="guillaume-buisson-25">Guillaume Buisson [25]</h3>
<h4 id="ctia-5">ctia [5]</h4>
<ul>
<li>Fixed Riemann ES configuration <a
href="https://github.com/advthreat/ctia/pull/1360">#1360</a></li>
<li>Allow setting <code>allow_partial_search_results</code> in ES
queries <a
href="https://github.com/advthreat/ctia/pull/1359">#1359</a></li>
<li>Bump CTIM to 1.3.6 <a
href="https://github.com/advthreat/ctia/pull/1355">#1355</a></li>
<li>Note Entity API changes <a
href="https://github.com/advthreat/ctia/pull/1342">#1342</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>CTIM Note entity Support <a
href="https://github.com/advthreat/ctia/pull/1330">#1330</a></li>
</ul>
<h4 id="iroh-16">iroh [16]</h4>
<ul>
<li>Initial Incident Response Design Draft <a
href="https://github.com/advthreat/iroh/pull/7398">#7398</a></li>
<li>Fix Target enrichment feature flag check <a
href="https://github.com/advthreat/iroh/pull/7740">#7740</a></li>
<li>Bump clj-momo to 0.4.0 <a
href="https://github.com/advthreat/iroh/pull/7723">#7723</a></li>
<li>Update Orchestration Workflow Event fixtures <a
href="https://github.com/advthreat/iroh/pull/7677">#7677</a></li>
<li>Observe-Targets route Enhancements <a
href="https://github.com/advthreat/iroh/pull/7668">#7668</a></li>
<li>Temporary implementation of observe-targets in the Relay module <a
href="https://github.com/advthreat/iroh/pull/7656">#7656</a></li>
<li>Revert "Enrich WebService route"</li>
<li>Revert "Initial WebService for testing"</li>
<li>Initial WebService for testing</li>
<li>Enrich WebService route</li>
<li>Additional Note/Event sample data <a
href="https://github.com/advthreat/iroh/pull/7654">#7654</a></li>
<li>Support the Note Entity in Private Intel <a
href="https://github.com/advthreat/iroh/pull/7605">#7605</a></li>
<li>Mitre and Risk Score based Incidents Review <a
href="https://github.com/advthreat/iroh/pull/6990">#6990</a></li>
<li>Properly define the OpenAPI metadata for the Enrich API <a
href="https://github.com/advthreat/iroh/pull/7532">#7532</a></li>
<li>Unhide Swagger UI Responses <a
href="https://github.com/advthreat/iroh/pull/7529">#7529</a></li>
<li>Updated Note designs <a
href="https://github.com/advthreat/iroh/pull/7508">#7508</a></li>
</ul>
<h4 id="tenzin-config-4">tenzin-config [4]</h4>
<ul>
<li>Add the SXO clients to the High Impact allowed sources <a
href="https://github.com/advthreat/tenzin-config/pull/876">#876</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>CTIA Note Entity setup <a
href="https://github.com/advthreat/tenzin-config/pull/836">#836</a></li>
<li>Disable the Kafka Event Hook for Private Intel <a
href="https://github.com/advthreat/tenzin-config/pull/835">#835</a></li>
<li>Double the rate limit of the dcloud organization <a
href="https://github.com/advthreat/tenzin-config/pull/824">#824</a></li>
</ul>
<h2 id="data">data</h2>
<h3 id="mario-aquino-30">Mario Aquino [30]</h3>
<h4 id="iroh-17">iroh [17]</h4>
<ul>
<li>Add audiences to client <a
href="https://github.com/advthreat/iroh/pull/7812">#7812</a></li>
<li>OrgTokenProviderService <a
href="https://github.com/advthreat/iroh/pull/7731">#7731</a></li>
<li>Handle additional variation on mitre-attack source_name <a
href="https://github.com/advthreat/iroh/pull/7755">#7755</a></li>
<li>Match on mitre-attack as source_name to find variations <a
href="https://github.com/advthreat/iroh/pull/7754">#7754</a></li>
<li>Remove high impact severity checking <a
href="https://github.com/advthreat/iroh/pull/7580">#7580</a></li>
<li>Iterate over all orgs for threat hunt execution <a
href="https://github.com/advthreat/iroh/pull/7601">#7601</a></li>
<li>Check authorization header <a
href="https://github.com/advthreat/iroh/pull/7597">#7597</a></li>
<li>Fix test broken by missing auth header <a
href="https://github.com/advthreat/iroh/pull/7588">#7588</a></li>
<li>Use mk-int-request-context for calls that may go to modules <a
href="https://github.com/advthreat/iroh/pull/7587">#7587</a></li>
<li>Improve logging for risk score asset resolution <a
href="https://github.com/advthreat/iroh/pull/7581">#7581</a></li>
<li>Update CTIM to align w version used by CTIA <a
href="https://github.com/advthreat/iroh/pull/7576">#7576</a></li>
<li>Reduce threat hunt ctia investigate module timeouts <a
href="https://github.com/advthreat/iroh/pull/7527">#7527</a></li>
<li>Error handling around risk score calculation attempt <a
href="https://github.com/advthreat/iroh/pull/7512">#7512</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Replace unsupported trojan source detector <a
href="https://github.com/advthreat/iroh/pull/7481">#7481</a></li>
<li>Service interface tech-debt <a
href="https://github.com/advthreat/iroh/pull/7475">#7475</a></li>
<li>One iroh-async session queue for all tasks <a
href="https://github.com/advthreat/iroh/pull/7472">#7472</a></li>
<li>CTIM v1.2.0 <a
href="https://github.com/advthreat/iroh/pull/7459">#7459</a></li>
</ul>
<h4 id="tenzin-config-13">tenzin-config [13]</h4>
<ul>
<li>Enable config for incident enrichment <a
href="https://github.com/advthreat/tenzin-config/pull/880">#880</a></li>
<li>Removes AWS Auth credentials no longer needed by queue-monitor <a
href="https://github.com/advthreat/tenzin-config/pull/867">#867</a></li>
<li>Update async worker count for new server specs <a
href="https://github.com/advthreat/tenzin-config/pull/861">#861</a></li>
<li>AWS Credentials for CloudWatch interaction <a
href="https://github.com/advthreat/tenzin-config/pull/842">#842</a></li>
<li>Remove configs to allow threat hunting for all orgs <a
href="https://github.com/advthreat/tenzin-config/pull/853">#853</a></li>
<li>Make all incidents imported via Swagger UI high impact <a
href="https://github.com/advthreat/tenzin-config/pull/847">#847</a></li>
<li>Remove iroh-investigate and iroh-incident configs <a
href="https://github.com/advthreat/tenzin-config/pull/837">#837</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Use correct urls for PROD iroh <a
href="https://github.com/advthreat/tenzin-config/pull/832">#832</a></li>
<li>Updates sessions-config for iroh-investigate and iroh-incident <a
href="https://github.com/advthreat/tenzin-config/pull/826">#826</a></li>
<li>iroh-queue-monitor config update <a
href="https://github.com/advthreat/tenzin-config/pull/820">#820</a></li>
<li>Increases number of threat hunt orgs <a
href="https://github.com/advthreat/tenzin-config/pull/812">#812</a></li>
<li>Redis for iroh-async <a
href="https://github.com/advthreat/tenzin-config/pull/815">#815</a></li>
<li>Adds config for iroh-async deployment group</li>
</ul>
<h3 id="guillaume-erétéo-16">Guillaume Erétéo [16]</h3>
<h4 id="ctia-6">ctia [6]</h4>
<ul>
<li>add total-hits headers to metric responses <a
href="https://github.com/advthreat/ctia/pull/1363">#1363</a></li>
<li>add tactics/techniques to incident search filters <a
href="https://github.com/advthreat/ctia/pull/1356">#1356</a></li>
<li>Incident score schema check <a
href="https://github.com/advthreat/ctia/pull/1353">#1353</a></li>
<li>Relationships: add target_ref and source_ref as enumerable field <a
href="https://github.com/advthreat/ctia/pull/1354">#1354</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>verdict fix <a
href="https://github.com/advthreat/ctia/pull/1333">#1333</a></li>
<li>add techniques to enumerable fields <a
href="https://github.com/advthreat/ctia/pull/1331">#1331</a></li>
</ul>
<h4 id="iroh-5">iroh [5]</h4>
<ul>
<li>introduce aggregation in crud store <a
href="https://github.com/advthreat/iroh/pull/7734">#7734</a></li>
<li>Add Scott to CODEOWNERS <a
href="https://github.com/advthreat/iroh/pull/7782">#7782</a></li>
<li>first stats <a
href="https://github.com/advthreat/iroh/pull/7765">#7765</a></li>
<li>Incident summary design <a
href="https://github.com/advthreat/iroh/pull/7704">#7704</a></li>
<li>threat hunt status incident status Open <a
href="https://github.com/advthreat/iroh/pull/7709">#7709</a></li>
</ul>
<h4 id="tenzin-config-5">tenzin-config [5]</h4>
<ul>
<li>Activate scoring in TEST and PROD for 1.116 <a
href="https://github.com/advthreat/tenzin-config/pull/851">#851</a></li>
<li>Add PCTIA as high impact by default <a
href="https://github.com/advthreat/tenzin-config/pull/849">#849</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>update incident mappings <a
href="https://github.com/advthreat/tenzin-config/pull/822">#822</a></li>
<li>IROH Swagger UI to high impact sources <a
href="https://github.com/advthreat/tenzin-config/pull/830">#830</a></li>
<li>prepare actor migration <a
href="https://github.com/advthreat/tenzin-config/pull/814">#814</a></li>
</ul>
<h3 id="ambrose-bonnaire-sergeant-11">Ambrose Bonnaire-Sergeant
[11]</h3>
<h4 id="ctia-7">ctia [7]</h4>
<ul>
<li>Push sighting store's coercion pattern into def-es-store <a
href="https://github.com/advthreat/ctia/pull/1361">#1361</a></li>
<li>Remove log4j <a
href="https://github.com/advthreat/ctia/pull/1347">#1347</a></li>
<li>Fix bulk relationships between transient asset mappings/fields <a
href="https://github.com/advthreat/ctia/pull/1343">#1343</a></li>
<li>Filter by scores test <a
href="https://github.com/advthreat/ctia/pull/1341">#1341</a></li>
<li>Scores dynamic mapping <a
href="https://github.com/advthreat/ctia/pull/1340">#1340</a></li>
<li>Don't mix user params with internal extensions <a
href="https://github.com/advthreat/ctia/pull/1339">#1339</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Sort on incident score <a
href="https://github.com/advthreat/ctia/pull/1327">#1327</a></li>
</ul>
<h4 id="iroh-4">iroh [4]</h4>
<ul>
<li>new incident scores format <a
href="https://github.com/advthreat/iroh/pull/7578">#7578</a></li>
<li>Strip ctia keys <a
href="https://github.com/advthreat/iroh/pull/7521">#7521</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Improve stubservice error messages <a
href="https://github.com/advthreat/iroh/pull/7478">#7478</a></li>
<li>Prep Mia for incident scoring impl <a
href="https://github.com/advthreat/iroh/pull/7397">#7397</a></li>
</ul>
<h2 id="integrations">integrations</h2>
<h3 id="matthieu-sprunck-32">Matthieu Sprunck [32]</h3>
<h4 id="iroh-17-1">iroh [17]</h4>
<ul>
<li>E7469: Event API extension design <a
href="https://github.com/advthreat/iroh/pull/7462">#7462</a></li>
<li>Implements OR, AND, NOT boolean combinators for ElasticSearch <a
href="https://github.com/advthreat/iroh/pull/7752">#7752</a></li>
<li>Add a dedicated IROH Auth configuration to Swagger <a
href="https://github.com/advthreat/iroh/pull/7738">#7738</a></li>
<li>Remote: Return an error when tiles/data is not supported <a
href="https://github.com/advthreat/iroh/pull/7732">#7732</a></li>
<li>Remove support for access token in Swagger UI <a
href="https://github.com/advthreat/iroh/pull/7729">#7729</a></li>
<li>Remote: IROH Proxy handler should not be called in case of errors <a
href="https://github.com/advthreat/iroh/pull/7717">#7717</a></li>
<li>Add missing dependency to int-web-service <a
href="https://github.com/advthreat/iroh/pull/7712">#7712</a></li>
<li>Configures ModuleRecords with a map <a
href="https://github.com/advthreat/iroh/pull/7690">#7690</a></li>
<li>Bump to CTIM 1.3.7 <a
href="https://github.com/advthreat/iroh/pull/7696">#7696</a></li>
<li>Create High Impact incident event <a
href="https://github.com/advthreat/iroh/pull/7679">#7679</a></li>
<li>Bump to CTIM 1.3.5 <a
href="https://github.com/advthreat/iroh/pull/7642">#7642</a></li>
<li>Add new High Impact Incident event types <a
href="https://github.com/advthreat/iroh/pull/7606">#7606</a></li>
<li>Bump to CTIM 1.3.4 <a
href="https://github.com/advthreat/iroh/pull/7626">#7626</a></li>
<li>Bump to CTIM 1.3.3 <a
href="https://github.com/advthreat/iroh/pull/7616">#7616</a></li>
<li>Allow settings prefixed by custom_ to be derived in proxy config <a
href="https://github.com/advthreat/iroh/pull/7509">#7509</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Fix client credentials auth for CrowdStrike integration <a
href="https://github.com/advthreat/iroh/pull/7502">#7502</a></li>
<li>Add API Key auth type to the Relay module <a
href="https://github.com/advthreat/iroh/pull/7488">#7488</a></li>
</ul>
<h4 id="tenzin-config-15">tenzin-config [15]</h4>
<ul>
<li>Revert "Revert "Remove support for access token in Swagger UI
(#868)" (#871)" <a
href="https://github.com/advthreat/tenzin-config/pull/874">#874</a></li>
<li>Allow SXO internal hosts for webhook calls <a
href="https://github.com/advthreat/tenzin-config/pull/872">#872</a></li>
<li>Revert "Remove support for access token in Swagger UI (#868)" <a
href="https://github.com/advthreat/tenzin-config/pull/871">#871</a></li>
<li>Remove invalid module configuration keys <a
href="https://github.com/advthreat/tenzin-config/pull/870">#870</a></li>
<li>Remove support for access token in Swagger UI <a
href="https://github.com/advthreat/tenzin-config/pull/868">#868</a></li>
<li>Remove one-click-module services from iroh application <a
href="https://github.com/advthreat/tenzin-config/pull/865">#865</a></li>
<li>Change the IROH modules configuration format <a
href="https://github.com/advthreat/tenzin-config/pull/864">#864</a></li>
<li>Change Orbital URL in TEST <a
href="https://github.com/advthreat/tenzin-config/pull/848">#848</a></li>
<li>Remove the tiles APIs from the Orbital module record <a
href="https://github.com/advthreat/tenzin-config/pull/845">#845</a></li>
<li>Add CrowdStrike proxy configuration <a
href="https://github.com/advthreat/tenzin-config/pull/841">#841</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Fix SentinelOne module record conf <a
href="https://github.com/advthreat/tenzin-config/pull/834">#834</a></li>
<li>Support of IROH Proxy for SentinelOne <a
href="https://github.com/advthreat/tenzin-config/pull/828">#828</a></li>
<li>Revert connection manager changes in PROD (2nd attempt) <a
href="https://github.com/advthreat/tenzin-config/pull/827">#827</a></li>
<li>Revert changes in PROD and reduce nb of threads in INT and TEST <a
href="https://github.com/advthreat/tenzin-config/pull/825">#825</a></li>
<li>Increase the number of threads used by the connection manager of the
Relay module <a
href="https://github.com/advthreat/tenzin-config/pull/823">#823</a></li>
</ul>
<h3 id="kirill-chernyshov-11">Kirill Chernyshov [11]</h3>
<h4 id="ctia-2">ctia [2]</h4>
<ul>
<li>Exception handling for bundle export <a
href="https://github.com/advthreat/ctia/pull/1351">#1351</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Default "no-pagination" for feed <a
href="https://github.com/advthreat/ctia/pull/1336">#1336</a></li>
</ul>
<h4 id="iroh-9">iroh [9]</h4>
<ul>
<li>Fix configuration option for event signer <a
href="https://github.com/advthreat/iroh/pull/7777">#7777</a></li>
<li>Add signer options for EventService <a
href="https://github.com/advthreat/iroh/pull/7776">#7776</a></li>
<li>Simplify kafka-producer integration test <a
href="https://github.com/advthreat/iroh/pull/7769">#7769</a></li>
<li>Send event from EventService to kafka topic <a
href="https://github.com/advthreat/iroh/pull/7552">#7552</a></li>
<li>Return promise after sending event to kafka <a
href="https://github.com/advthreat/iroh/pull/7556">#7556</a></li>
<li>IROH-crypto lib <a
href="https://github.com/advthreat/iroh/pull/7544">#7544</a></li>
<li>KafkaProducerService <a
href="https://github.com/advthreat/iroh/pull/7524">#7524</a></li>
<li>Introduce iroh-kafka library <a
href="https://github.com/advthreat/iroh/pull/7505">#7505</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Remove Onyx and Aeron services <a
href="https://github.com/advthreat/iroh/pull/7489">#7489</a></li>
</ul>
<h3 id="shafiq-5">Shafiq [5]</h3>
<h4 id="iroh-4-1">iroh [4]</h4>
<ul>
<li>Add create-event HTTP API <a
href="https://github.com/advthreat/iroh/pull/7557">#7557</a></li>
<li>Add search endpoint for iroh-events <a
href="https://github.com/advthreat/iroh/pull/7528">#7528</a></li>
<li>Add integration test-case for iroh-events search <a
href="https://github.com/advthreat/iroh/pull/7513">#7513</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Separate event-handlers from EventNotifierService <a
href="https://github.com/advthreat/iroh/pull/7437">#7437</a></li>
</ul>
<h4 id="tenzin-config-1">tenzin-config [1]</h4>
<ul>
<li>Configure internal-event-web-service <a
href="https://github.com/advthreat/tenzin-config/pull/844">#844</a></li>
</ul>
<h2 id="auth">auth</h2>
<h3 id="olivier-barbeau-23">Olivier Barbeau [23]</h3>
<h4 id="iroh-22">iroh [22]</h4>
<ul>
<li>fix http status code <a
href="https://github.com/advthreat/iroh/pull/7838">#7838</a></li>
<li>Rework of the script <code>check-changelog-update-time</code> <a
href="https://github.com/advthreat/iroh/pull/7658">#7658</a></li>
<li>RBAC: additional XDR tests <a
href="https://github.com/advthreat/iroh/pull/7634">#7634</a></li>
<li>GitHub Actions: do test coverage only once <a
href="https://github.com/advthreat/iroh/pull/7607">#7607</a></li>
<li>Increase Java Heap size for code coverage - Github Actions workflow
<a href="https://github.com/advthreat/iroh/pull/7585">#7585</a></li>
<li>add workdir for the check <a
href="https://github.com/advthreat/iroh/pull/7573">#7573</a></li>
<li>disable test <a
href="https://github.com/advthreat/iroh/pull/7566">#7566</a></li>
<li>Fail build if html not updated <a
href="https://github.com/advthreat/iroh/pull/7559">#7559</a></li>
<li>RBAC: enable the new XDR role 'Security Analyst Tier 2' <a
href="https://github.com/advthreat/iroh/pull/7545">#7545</a></li>
<li>Issue 7538 refactor of role retrieval <a
href="https://github.com/advthreat/iroh/pull/7540">#7540</a></li>
<li>automated 'revert role' operation with test <a
href="https://github.com/advthreat/iroh/pull/7537">#7537</a></li>
<li>RBAC: Retrocompatibility of the Provisioning API <a
href="https://github.com/advthreat/iroh/pull/7507">#7507</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Refactor around <code>ifn-pred</code> <a
href="https://github.com/advthreat/iroh/pull/7491">#7491</a></li>
<li>set job timeouts to 90 minutes <a
href="https://github.com/advthreat/iroh/pull/7506">#7506</a></li>
<li>set job timeouts to 60 minutes <a
href="https://github.com/advthreat/iroh/pull/7504">#7504</a></li>
<li>Test coverage v2 <a
href="https://github.com/advthreat/iroh/pull/7498">#7498</a></li>
<li>wait for hook to be finished before testing <a
href="https://github.com/advthreat/iroh/pull/7497">#7497</a></li>
<li>Add test coverage report to the Iroh GitHub Actions workflow <a
href="https://github.com/advthreat/iroh/pull/7453">#7453</a></li>
<li>RBAC for Org Access Request <a
href="https://github.com/advthreat/iroh/pull/7465">#7465</a></li>
<li>Issue 7333 rbac invitation service <a
href="https://github.com/advthreat/iroh/pull/7454">#7454</a></li>
<li>RBAC: new XDR tests for login and oauth-clients <a
href="https://github.com/advthreat/iroh/pull/7418">#7418</a></li>
<li>Issue 7413 move steps out of setup job <a
href="https://github.com/advthreat/iroh/pull/7414">#7414</a></li>
</ul>
<h4 id="tenzin-config-1-1">tenzin-config [1]</h4>
<ul>
<li>sets the <code>:xdr-roles</code> feature flag in INT and TEST <a
href="https://github.com/advthreat/tenzin-config/pull/840">#840</a></li>
</ul>
<h3 id="yogsototh-5">(Yogsototh) [5]</h3>
<h4 id="xdr-provisioning-5">xdr-provisioning [5]</h4>
<ul>
<li>Improve help regarding setting env vars</li>
<li>Improve the command line parsing</li>
<li>rename script to .sh</li>
<li>Add onboarding of DI and CSC</li>
<li>Initial provisioning Script</li>
</ul>
<h3 id="bartuka-15">bartuka [15]</h3>
<h4 id="iroh-13">iroh [13]</h4>
<ul>
<li>[IROH Auth] introducing <code>TimeService</code> in
<code>AuthService</code> <a
href="https://github.com/advthreat/iroh/pull/7806">#7806</a></li>
<li>[IROH Auth] allow only <code>iroh-core.time</code> in oauth2.core ns
<a href="https://github.com/advthreat/iroh/pull/7793">#7793</a></li>
<li>[IROH Auth] - Update IROH Web middleware to build short JWTs with
profile data <a
href="https://github.com/advthreat/iroh/pull/7671">#7671</a></li>
<li>[IROH Auth] - update <code>check-refresh-token</code> function <a
href="https://github.com/advthreat/iroh/pull/7669">#7669</a></li>
<li>[IROH Auth] - Update Design docs for Short JWT Epic <a
href="https://github.com/advthreat/iroh/pull/7670">#7670</a></li>
<li>[IROH Auth] <code>/profile/permissions</code> endpoint <a
href="https://github.com/advthreat/iroh/pull/7562">#7562</a></li>
<li>Patch <code>compojure-api</code> to allow endpoints with string-keys
(without keywordize the request <code>:body</code>) <a
href="https://github.com/advthreat/iroh/pull/7574">#7574</a></li>
<li>[IROH Auth] Include route <code>/profile/scopes</code> <a
href="https://github.com/advthreat/iroh/pull/7553">#7553</a></li>
<li>[IROH Auth] - Store Short JWTs <a
href="https://github.com/advthreat/iroh/pull/7476">#7476</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>[IROH Auth] refactor <code>gen-short-tokens</code> to avoid code
duplication <a
href="https://github.com/advthreat/iroh/pull/7485">#7485</a></li>
<li>Allow wildcard login origin in TEST env <a
href="https://github.com/advthreat/iroh/pull/7474">#7474</a></li>
<li>[IROH Auth] Generate Short JWT tokens <a
href="https://github.com/advthreat/iroh/pull/7450">#7450</a></li>
<li>[IROH Auth] Short JWT design <a
href="https://github.com/advthreat/iroh/pull/7436">#7436</a></li>
</ul>
<h4 id="tenzin-1">tenzin [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Update GPG Wanderson Ferreira <a
href="https://github.com/advthreat/tenzin/pull/2648">#2648</a></li>
</ul>
<h4 id="tenzin-config-1-2">tenzin-config [1]</h4>
<ul>
<li>add postgres and redis-cache store for IROH Auth JWTs <a
href="https://github.com/advthreat/tenzin-config/pull/839">#839</a></li>
</ul>
<h3 id="yann-esposito-44">Yann Esposito [44]</h3>
<h4 id="ctia-1">ctia [1]</h4>
<ul>
<li>bump snakeyaml to address CVE-2022-38751 <a
href="https://github.com/advthreat/ctia/pull/1346">#1346</a></li>
</ul>
<h4 id="iroh-30">iroh [30]</h4>
<ul>
<li>Add a missing option to disable default configs <a
href="https://github.com/advthreat/iroh/pull/7805">#7805</a></li>
<li>Add a script to init tokens without login in <a
href="https://github.com/advthreat/iroh/pull/7794">#7794</a></li>
<li>Fix schema for Response <a
href="https://github.com/advthreat/iroh/pull/7804">#7804</a></li>
<li>Add support to onboard a single app <a
href="https://github.com/advthreat/iroh/pull/7796">#7796</a></li>
<li>Add a role instrospection route to help the UI and other clients <a
href="https://github.com/advthreat/iroh/pull/7785">#7785</a></li>
<li>Fix scopes declaration for execute-workflow route <a
href="https://github.com/advthreat/iroh/pull/7799">#7799</a></li>
<li>Fix a Swagger bug due to schema name conflict <a
href="https://github.com/advthreat/iroh/pull/7790">#7790</a></li>
<li>Web api search improvements <a
href="https://github.com/advthreat/iroh/pull/7728">#7728</a></li>
<li>add profile and notification to ao-jwt <a
href="https://github.com/advthreat/iroh/pull/7726">#7726</a></li>
<li>Tk store combinator search queries (AND, OR, NOT) <a
href="https://github.com/advthreat/iroh/pull/7691">#7691</a></li>
<li>Fix a case where the body is <code class="verbatim">nil</code> <a
href="https://github.com/advthreat/iroh/pull/7685">#7685</a></li>
<li>Add xdr-instance-id field to the orgs <a
href="https://github.com/advthreat/iroh/pull/7707">#7707</a></li>
<li>PIAM: Provisioning onboard endpoint <a
href="https://github.com/advthreat/iroh/pull/7659">#7659</a></li>
<li>Add ff scope script <a
href="https://github.com/advthreat/iroh/pull/7680">#7680</a></li>
<li>added a script to add feature-flag scopes from command line <a
href="https://github.com/advthreat/iroh/pull/7676">#7676</a></li>
<li>prefer to use client from DB than client from config <a
href="https://github.com/advthreat/iroh/pull/7672">#7672</a></li>
<li>Align scopes to SXO behaviour <a
href="https://github.com/advthreat/iroh/pull/7673">#7673</a></li>
<li>fix lein start <a
href="https://github.com/advthreat/iroh/pull/7663">#7663</a></li>
<li>PIAM provisioning no idp-mapping for create user <a
href="https://github.com/advthreat/iroh/pull/7655">#7655</a></li>
<li>Default bootstrap &amp; config <a
href="https://github.com/advthreat/iroh/pull/6868">#6868</a></li>
<li>Add Entitlements to Orgs <a
href="https://github.com/advthreat/iroh/pull/7631">#7631</a></li>
<li>Remove yaml to supported format for profile API <a
href="https://github.com/advthreat/iroh/pull/7632">#7632</a></li>
<li>Fix a flaky test in either_test.clj <a
href="https://github.com/advthreat/iroh/pull/7610">#7610</a></li>
<li>Role Matrix representation in the code. <a
href="https://github.com/advthreat/iroh/pull/7583">#7583</a></li>
<li>fix some wording only for admin users view <a
href="https://github.com/advthreat/iroh/pull/7579">#7579</a></li>
<li>Improve User login logs situation <a
href="https://github.com/advthreat/iroh/pull/7555">#7555</a></li>
<li>Added a composable redis.nix <a
href="https://github.com/advthreat/iroh/pull/7535">#7535</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Fix template rendering during invite confirmation <a
href="https://github.com/advthreat/iroh/pull/7480">#7480</a></li>
<li>Display virtual users in the batch get users <a
href="https://github.com/advthreat/iroh/pull/7473">#7473</a></li>
<li>Add the UI session logout into IROH-Auth <a
href="https://github.com/advthreat/iroh/pull/7431">#7431</a></li>
</ul>
<h4 id="tenzin-2">tenzin [2]</h4>
<ul>
<li>use iroh.main for all nodes types <a
href="https://github.com/advthreat/tenzin/pull/2862">#2862</a></li>
<li>Update iroh.job.jinja <a
href="https://github.com/advthreat/tenzin/pull/2861">#2861</a></li>
</ul>
<h4 id="tenzin-config-6">tenzin-config [6]</h4>
<ul>
<li>fix missing iroh-async web-services <a
href="https://github.com/advthreat/tenzin-config/pull/884">#884</a></li>
<li>align iroh and iroh-async confs <a
href="https://github.com/advthreat/tenzin-config/pull/883">#883</a></li>
<li>Add CSC onboarding URLs <a
href="https://github.com/advthreat/tenzin-config/pull/875">#875</a></li>
<li>fix provisioning service <a
href="https://github.com/advthreat/tenzin-config/pull/863">#863</a></li>
<li>PIAM config change (+ boostrap cleanup) <a
href="https://github.com/advthreat/tenzin-config/pull/677">#677</a></li>
<li>add perf.orbital.threatgrid.com to allowed login origin <a
href="https://github.com/advthreat/tenzin-config/pull/854">#854</a></li>
</ul>
<h4 id="xdr-provisioning-5-1">xdr-provisioning [5]</h4>
<ul>
<li>Improve help regarding setting env vars</li>
<li>Improve the command line parsing</li>
<li>rename script to .sh</li>
<li>Add onboarding of DI and CSC</li>
<li>Initial provisioning Script</li>
</ul>
<h2 id="iroh-ops">iroh-ops</h2>
<h3 id="patrick-patat-19">Patrick Patat [19]</h3>
<h4 id="iroh-ops-18">iroh-ops [18]</h4>
<ul>
<li>Merge pull request #69 from advthreat/riemann-asg</li>
<li>Merge pull request #66 from advthreat/pg-cname</li>
<li>Merge pull request #65 from advthreat/minor-fix</li>
<li>Merge pull request #64 from advthreat/vector-docker</li>
<li>Merge pull request #63 from advthreat/asg-refresh</li>
<li>Merge pull request #61 from advthreat/auto-deploy</li>
<li>Merge pull request #60 from advthreat/webex-notif</li>
<li>Merge pull request #57 from advthreat/qualys</li>
<li>Merge pull request #56 from advthreat/dynamodb_backup</li>
<li>Merge pull request #55 from advthreat/iroh-queue</li>
<li>Merge pull request #52 from advthreat/nomad-job</li>
<li>Merge pull request #54 from advthreat/vault-stats</li>
<li>Merge pull request #48 from advthreat/vault-pki</li>
<li>Merge pull request #47 from advthreat/nomad-docker-config</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Merge pull request #41 from advthreat/codebuild-fix</li>
<li>Merge pull request #40 from advthreat/ansible-codebuild</li>
<li>Merge pull request #37 from advthreat/fix-host</li>
<li>Merge pull request #35 from advthreat/instances_route53</li>
</ul>
<h4 id="tenzin-1-1">tenzin [1]</h4>
<ul>
<li>allows iroh-ops dev platform to access redis <a
href="https://github.com/advthreat/tenzin/pull/2755">#2755</a></li>
</ul>
<h3 id="jerome-schneider-81">Jerome Schneider [81]</h3>
<h4 id="iroh-ops-24">iroh-ops [24]</h4>
<ul>
<li>render s3 artefacts generic and create a releases bucket</li>
<li>datadog: improve logging</li>
<li>add vector support for os logging</li>
<li>tf peering: don't peering public subnets</li>
<li>Add Datadog agent on all instances and specific setup for Nomad and
Consul</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>vpnator: remove cloudtrail support for the moment</li>
<li>ansible: migrate jerschne on master</li>
<li>iam_lambda_ec2_route53: re-add rights on EC2</li>
<li>improve iam management and adapt Ansible for it</li>
<li>tfw: manage correctly workspaces</li>
<li>switch jerschne on ansible master</li>
<li>Create a new env and manage terraform workspaces</li>
<li>dev: cleaning configuration</li>
<li>only one s3 bucket and dynamodb table per account for tfstates</li>
<li>Ansible: add Mitogen to improve performances (issue #26)</li>
<li>requirements.txt: add missing dependencies</li>
<li>vim: add a vimrc example</li>
<li>scripts/tfw: fixed json debugging message and exit message when it
failed</li>
<li>README is a markdown file</li>
<li>README.md: fix path</li>
<li>Migrate iroh-ops TF to Terraform Wrapper (tfw)</li>
<li>Add a Terraform Wrapper (tfw) that improve Terraform var files</li>
<li>ansible add a quick readme and a requirements.txt</li>
<li>TF: add kafka support</li>
</ul>
<h4 id="tenzin-57">tenzin [57]</h4>
<ul>
<li>Upgrade TF AWS provider</li>
<li>iroh-async: resize ASG and add downscaling support</li>
<li>iroh: add iroh signer certificates</li>
<li>ASG: Drain Nomad nodes before terminating instances</li>
<li>PROD AP: allows iroh-queue-monitor to put metric in Cloudwatch</li>
<li>PROD EU: allows iroh-queue-monitor to put metric in Cloudwatch</li>
<li>PROD US: allows iroh-queue-monitor to put metric in Cloudwatch</li>
<li>STAGE: allows iroh-queue-monitor to put metric in Cloudwatch</li>
<li>TEST: allows iroh-queue-monitor to put metric in Cloudwatch</li>
<li>INT: allows iroh-queue-monitor to put metric in Cloudwatch</li>
<li>Terraform: configure vault provider</li>
<li>iroh-async: resize instances and memory usage</li>
<li>PROD EU: Conure add IAM policy</li>
<li>PROD APJC: Conure add IAM policy</li>
<li>PROD NAM: Conure add IAM policy</li>
<li>STAGE: add Conure support</li>
<li>TEST: add new Conure IAM role</li>
<li>INT: add new Conure IAM role</li>
<li>iroh allows iroh-internal.*.iroh.site domains</li>
<li>add private-ctia-update-index-state on TEST,STAGE and PROD</li>
<li>STAGE: add iroh-internal support</li>
<li>PROD US: add iroh-internal support</li>
<li>PROD EU: add iroh-internal support</li>
<li>PROD APJC: add iroh-internal support</li>
<li>TEST: add iroh-internal support</li>
<li>INT: add iroh-internal support</li>
<li>RDS PostgreSQL: force SSL connections by default</li>
<li>add private-ctia-update-index-state job to update ES index
mapping</li>
<li>Iroh Async use custom metrics to scale</li>
<li>remove iroh-tooling</li>
<li>iroh-admin INT: revert breaking instance change</li>
<li>Caddy private: allow es-metrics for iroh-ops</li>
<li>allows iroh-ops dev platform to access to private caddy</li>
<li>PostgreSQL Conure change instances for PROD and TEST</li>
<li>add Conure RDS PostgreSQL on PROD and TEST</li>
<li>PROD EU: destroy iroh-investigate and iroh-incident</li>
<li>PROD APJC: destroy iroh-incident and iroh-investigate</li>
<li>PROD NAM: remove iroh-incident and iroh-investigate</li>
<li>TEST: destroy iroh-incident and iroh-investigate</li>
<li>improve</li>
<li>iroh-async: add downscaling!</li>
<li>INT/TEST: fixed iroh-admin conf to allow iroh-queue-monitor</li>
<li>INT: new RDS PostgreSQL for Conure</li>
<li>INT: remove iroh-incident and iroh-investigate</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Nomad jobs: fix MaxParallel when auto scaling is enabled!</li>
<li>iroh job: change the grace period from 120s to 180s</li>
<li>iroh-queue-monitor: migrate it on full https and allow access from
private rp</li>
<li>elasticache: change creation timeout</li>
<li>add dedicated Elasticache Redis for iroh-async</li>
<li>PROD APJC: add iroh-async support</li>
<li>PROD EU: add iroh-async support</li>
<li>PROD US: add iroh-async support</li>
<li>TEST: add iroh-async support</li>
<li>add a new iroh-async to replace iroh-investigate and
iroh-incident</li>
<li>iroh-admin nomad job: extend grace delay and add one more status
check</li>
<li>prod US: this PR allows tier3 engineers to manage SES suppression
list</li>
<li>allow iroh-tooling to access to RDS PostgreSQL</li>
</ul>
<h1 id="other">Other</h1>
<h2 id="other-1">Other</h2>
<h3 id="krishna-ganugapenta-32">krishna Ganugapenta [32]</h3>
<h4 id="tenzin-31">tenzin [31]</h4>
<ul>
<li>Mia Lehrer(milhrer) gpg key updated <a
href="https://github.com/advthreat/tenzin/pull/2725">#2725</a></li>
<li>Securex-news decommission from tenzin <a
href="https://github.com/advthreat/tenzin/pull/2876">#2876</a></li>
<li>ASG size bumped to negate excessive CPU useage <a
href="https://github.com/advthreat/tenzin/pull/2869">#2869</a></li>
<li>updated SG rules count for iroh-front-end <a
href="https://github.com/advthreat/tenzin/pull/2866">#2866</a></li>
<li>IAM policy to access cloudtrail logs s3 bucket <a
href="https://github.com/advthreat/tenzin/pull/2840">#2840</a></li>
<li>Fixing asea modules not in sync with AWS infra <a
href="https://github.com/advthreat/tenzin/pull/2828">#2828</a></li>
<li>logstash-cloudtrail versions updated in jobs.sls <a
href="https://github.com/advthreat/tenzin/pull/2812">#2812</a></li>
<li>IROH_ASYNC asg capacity increase <a
href="https://github.com/advthreat/tenzin/pull/2813">#2813</a></li>
<li>Logstash-cloudtrail filter settings have modified <a
href="https://github.com/advthreat/tenzin/pull/2808">#2808</a></li>
<li>Asea services tf modules removed from TEST to sync with AWS infra <a
href="https://github.com/advthreat/tenzin/pull/2800">#2800</a></li>
<li>tenzin-config files updated to intelligence app <a
href="https://github.com/advthreat/tenzin/pull/2779">#2779</a></li>
<li>Fixing logstash config file permission issue <a
href="https://github.com/advthreat/tenzin/pull/2765">#2765</a></li>
<li>Added read and write permission to logstash.yml <a
href="https://github.com/advthreat/tenzin/pull/2763">#2763</a></li>
<li>prestart task added to prevent permissions error <a
href="https://github.com/advthreat/tenzin/pull/2762">#2762</a></li>
<li>Added a new set variable for logstash-cloudtrail <a
href="https://github.com/advthreat/tenzin/pull/2760">#2760</a></li>
<li>Fixing logstash-cloudtrail nomad job config temp <a
href="https://github.com/advthreat/tenzin/pull/2759">#2759</a></li>
<li>Added a missing template for logstash-cloudtrail <a
href="https://github.com/advthreat/tenzin/pull/2757">#2757</a></li>
<li>Logstash-cloudtrail job to collect logs <a
href="https://github.com/advthreat/tenzin/pull/2756">#2756</a></li>
<li>XDR decommission from nomad cluster <a
href="https://github.com/advthreat/tenzin/pull/2684">#2684</a></li>
<li>SQS queue url fixed for logstash-cloudtrail nomad job <a
href="https://github.com/advthreat/tenzin/pull/2710">#2710</a></li>
<li>SQS queue url has got updated to logstash-cloudtrail job <a
href="https://github.com/advthreat/tenzin/pull/2709">#2709</a></li>
<li>filebeat and beats configuration updated <a
href="https://github.com/advthreat/tenzin/pull/2707">#2707</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Removal of accesskey/secret key from logstash-cloudtrail job <a
href="https://github.com/advthreat/tenzin/pull/2702">#2702</a></li>
<li>Added vault policy to oss nodes to fix logstash-cloudtrail nomad job
issue <a
href="https://github.com/advthreat/tenzin/pull/2700">#2700</a></li>
<li>Caddy port lable fix for logstash-cloudtrail job <a
href="https://github.com/advthreat/tenzin/pull/2698">#2698</a></li>
<li>Logstash job to retrieve cloudtrail logs from S3 <a
href="https://github.com/advthreat/tenzin/pull/2696">#2696</a></li>
<li>Enabled securex-ui-incidents for PROD <a
href="https://github.com/advthreat/tenzin/pull/2650">#2650</a></li>
<li>XDR shell app PROD config added <a
href="https://github.com/advthreat/tenzin/pull/2624">#2624</a></li>
<li>Conure DB access policy updated <a
href="https://github.com/advthreat/tenzin/pull/2627">#2627</a></li>
<li>xdr-apps configuration removed form caddy public <a
href="https://github.com/advthreat/tenzin/pull/2649">#2649</a></li>
<li>Caddy Path based routing changes reverted <a
href="https://github.com/advthreat/tenzin/pull/2623">#2623</a></li>
</ul>
<h4 id="tenzin-config-1-3">tenzin-config [1]</h4>
<ul>
<li>Securex-news removal from tenzin and tenzin-config <a
href="https://github.com/advthreat/tenzin-config/pull/869">#869</a></li>
</ul>
<h3 id="tancredi-orlando-1">Tancredi Orlando [1]</h3>
<h4 id="easy-purescript-nix-1">easy-purescript-nix [1]</h4>
<ul>
<li>purs-tidy: 0.9.0 -&gt; 0.9.2</li>
</ul>
<h3 id="milehrer-15">milehrer [15]</h3>
<h4 id="iroh-engine-15">iroh-engine [15]</h4>
<ul>
<li>move forward if no new targets or asset</li>
<li>prepare for 0.15.4</li>
<li>decouple first asset check from asset enrichment</li>
<li>change -&gt;instant to parse</li>
<li>write asset-enrich pipeline v1</li>
<li>Prepare for v0.14.6</li>
<li>update iroh service-wrapper to expect resolve-latest</li>
<li>add resolve-latest-assets iroh protocol and endpoint</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>prepare for v0.14.5</li>
<li>the less we talk about this, the better</li>
<li>prepare for version 0.14.4</li>
<li>make data in enrichment bundles align with real life</li>
<li>prepare for 0.14.3</li>
<li>remove deprecated trojansource step from github workflow</li>
<li>remove transient id generation from assets as DI now does it
instead</li>
</ul>
<h3 id="joel-holdbrooks-2">Joel Holdbrooks [2]</h3>
<h4 id="iroh-engine-2">iroh-engine [2]</h4>
<ul>
<li>Merge pull request #1373 from advthreat/noprompt-patch-1</li>
<li>Update unit_test.yml</li>
</ul>
<h3 id="michael-whitley-3">Michael Whitley [3]</h3>
<h4 id="response-3">response [3]</h4>
<ul>
<li>Update access-request.md</li>
<li>Update access-request.md</li>
<li>Update access-request.md</li>
</ul>
<h3 id="sofiia-mykytiuk-43">Sofiia Mykytiuk [43]</h3>
<h4 id="tenzin-43">tenzin [43]</h4>
<ul>
<li>Update VPNator in TEST, STAGE and PROD <a
href="https://github.com/advthreat/tenzin/pull/2932">#2932</a></li>
<li>Update STAGE docs S3 bucket <a
href="https://github.com/advthreat/tenzin/pull/2938">#2938</a></li>
<li>Update VPNator lambda functions in INT <a
href="https://github.com/advthreat/tenzin/pull/2929">#2929</a></li>
<li>Update min capacity for ASG in backup regions <a
href="https://github.com/advthreat/tenzin/pull/2917">#2917</a></li>
<li>Update readme in terraform folders for backup regions <a
href="https://github.com/advthreat/tenzin/pull/2896">#2896</a></li>
<li>Saltstack changes for backup regions <a
href="https://github.com/advthreat/tenzin/pull/2822">#2822</a></li>
<li>ROAdmin role for STAGE and PROD <a
href="https://github.com/advthreat/tenzin/pull/2909">#2909</a></li>
<li>Update saml in terraform to sync with AWS STAGE and PROD accounts <a
href="https://github.com/advthreat/tenzin/pull/2910">#2910</a></li>
<li>ROAdmin role for INT <a
href="https://github.com/advthreat/tenzin/pull/2903">#2903</a></li>
<li>Add nodes to ES-metrics cluster in EU <a
href="https://github.com/advthreat/tenzin/pull/2905">#2905</a></li>
<li>Remove Data VPNator from PROD <a
href="https://github.com/advthreat/tenzin/pull/2868">#2868</a></li>
<li>Terraform changes for backup regions <a
href="https://github.com/advthreat/tenzin/pull/2882">#2882</a></li>
<li>Remove modules needed for S3 batch operations <a
href="https://github.com/advthreat/tenzin/pull/2884">#2884</a></li>
<li>Disable replication for es-metrics <a
href="https://github.com/advthreat/tenzin/pull/2850">#2850</a></li>
<li>Update infrastructure diagram with second VPN <a
href="https://github.com/advthreat/tenzin/pull/2871">#2871</a></li>
<li>Remove data-vpnator from INT <a
href="https://github.com/advthreat/tenzin/pull/2855">#2855</a></li>
<li>PKI update for backup regions <a
href="https://github.com/advthreat/tenzin/pull/2842">#2842</a></li>
<li>Update vpnator script for new OPS setup <a
href="https://github.com/advthreat/tenzin/pull/2817">#2817</a></li>
<li>Fix module deletition <a
href="https://github.com/advthreat/tenzin/pull/2825">#2825</a></li>
<li>Remove cleaner lambda setup from INT, TEST <a
href="https://github.com/advthreat/tenzin/pull/2823">#2823</a></li>
<li>Module to setup new vpnator for OPS VPN in INT <a
href="https://github.com/advthreat/tenzin/pull/2816">#2816</a></li>
<li>Modules to setup VPNator for OPS VPN in PROD <a
href="https://github.com/advthreat/tenzin/pull/2814">#2814</a></li>
<li>BCP: Update readme with bastion info <a
href="https://github.com/advthreat/tenzin/pull/2456">#2456</a></li>
<li>Terraform modules update for TEST backup region <a
href="https://github.com/advthreat/tenzin/pull/2796">#2796</a></li>
<li>New PROD VPNator setup for non-ops VPN setup <a
href="https://github.com/advthreat/tenzin/pull/2748">#2748</a></li>
<li>Remove not needed permissions for kms-ssm in STAGE <a
href="https://github.com/advthreat/tenzin/pull/2733">#2733</a></li>
<li>Changing KMS key in Vault unseal config in STAGE <a
href="https://github.com/advthreat/tenzin/pull/2732">#2732</a></li>
<li>Adding permissions to kms-vault key <a
href="https://github.com/advthreat/tenzin/pull/2712">#2712</a></li>
<li>Remove permissions for kms-ssm from hashistack policy INT and TEST
<a href="https://github.com/advthreat/tenzin/pull/2719">#2719</a></li>
<li>Terraform modules update for TEST backup region <a
href="https://github.com/advthreat/tenzin/pull/2724">#2724</a></li>
<li>Changing unseal configuration for Vault in INT <a
href="https://github.com/advthreat/tenzin/pull/2718">#2718</a></li>
<li>Permissions for kms-vault key in INT and STAGE <a
href="https://github.com/advthreat/tenzin/pull/2706">#2706</a></li>
<li>KMS vault key material for INT and STAGE <a
href="https://github.com/advthreat/tenzin/pull/2705">#2705</a></li>
<li>New kms-vault key material <a
href="https://github.com/advthreat/tenzin/pull/2711">#2711</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Permissions for new kms-vault key in TEST backup region <a
href="https://github.com/advthreat/tenzin/pull/2695">#2695</a></li>
<li>Fix permissions for kms-vault key <a
href="https://github.com/advthreat/tenzin/pull/2692">#2692</a></li>
<li>Changing kms key in autounseal Vault config for TEST <a
href="https://github.com/advthreat/tenzin/pull/2680">#2680</a></li>
<li>Update README.md <a
href="https://github.com/advthreat/tenzin/pull/2686">#2686</a></li>
<li>Update salt to read datadog api key from SSM <a
href="https://github.com/advthreat/tenzin/pull/2679">#2679</a></li>
<li>Adding permissions for new kms-vault key for hashistack nodes in
TEST env <a
href="https://github.com/advthreat/tenzin/pull/2670">#2670</a></li>
<li>Adding permissions for datadog ssm parameter <a
href="https://github.com/advthreat/tenzin/pull/2663">#2663</a></li>
<li>Comment not needed references <a
href="https://github.com/advthreat/tenzin/pull/2656">#2656</a></li>
<li>KMS Vault key <a
href="https://github.com/advthreat/tenzin/pull/2668">#2668</a></li>
</ul>
<h3 id="will-lorand-1">Will Lorand [1]</h3>
<h4 id="iroh-1">iroh [1]</h4>
<ul>
<li>Update summary.org <a
href="https://github.com/advthreat/iroh/pull/7603">#7603</a></li>
</ul>
<h3 id="dmytro-budko-5">Dmytro Budko [5]</h3>
<h4 id="tenzin-5">tenzin [5]</h4>
<ul>
<li>SXOPS-630 Invalidate a CloudFront cache for INT/TEST after push
changes <a
href="https://github.com/advthreat/tenzin/pull/2897">#2897</a></li>
<li>SXOPS-191 Terraform: Bring INT and Test into sync with AWS (DOCS
INT/TEST) <a
href="https://github.com/advthreat/tenzin/pull/2889">#2889</a></li>
<li>SXOPS-616 DataDog agent not able to collect metrics (SLM) from ES <a
href="https://github.com/advthreat/tenzin/pull/2878">#2878</a></li>
<li>SXOPS-539 EC2 Keypair rotation for INT and TEST <a
href="https://github.com/advthreat/tenzin/pull/2787">#2787</a></li>
<li>SXOPS-539 Offboard Vadym Kiz <a
href="https://github.com/advthreat/tenzin/pull/2784">#2784</a></li>
</ul>
<h3 id="cisco-boz-1">Cisco Boz [1]</h3>
<h4 id="tenzin-1-2">tenzin [1]</h4>
<ul>
<li>Replace Threat Response -&gt; XDR for 502 pages on caddy-* public
&amp; private <a
href="https://github.com/advthreat/tenzin/pull/2934">#2934</a></li>
</ul>
<h3 id="patrick-patat-72">Patrick Patat [72]</h3>
<h4 id="iroh-ops-71">iroh-ops [71]</h4>
<ul>
<li>install and config riemann on asg</li>
<li>add riemann &amp; reimann_telemetry servers</li>
<li>add vault token for ansible</li>
<li>add rds pg cname and bump tf min version to 1.4</li>
<li>install vector after all (due to app log deps)</li>
<li>add vector config for docker with nomad</li>
<li>add auto instance refresh</li>
<li>disable notready service add the end of ansible run</li>
<li>remove unattended-upgrades pkg and ignore qualys server</li>
<li>setup a lambda that run ansible nomad-jobs when a new app version is
pushed to s3</li>
<li>override nomad jobs version with versions.json from s3 bucket
artefacts (needed for auto deployement)</li>
<li>add codebuild fail notification via webex</li>
<li>simplify sg rule and rename a boolean var</li>
<li>add doc for qualys setup</li>
<li>add qualys instances and extends customasation of instances, asg
&amp; sgs</li>
<li>create an aws backup vault and plan for dynamodb backup</li>
<li>create redis-async.iroh.dev.sh cname to tenzin's redis</li>
<li>add add iroh-queue-monitor, add http check for nomad jobs</li>
<li>config vault telemetry to send data to datadog</li>
<li>add role nomad-jobs with exemple job iroh &amp; hello, add related
caddy config for private rp</li>
<li>add python-nomad to manage job, add dogstatsd as volume &amp; add
metadata from docker</li>
<li>add iroh-ro vault policy</li>
<li>add vault ca to ssm, put vault ca on caddy vm &amp; update nomad
config for vault and docker</li>
<li>create custom modules for vault and aws private acm &amp; configure
vault internal pki</li>
<li>allow vault servers to query aws private acm</li>
<li>add docker registry and app_server role for docker registry use</li>
<li>move docker repo conf to linux base &amp; update nomad config</li>
<li>add .yml to group_vars files</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>create one codebuild job per env</li>
<li>change codebuild default env var to '' and fix missing env var in
user_data</li>
<li>create codebuild ansible-run and replace user_data local ansible
with codebuild trigger</li>
<li>push new admin key in user admin authorized keys</li>
<li>fix hostname config</li>
<li>add lambda to create/delete ec2 dns record on start and
terminate</li>
<li>centralize apt config &amp; set hostname and prompt</li>
<li>configure vault server &amp; add caddy vault config</li>
<li>refactor route53 lb cnames creation</li>
<li>upgrade vault instances config</li>
<li>split iam in mutliple file and add iam for vault instances</li>
<li>add dynamodb for vault</li>
<li>add CODEOWNERS file</li>
<li>remove openvpn push dns (useless with iroh.sh)</li>
<li>upgrade tf and ansible for caddy https with letsencrypt</li>
<li>upgrade dns config with iroh.sh &amp; iroh.services</li>
<li>secure all comunications between consul nomad and rps</li>
<li>do not redeploy instances on ami upgrade</li>
<li>refactor pki</li>
<li>fix: encode in base64 ssm parameters</li>
<li>Revert "temporaly disable encrypt communication for nomad and
consul"</li>
<li>pki for internal certs</li>
<li>use ansible-pull in user_data to config vm at first boot</li>
<li>use t4.small instead of t4.nano</li>
<li>add linux users config</li>
<li>fix: add hashicorp apt in vaul role</li>
<li>upgrade for private rp</li>
<li>add role and playbook for caddy private rp</li>
<li>move hashicorp's apt config to role nomad &amp; consul (do need it
on all vms)</li>
<li>add bastion and openvpn role, playbook and group_vars</li>
<li>temporaly disable encrypt communication for nomad and consul</li>
<li>replace _ with - in node name (need to be dns compatible)</li>
<li>add python3-boto3 to linux_base_pkgs</li>
<li>temporary allow everything from vpn</li>
<li>disable source_dest_check for vpn and add bastion dns name</li>
<li>upgrade for vpn server</li>
<li>ansible typos and code style</li>
<li>refactoring asgs &amp; security groups</li>
<li>refactor terraform asgs</li>
<li>use boolean value instead of strings, add tags in tasks and other
minor fixes</li>
<li>improve ansible.cfg, remove debug, fix unbound config</li>
<li>add load_balancer, app_server private_rp, remove caps from ressource
names</li>
<li>ansible bootstrap</li>
</ul>
<h4 id="tenzin-1-3">tenzin [1]</h4>
<ul>
<li>allows iroh-ops dev platform to access rds</li>
</ul>
<h3 id="yurii-ivanisenko-12">Yurii Ivanisenko [12]</h3>
<h4 id="tenzin-11">tenzin [11]</h4>
<ul>
<li>Add muhammad imran (muhammim) gpg key <a
href="https://github.com/advthreat/tenzin/pull/2899">#2899</a></li>
<li>Give Muhammad Imran (muhammim) SSH access <a
href="https://github.com/advthreat/tenzin/pull/2898">#2898</a></li>
<li>removed walkme-ci tf module files and vpn users <a
href="https://github.com/advthreat/tenzin/pull/2841">#2841</a></li>
<li>removed all saltstack entries with user vilakkak <a
href="https://github.com/advthreat/tenzin/pull/2818">#2818</a></li>
<li>removed TF module CloudWatch-lambda-sca-whitelist-testing <a
href="https://github.com/advthreat/tenzin/pull/2804">#2804</a></li>
<li>added diagrams for CTR_AWS and TAC-portal <a
href="https://github.com/advthreat/tenzin/pull/2717">#2717</a></li>
<li>align with INT lambda settings for Thousendeyes WL and TEST R53
recor… <a
href="https://github.com/advthreat/tenzin/pull/2715">#2715</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>fix CSP directives for visibility.amp in APJC and EU regions <a
href="https://github.com/advthreat/tenzin/pull/2689">#2689</a></li>
<li>fixed tab instead of spaces in caddy.yaml NAM <a
href="https://github.com/advthreat/tenzin/pull/2681">#2681</a></li>
<li>Caddy public job - added templates for TAC certificates <a
href="https://github.com/advthreat/tenzin/pull/2674">#2674</a></li>
<li>Added configs for TAC portal prod <a
href="https://github.com/advthreat/tenzin/pull/2666">#2666</a></li>
</ul>
<h4 id="tenzin-config-1-4">tenzin-config [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Added config.json for Tactical-portal in PROD regions <a
href="https://github.com/advthreat/tenzin-config/pull/817">#817</a></li>
</ul>
<h3 id="robert-levy-5">Robert Levy [5]</h3>
<h4 id="iroh-5-1">iroh [5]</h4>
<ul>
<li>fix dev-resources config to use the correct key signer-ops instead
of signer <a
href="https://github.com/advthreat/iroh/pull/7778">#7778</a></li>
<li>Add registered trademark to MITRE tile title <a
href="https://github.com/advthreat/iroh/pull/7775">#7775</a></li>
<li>Incidents' Detection Sources Tile <a
href="https://github.com/advthreat/iroh/pull/7725">#7725</a></li>
<li>top-targeted assets tile for control center (ctia investigate
module) <a
href="https://github.com/advthreat/iroh/pull/7689">#7689</a></li>
<li>MITRE Attack incidents tile <a
href="https://github.com/advthreat/iroh/pull/7523">#7523</a></li>
</ul>
<h3 id="mia-36">Mia [36]</h3>
<h4 id="iroh-22-1">iroh [22]</h4>
<ul>
<li>Update risk score docs to include overview of enrich-targets process
<a href="https://github.com/advthreat/iroh/pull/7773">#7773</a></li>
<li>log asset retrieval failure <a
href="https://github.com/advthreat/iroh/pull/7743">#7743</a></li>
<li>Separate risk score engine calls <a
href="https://github.com/advthreat/iroh/pull/7742">#7742</a></li>
<li>log bundle <a
href="https://github.com/advthreat/iroh/pull/7737">#7737</a></li>
<li>Flag observe targets <a
href="https://github.com/advthreat/iroh/pull/7697">#7697</a></li>
<li>remove verbose logs from risk score calculation <a
href="https://github.com/advthreat/iroh/pull/7618">#7618</a></li>
<li>FIXME temp log bundle-import-payload <a
href="https://github.com/advthreat/iroh/pull/7609">#7609</a></li>
<li>handle explicit nil cases for asset value <a
href="https://github.com/advthreat/iroh/pull/7604">#7604</a></li>
<li>Correct describe assets <a
href="https://github.com/advthreat/iroh/pull/7600">#7600</a></li>
<li>adjust logging <a
href="https://github.com/advthreat/iroh/pull/7596">#7596</a></li>
<li>Resolve latest asset log params <a
href="https://github.com/advthreat/iroh/pull/7594">#7594</a></li>
<li>add asset:read scope to token used for engine-service <a
href="https://github.com/advthreat/iroh/pull/7571">#7571</a></li>
<li>Iroh engine latest assets <a
href="https://github.com/advthreat/iroh/pull/7554">#7554</a></li>
<li>Update bundle import <a
href="https://github.com/advthreat/iroh/pull/7542">#7542</a></li>
<li>Fix risk score bundle import <a
href="https://github.com/advthreat/iroh/pull/7534">#7534</a></li>
<li>fix a typo in engine config introduce default consistent with engine
<a href="https://github.com/advthreat/iroh/pull/7525">#7525</a></li>
<li>Fix risk score auth <a
href="https://github.com/advthreat/iroh/pull/7517">#7517</a></li>
<li>Fix risk score auth <a
href="https://github.com/advthreat/iroh/pull/7516">#7516</a></li>
<li>Fix risk score auth with tests this time <a
href="https://github.com/advthreat/iroh/pull/7515">#7515</a></li>
<li>add auth token to bundle export header in risk score <a
href="https://github.com/advthreat/iroh/pull/7514">#7514</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>implement final risk score <a
href="https://github.com/advthreat/iroh/pull/7486">#7486</a></li>
<li>7342 preliminary risk score <a
href="https://github.com/advthreat/iroh/pull/7460">#7460</a></li>
</ul>
<h4 id="iroh-engine-13">iroh-engine [13]</h4>
<ul>
<li>Merge pull request #1385 from advthreat/v0.15.4-rc</li>
<li>Merge pull request #1384 from
advthreat/separate-add-assets-and-enrich-targets</li>
<li>Merge pull request #1371 from advthreat/testy-tests</li>
<li>Merge pull request #1367 from advthreat/v0.14.6-rc</li>
<li>Merge pull request #1366 from
advthreat/add-resolve-latest-assets</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Merge pull request #1365 from advthreat/v0.14.5-rc</li>
<li>Merge pull request #1364 from advthreat/change-test-again</li>
<li>Merge branch 'main' into change-test-again</li>
<li>Merge pull request #1363 from advthreat/v0.14.4-rc</li>
<li>Merge pull request #1362 from
advthreat/calculate-preliminary-risk-score</li>
<li>Merge pull request #1360 from advthreat/v0.14.3-rc</li>
<li>Merge pull request #1359 from advthreat/remove-trojansource</li>
<li>Merge pull request #1358 from advthreat/remove-transient-ids</li>
</ul>
<h4 id="tenzin-config-1-5">tenzin-config [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>flip feature flag in INT for score-based incident enrichment <a
href="https://github.com/advthreat/tenzin-config/pull/833">#833</a></li>
</ul>
<h3 id="devin-walters-5">Devin Walters [5]</h3>
<h4 id="iroh-engine-5">iroh-engine [5]</h4>
<ul>
<li>Prepare 0.15.2</li>
<li>Coerce to instant after reading as ZDT</li>
<li>Assert sightings</li>
<li>Let up</li>
<li>Use investigable-observables, promises delivered, add verdict</li>
</ul>
<h3 id="vadym-kiz-3">Vadym Kiz [3]</h3>
<h4 id="tenzin-3">tenzin [3]</h4>
<ul>
<li>SXOPS-361 GitHub self-hosted runners for SecureX UI monorepo <a
href="https://github.com/advthreat/tenzin/pull/2635">#2635</a></li>
<li>Datadog: enable slm_stats <a
href="https://github.com/advthreat/tenzin/pull/2778">#2778</a></li>
<li>SSH access - jbusboom <a
href="https://github.com/advthreat/tenzin/pull/2738">#2738</a></li>
</ul>
<h3 id="ag-ibragimov-8">Ag Ibragimov [8]</h3>
<h4 id="iroh-4-2">iroh [4]</h4>
<ul>
<li>Unassigned Incidents Tile should show relative time <a
href="https://github.com/advthreat/iroh/pull/7824">#7824</a></li>
<li>Control center: Navigate to Incidents page from tile <a
href="https://github.com/advthreat/iroh/pull/7760">#7760</a></li>
<li>Control Center – Detection Sources Tile: Fixes query parenthesizing
<a href="https://github.com/advthreat/iroh/pull/7759">#7759</a></li>
<li>API work for unassigned incidents <a
href="https://github.com/advthreat/iroh/pull/7682">#7682</a></li>
</ul>
<h4 id="tenzin-config-4-1">tenzin-config [4]</h4>
<ul>
<li>adds :xdr-site-url <a
href="https://github.com/advthreat/tenzin-config/pull/885">#885</a></li>
<li>adds detection sources config for PROD <a
href="https://github.com/advthreat/tenzin-config/pull/881">#881</a></li>
<li>additional client_id for incident sources <a
href="https://github.com/advthreat/tenzin-config/pull/877">#877</a></li>
<li>adds incident sources: test, int <a
href="https://github.com/advthreat/tenzin-config/pull/873">#873</a></li>
</ul>
<h3 id="justin-woo-2">Justin Woo [2]</h3>
<h4 id="easy-purescript-nix-2">easy-purescript-nix [2]</h4>
<ul>
<li>Merge pull request #219 from turlando/purs-tidy-0.9.2</li>
<li>Merge pull request #218 from paluh/master</li>
</ul>
<h3 id="dependabotbot-0">dependabot[bot] [0]</h3>
<h3 id="sam-waggoner-4">Sam Waggoner [4]</h3>
<h4 id="ctia-1-1">ctia [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>threatgrid/ctim/#381 Migrate actor 1.2.0 <a
href="https://github.com/advthreat/ctia/pull/1323">#1323</a></li>
</ul>
<h4 id="tenzin-config-3">tenzin-config [3]</h4>
<ul>
<li>Add hydrant es-metrics configs for events.</li>
<li>Fix hydrant-talos-ta-blog misnamed http-options.</li>
<li>advthreat/hydrant#721 update talos blog http-options.</li>
</ul>
<h3 id="ii-9">II [9]</h3>
<h4 id="iroh-7">iroh [7]</h4>
<ul>
<li>Issue 7455 - Minor cleanup from XDR tiles merge <a
href="https://github.com/advthreat/iroh/pull/7695">#7695</a></li>
<li>6963 implements one-click module wrapper endpoint <a
href="https://github.com/advthreat/iroh/pull/7315">#7315</a></li>
<li>Issue 7647 AMP observe targets <a
href="https://github.com/advthreat/iroh/pull/7661">#7661</a></li>
<li>Issue 7647 - IObserveTargetModule protocol <a
href="https://github.com/advthreat/iroh/pull/7651">#7651</a></li>
<li>Ao shortcut use unique names <a
href="https://github.com/advthreat/iroh/pull/7627">#7627</a></li>
<li>Ao docs formatting fixes <a
href="https://github.com/advthreat/iroh/pull/7625">#7625</a></li>
<li>Issue 7550 ao workflow exec shortcut <a
href="https://github.com/advthreat/iroh/pull/7617">#7617</a></li>
</ul>
<h4 id="tenzin-config-2">tenzin-config [2]</h4>
<ul>
<li>Adds one-click service to bootstrap.cfg files <a
href="https://github.com/advthreat/tenzin-config/pull/862">#862</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Tac portal PROD login origins <a
href="https://github.com/advthreat/tenzin-config/pull/821">#821</a></li>
</ul>
<h3 id="eric-gierach-10">Eric Gierach [10]</h3>
<h4 id="iroh-3">iroh [3]</h4>
<ul>
<li>Fix attack graph simplification <a
href="https://github.com/advthreat/iroh/pull/7747">#7747</a></li>
<li>latest simplification logic (edges not considered) <a
href="https://github.com/advthreat/iroh/pull/7662">#7662</a></li>
<li>update notable events to match what the Engine client is producing
for CTR <a
href="https://github.com/advthreat/iroh/pull/7614">#7614</a></li>
</ul>
<h4 id="iroh-engine-7">iroh-engine [7]</h4>
<ul>
<li>Merge pull request #1387 from advthreat/v0.15.5-rc</li>
<li>Prepare for 0.15.5 release.</li>
<li>Merge pull request #1386 from advthreat/enrich-all-targets</li>
<li>Fix typo in log</li>
<li>Merge pull request #1370 from
advthreat/dependabot/npm_and_yarn/webpack-5.76.0</li>
<li>Merge branch 'main' into dependabot/npm_and_yarn/webpack-5.76.0</li>
<li>Merge pull request #1368 from
advthreat/dependabot/npm_and_yarn/xmldom/xmldom-and-mountebank-0.8.4</li>
</ul>
<h3 id="adam-sayer-26">Adam Sayer [26]</h3>
<h4 id="tenzin-25">tenzin [25]</h4>
<ul>
<li>webexbox fix on saltmaster <a
href="https://github.com/advthreat/tenzin/pull/2937">#2937</a></li>
<li>increase ES storage iops/throughput <a
href="https://github.com/advthreat/tenzin/pull/2927">#2927</a></li>
<li>Vercel CICD accept 409 and watch http state</li>
<li>Add Vercel CI/CD to Saltmaster <a
href="https://github.com/advthreat/tenzin/pull/2920">#2920</a></li>
<li>Update hydrant container version <a
href="https://github.com/advthreat/tenzin/pull/2891">#2891</a></li>
<li>snort filename fix <a
href="https://github.com/advthreat/tenzin/pull/2890">#2890</a></li>
<li>Update hydrant container to 1.36 in INT <a
href="https://github.com/advthreat/tenzin/pull/2888">#2888</a></li>
<li>remove jq verify usage <a
href="https://github.com/advthreat/tenzin/pull/2885">#2885</a></li>
<li>Fix - Extract Talos Snort Rule files for Importer <a
href="https://github.com/advthreat/tenzin/pull/2880">#2880</a></li>
<li>github runner salt and terraform <a
href="https://github.com/advthreat/tenzin/pull/2875">#2875</a></li>
<li>update securex-ui in INT for latest NVM profiles <a
href="https://github.com/advthreat/tenzin/pull/2873">#2873</a></li>
<li>Route53 Module refactor <a
href="https://github.com/advthreat/tenzin/pull/2851">#2851</a></li>
<li>Revert "SXOPS-361 GitHub self-hosted runners for SecureX UI monorepo
(#2635)" <a
href="https://github.com/advthreat/tenzin/pull/2859">#2859</a></li>
<li>github-runner ASG <a
href="https://github.com/advthreat/tenzin/pull/2852">#2852</a></li>
<li>Update r53 module to allow geolocation <a
href="https://github.com/advthreat/tenzin/pull/2844">#2844</a></li>
<li>Cloud9 ami APJC EU <a
href="https://github.com/advthreat/tenzin/pull/2803">#2803</a></li>
<li>Cloud9 AMI to NAM <a
href="https://github.com/advthreat/tenzin/pull/2792">#2792</a></li>
<li>Bash to replace ES instances <a
href="https://github.com/advthreat/tenzin/pull/2777">#2777</a></li>
<li>Upgrade 6th gen ec2 and cloud9 AMI for TEST <a
href="https://github.com/advthreat/tenzin/pull/2775">#2775</a></li>
<li>Int cloud9 ami refresh <a
href="https://github.com/advthreat/tenzin/pull/2768">#2768</a></li>
<li>Allow instance refresh on ASG module <a
href="https://github.com/advthreat/tenzin/pull/2766">#2766</a></li>
<li>VPC peer TEST-STAGE for qa-macos instance <a
href="https://github.com/advthreat/tenzin/pull/2734">#2734</a></li>
<li>Stage salt <a
href="https://github.com/advthreat/tenzin/pull/2716">#2716</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Allow ingress from IROH to ES private storage <a
href="https://github.com/advthreat/tenzin/pull/2652">#2652</a></li>
<li>Allow ingress from IROH to es private storage INT <a
href="https://github.com/advthreat/tenzin/pull/2630">#2630</a></li>
</ul>
<h4 id="tenzin-config-1-6">tenzin-config [1]</h4>
<ul>
<li>Stage env configs <a
href="https://github.com/advthreat/tenzin-config/pull/785">#785</a></li>
</ul>
<h3 id="tomasz-rybarczyk-1">Tomasz Rybarczyk [1]</h3>
<h4 id="easy-purescript-nix-1-1">easy-purescript-nix [1]</h4>
<ul>
<li>purs: 0.15.7 -&gt; 0.15.8</li>
</ul>
<h3 id="chris-duane-2">Chris Duane [2]</h3>
<h4 id="response-2">response [2]</h4>
<ul>
<li>Update access-request.md</li>
<li>Create security-event.md</li>
</ul>
<h3 id="section">[9]</h3>
<h4 id="iroh-7-1">iroh [7]</h4>
<ul>
<li>Issue 7455 - Minor cleanup from XDR tiles merge <a
href="https://github.com/advthreat/iroh/pull/7695">#7695</a></li>
<li>6963 implements one-click module wrapper endpoint <a
href="https://github.com/advthreat/iroh/pull/7315">#7315</a></li>
<li>Issue 7647 AMP observe targets <a
href="https://github.com/advthreat/iroh/pull/7661">#7661</a></li>
<li>Issue 7647 - IObserveTargetModule protocol <a
href="https://github.com/advthreat/iroh/pull/7651">#7651</a></li>
<li>Ao shortcut use unique names <a
href="https://github.com/advthreat/iroh/pull/7627">#7627</a></li>
<li>Ao docs formatting fixes <a
href="https://github.com/advthreat/iroh/pull/7625">#7625</a></li>
<li>Issue 7550 ao workflow exec shortcut <a
href="https://github.com/advthreat/iroh/pull/7617">#7617</a></li>
</ul>
<h4 id="tenzin-config-2-1">tenzin-config [2]</h4>
<ul>
<li>Adds one-click service to bootstrap.cfg files <a
href="https://github.com/advthreat/tenzin-config/pull/862">#862</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Tac portal PROD login origins <a
href="https://github.com/advthreat/tenzin-config/pull/821">#821</a></li>
</ul>
<h3 id="john-jardine-30">John Jardine [30]</h3>
<h4 id="tenzin-30">tenzin [30]</h4>
<ul>
<li>Update SW versions, sort changes to the top <a
href="https://github.com/advthreat/tenzin/pull/2864">#2864</a></li>
<li>Add instances to handle new 3rd party integrations <a
href="https://github.com/advthreat/tenzin/pull/2870">#2870</a></li>
<li>Add capacity in OSS to support logstash-cloudtrail <a
href="https://github.com/advthreat/tenzin/pull/2865">#2865</a></li>
<li>Terraform edits to deconflict some values and make more generic <a
href="https://github.com/advthreat/tenzin/pull/2853">#2853</a></li>
<li>Create S3 Bucket, user, group, policy <a
href="https://github.com/advthreat/tenzin/pull/2839">#2839</a></li>
<li>Update integrations-crowdstrike to 1.0.2 in all regions <a
href="https://github.com/advthreat/tenzin/pull/2833">#2833</a></li>
<li>Move all Hydrant jobs to v1.35 (adds coas support) <a
href="https://github.com/advthreat/tenzin/pull/2826">#2826</a></li>
<li>Bash defaults: Remove TMOUT, assign set -o vi &amp; dir <a
href="https://github.com/advthreat/tenzin/pull/2829">#2829</a></li>
<li>Check single certificate <a
href="https://github.com/advthreat/tenzin/pull/2830">#2830</a></li>
<li>Align hydrant jobs on 4 minute multiples. <a
href="https://github.com/advthreat/tenzin/pull/2821">#2821</a></li>
<li>Updated ssh keypairs for EU NAM and APJC <a
href="https://github.com/advthreat/tenzin/pull/2791">#2791</a></li>
<li>SXOPS-529: SSH Default configuration changes <a
href="https://github.com/advthreat/tenzin/pull/2774">#2774</a></li>
<li>Check if integrations-healthcheck is working. <a
href="https://github.com/advthreat/tenzin/pull/2772">#2772</a></li>
<li>Update sumram.gpg</li>
<li>Make script outputs comparable by using same sort order <a
href="https://github.com/advthreat/tenzin/pull/2761">#2761</a></li>
<li>SXOPS-435: Add hydrant-talos-coas fixes for other regions <a
href="https://github.com/advthreat/tenzin/pull/2751">#2751</a></li>
<li>Quote cron entry to prevent YAML interpolation <a
href="https://github.com/advthreat/tenzin/pull/2750">#2750</a></li>
<li>Default Jason Busboom to absent to prevent global access <a
href="https://github.com/advthreat/tenzin/pull/2743">#2743</a></li>
<li>Updated rev-proxy for securex-ui-automate.test.iroh.site <a
href="https://github.com/advthreat/tenzin/pull/2744">#2744</a></li>
<li>Added gpg key for Atul Anand</li>
<li>SXOPS-491 Add securex ui automate support for TEST <a
href="https://github.com/advthreat/tenzin/pull/2729">#2729</a></li>
<li>Need to add securex-ui-automate.int.iroh.site to ACME <a
href="https://github.com/advthreat/tenzin/pull/2723">#2723</a></li>
<li>SXOPS-491 Add securex ui automate support <a
href="https://github.com/advthreat/tenzin/pull/2722">#2722</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Fix comment, fix error file content check <a
href="https://github.com/advthreat/tenzin/pull/2683">#2683</a></li>
<li>Backport v1.112 fixes to master <a
href="https://github.com/advthreat/tenzin/pull/2682">#2682</a></li>
<li>Initial commit <a
href="https://github.com/advthreat/tenzin/pull/2671">#2671</a></li>
<li>Add error handling to cert check <a
href="https://github.com/advthreat/tenzin/pull/2651">#2651</a></li>
<li>Initial Vercel Postman API <a
href="https://github.com/advthreat/tenzin/pull/2633">#2633</a></li>
<li>INT: Merge Consul overrides into jobs.sls <a
href="https://github.com/advthreat/tenzin/pull/2646">#2646</a></li>
<li>SXOPS-412: Trend Micro XDR Integration Relay INT and TEST <a
href="https://github.com/advthreat/tenzin/pull/2617">#2617</a></li>
</ul>
<h3 id="michael-pendergrass-4">Michael Pendergrass [4]</h3>
<h4 id="iroh-4-3">iroh [4]</h4>
<ul>
<li>Engine 0.15.5 <a
href="https://github.com/advthreat/iroh/pull/7768">#7768</a></li>
<li>add more attribute relation types <a
href="https://github.com/advthreat/iroh/pull/7660">#7660</a></li>
<li>More graph changes <a
href="https://github.com/advthreat/iroh/pull/7643">#7643</a></li>
<li>add graph output to incident summary <a
href="https://github.com/advthreat/iroh/pull/7549">#7549</a></li>
</ul>
<h3 id="scott-mcleod-4">Scott McLeod [4]</h3>
<h4 id="iroh-4-4">iroh [4]</h4>
<ul>
<li>Improve performance of IncidentReportService <a
href="https://github.com/advthreat/iroh/pull/7745">#7745</a></li>
<li>Add filters to Incident Report <a
href="https://github.com/advthreat/iroh/pull/7727">#7727</a></li>
<li>Add test to verify paging <a
href="https://github.com/advthreat/iroh/pull/7564">#7564</a></li>
<li>Use search_after paging for incident report (#7461) <a
href="https://github.com/advthreat/iroh/pull/7539">#7539</a></li>
</ul>
<h3 id="matthieu-sprunck-3">Matthieu Sprunck [3]</h3>
<h4 id="ctia-3">ctia [3]</h4>
<ul>
<li>Bump CTIM to 1.3.7 <a
href="https://github.com/advthreat/ctia/pull/1357">#1357</a></li>
<li>Bump to CTIM 1.3.5 <a
href="https://github.com/advthreat/ctia/pull/1349">#1349</a></li>
<li>Bump to CTIM 1.3.4 <a
href="https://github.com/advthreat/ctia/pull/1345">#1345</a></li>
</ul>
<h3 id="jerome-schneider-10">Jerome Schneider [10]</h3>
<h4 id="iroh-ops-9">iroh-ops [9]</h4>
<ul>
<li>Merge pull request #68 from advthreat/split-releases-artefacts</li>
<li>Merge pull request #51 from advthreat/logging-vector</li>
<li>Merge pull request #46 from advthreat/datadog</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Merge pull request #42 from advthreat/vpnator-rm-cloudtrail</li>
<li>Merge pull request #36 from advthreat/stricter-iam</li>
<li>Merge pull request #34 from advthreat/fix-tfw</li>
<li>Merge pull request #16 from advthreat/tfw-fixes</li>
<li>Merge pull request #13 from advthreat/tf-wrapper</li>
<li>Merge pull request #12 from advthreat/ansible</li>
</ul>
<h4 id="tenzin-1-4">tenzin [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>iroh(-async): improve memory management to avoid memory cgroup oom
<a href="https://github.com/advthreat/tenzin/pull/2693">#2693</a></li>
</ul>
<h3 id="t2sw-1">t2sw [1]</h3>
<h4 id="iroh-1-1">iroh [1]</h4>
<ul>
<li>modify get-tiles and get-tiles-data endpoints for xdr query
parameter <a
href="https://github.com/advthreat/iroh/pull/7757">#7757</a></li>
</ul>
<h3 id="bswanson-81">bswanson [81]</h3>
<h4 id="iroh-10">iroh [10]</h4>
<ul>
<li>Engine version bump. <a
href="https://github.com/advthreat/iroh/pull/7730">#7730</a></li>
<li>Asset correlation <a
href="https://github.com/advthreat/iroh/pull/7708">#7708</a></li>
<li>READY FOR REVIEW: observe-targets to iroh engine. <a
href="https://github.com/advthreat/iroh/pull/7683">#7683</a></li>
<li>Fix empty source breaking schema. <a
href="https://github.com/advthreat/iroh/pull/7687">#7687</a></li>
<li>BUG FIX: events were pulled from wrong key. <a
href="https://github.com/advthreat/iroh/pull/7678">#7678</a></li>
<li>Add Assets to Summary and Events incident endpoints <a
href="https://github.com/advthreat/iroh/pull/7666">#7666</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Add Eric and Mia to codeowners. <a
href="https://github.com/advthreat/iroh/pull/7501">#7501</a></li>
<li>Add extra fields to summary events <a
href="https://github.com/advthreat/iroh/pull/7482">#7482</a></li>
<li>Add optional keys owner and groups to :incident-id/events schema. <a
href="https://github.com/advthreat/iroh/pull/7449">#7449</a></li>
<li>Allow port key in the private-intel service context <a
href="https://github.com/advthreat/iroh/pull/7435">#7435</a></li>
</ul>
<h4 id="iroh-engine-68">iroh-engine [68]</h4>
<ul>
<li>Merge pull request #1383 from advthreat/v0.15.3-rc</li>
<li>Update changelog.</li>
<li>Prepare for 0.15.3 release</li>
<li>Merge pull request #1381 from advthreat/proper-no-op</li>
<li>Merge branch 'main' into proper-no-op</li>
<li>Merge pull request #1382 from advthreat/codeowners</li>
<li>Add folks to codeowners, remove our previous humans.</li>
<li>Update release to remove unused project.clj</li>
<li>Cleanup tests.</li>
<li>Update tests to reflect passthrough behavior.</li>
<li>failing tests, but no-op.</li>
<li>Merge pull request #1380 from advthreat/v0.15.2-rc</li>
<li>Merge pull request #1379 from advthreat/superstitious-p</li>
<li>Merge pull request #1378 from advthreat/v0.15.1-rc</li>
<li>Release v0.15.1.</li>
<li>Merge pull request #1377 from
advthreat/remove-original-sightings</li>
<li>Don't print 100s of sightings :D</li>
<li>Add logging.</li>
<li>Remove CTIM dependency.</li>
<li>Data for you and data for me</li>
<li>Cabinet of curiosities be gone.</li>
<li>Datums test.</li>
<li>new asset responses.</li>
<li>Check no-op case for assets-for-new-targets.</li>
<li>Add assets and asset mappings.</li>
<li>Remove fake test that described itself as real.</li>
<li>Use add-latest-asset-info from enrich ns.</li>
<li>Add failing observe-target-observables-test.</li>
<li>Do not pass back the relationships or sightings from the original
bundle.</li>
<li>Merge pull request #1374 from advthreat/v0.15.0-rc</li>
<li>Release candidate 0.15.0</li>
<li>Merge pull request #1372 from advthreat/asset-enrich</li>
<li>Merge branch 'main' into asset-enrich</li>
<li>Only need to wrap around exception.</li>
<li>Magic sauce for cljs vs clj.</li>
<li>Add test for -&gt;instant.</li>
<li>Fix let&lt;.</li>
<li>promesify everything.</li>
<li>PR feedback, add p/let.</li>
<li>PR feedback.</li>
<li>map observable keys (this shouldn't matter, but for consistency and
safety sake.)</li>
<li>Refactor exists? because it's a function.</li>
<li>Update src/iroh/engine/asset/enrich.cljc</li>
<li>Fix IrohServiceWrapper call.</li>
<li>move time fns into time ns.</li>
<li>A bit more function now.</li>
<li>IT LIVESSSS.</li>
<li>Add emit_observe_targets_enrich.js</li>
<li>Wiring through observable call.</li>
<li>mountebank.</li>
<li>Getting farther through the pipeline.</li>
<li>Resolve linter errors.</li>
<li>more promises for us.</li>
<li>cleanup nested whens.</li>
<li>Try to call targets.</li>
<li>it puts the promise on the code.</li>
<li>Smaller functions.</li>
<li>Clean up more test ns.</li>
<li>Cleanup tests.</li>
<li>Merge branch 'main' into asset-enrich</li>
<li>Move logic into previous function.</li>
<li>Add resolve latest mountebank test.</li>
<li>Some unit tests.</li>
<li>prepare for the sightening.</li>
<li>extract targets from enriched response.</li>
<li>Break out a couple more small functions.</li>
<li>Implement some small helper functions.</li>
<li>Pull in used sighting ns and reference observable var.</li>
</ul>
<h4 id="tenzin-config-3-1">tenzin-config [3]</h4>
<ul>
<li>Add config for prod and fix test typo. <a
href="https://github.com/advthreat/tenzin-config/pull/846">#846</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Add iroh base url to conure config. <a
href="https://github.com/advthreat/tenzin-config/pull/829">#829</a></li>
<li>Add necessary conure config. <a
href="https://github.com/advthreat/tenzin-config/pull/811">#811</a></li>
</ul>
<h3 id="pawan-bahuguna-31">Pawan Bahuguna [31]</h3>
<h4 id="tenzin-31-1">tenzin [31]</h4>
<ul>
<li>Sxops 191 - custom_response_body <a
href="https://github.com/advthreat/tenzin/pull/2933">#2933</a></li>
<li>Added health check header <a
href="https://github.com/advthreat/tenzin/pull/2921">#2921</a></li>
<li>Added Health check header to crowdstrike for testing <a
href="https://github.com/advthreat/tenzin/pull/2916">#2916</a></li>
<li>Increased the Max size to 6 <a
href="https://github.com/advthreat/tenzin/pull/2908">#2908</a></li>
<li>Updated the version to 7.0.7 to sync with AWS <a
href="https://github.com/advthreat/tenzin/pull/2907">#2907</a></li>
<li>SXOPS-621 - Enable IAM Access Advisor in all envs <a
href="https://github.com/advthreat/tenzin/pull/2894">#2894</a></li>
<li>Removed Event Processor Role <a
href="https://github.com/advthreat/tenzin/pull/2881">#2881</a></li>
<li>SXOPS 191 Update TEST VPC Peering <a
href="https://github.com/advthreat/tenzin/pull/2879">#2879</a></li>
<li>Changed version to 7.0.5, already present in aws <a
href="https://github.com/advthreat/tenzin/pull/2877">#2877</a></li>
<li>Updated desired capacity, min and max size <a
href="https://github.com/advthreat/tenzin/pull/2874">#2874</a></li>
<li>SXOPS-490 Docker version health check <a
href="https://github.com/advthreat/tenzin/pull/2837">#2837</a></li>
<li>Added CU, IR, KP, SY <a
href="https://github.com/advthreat/tenzin/pull/2854">#2854</a></li>
<li>Added artifacts and XDR to ordered_cache_behavior - Already in AWS
<a href="https://github.com/advthreat/tenzin/pull/2848">#2848</a></li>
<li>SXOPS-191-Updated VPC peering connection <a
href="https://github.com/advthreat/tenzin/pull/2835">#2835</a></li>
<li>Added docker container version check <a
href="https://github.com/advthreat/tenzin/pull/2815">#2815</a></li>
<li>SAML sync with AWS <a
href="https://github.com/advthreat/tenzin/pull/2824">#2824</a></li>
<li>enabled intelligence in prod <a
href="https://github.com/advthreat/tenzin/pull/2807">#2807</a></li>
<li>SXOPS-535 Micro Frontend Ribbon <a
href="https://github.com/advthreat/tenzin/pull/2806">#2806</a></li>
<li>int-iroh-registration-ui User is already present in AWS <a
href="https://github.com/advthreat/tenzin/pull/2801">#2801</a></li>
<li>Removed CloudWatch-CSIRT.tf <a
href="https://github.com/advthreat/tenzin/pull/2788">#2788</a></li>
<li>updated the asg_max_size to 6 <a
href="https://github.com/advthreat/tenzin/pull/2781">#2781</a></li>
<li>Added instance refresh <a
href="https://github.com/advthreat/tenzin/pull/2780">#2780</a></li>
<li>Enabling watchdog check on Crowdstrike <a
href="https://github.com/advthreat/tenzin/pull/2773">#2773</a></li>
<li>SXOPS-490 Add/Update 3rd Party Integrations health checks <a
href="https://github.com/advthreat/tenzin/pull/2767">#2767</a></li>
<li>Added TLS - automate MFE <a
href="https://github.com/advthreat/tenzin/pull/2753">#2753</a></li>
<li>PROD automate MFE <a
href="https://github.com/advthreat/tenzin/pull/2752">#2752</a></li>
<li>[SXOPS-497] Create 3rd Party Integrations for Cybereason &amp;
Crowdstrike (INT/TEST) <a
href="https://github.com/advthreat/tenzin/pull/2747">#2747</a></li>
<li>Added dbudko pabahugu to VPN list <a
href="https://github.com/advthreat/tenzin/pull/2728">#2728</a></li>
<li>Sxops 484 onboard dmytro dbudko <a
href="https://github.com/advthreat/tenzin/pull/2727">#2727</a></li>
<li>SXOPS-476 Decom Nomad task securex-ui-incidents from Tenzin <a
href="https://github.com/advthreat/tenzin/pull/2699">#2699</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>enable prod <a
href="https://github.com/advthreat/tenzin/pull/2662">#2662</a></li>
</ul>
<h3 id="trent-boyd-2">Trent Boyd [2]</h3>
<h4 id="tenzin-config-2-2">tenzin-config [2]</h4>
<ul>
<li>chore: add https dev urls to xdr projects <a
href="https://github.com/advthreat/tenzin-config/pull/886">#886</a></li>
<li>feat: add configs for securex-ui-intelligence job <a
href="https://github.com/advthreat/tenzin-config/pull/852">#852</a></li>
</ul>
<h3 id="devin-walters-12">Devin Walters [12]</h3>
<h4 id="tenzin-7">tenzin [7]</h4>
<ul>
<li>Set tmpdir to /local for conure task <a
href="https://github.com/advthreat/tenzin/pull/2930">#2930</a></li>
<li>Mount datadog socket in conure task <a
href="https://github.com/advthreat/tenzin/pull/2922">#2922</a></li>
<li>Remove Conure access to IROH RDS instance <a
href="https://github.com/advthreat/tenzin/pull/2742">#2742</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Capture the rest of a log message as 'message_text' for clj stack
logs <a
href="https://github.com/advthreat/tenzin/pull/2660">#2660</a></li>
<li>Grok pattern which captures message for the clj stack <a
href="https://github.com/advthreat/tenzin/pull/2658">#2658</a></li>
<li>Add RMI server hostname <a
href="https://github.com/advthreat/tenzin/pull/2640">#2640</a></li>
<li>Include configuration for hikari monitoring via JMX <a
href="https://github.com/advthreat/tenzin/pull/2639">#2639</a></li>
</ul>
<h4 id="tenzin-config-5-1">tenzin-config [5]</h4>
<ul>
<li>Specify JWK per environment <a
href="https://github.com/advthreat/tenzin-config/pull/866">#866</a></li>
<li>Update conure username in prod environments <a
href="https://github.com/advthreat/tenzin-config/pull/860">#860</a></li>
<li>Update conure db username in TEST <a
href="https://github.com/advthreat/tenzin-config/pull/856">#856</a></li>
<li>Update conure configuration <a
href="https://github.com/advthreat/tenzin-config/pull/843">#843</a></li>
<li>Test out dedicated conure postgres instance <a
href="https://github.com/advthreat/tenzin-config/pull/838">#838</a></li>
</ul>
<h3 id="martin-bruchanov-20">Martin Bruchanov [20]</h3>
<h4 id="tenzin-20">tenzin [20]</h4>
<ul>
<li>Adding data nodes to lower file system utilization <a
href="https://github.com/advthreat/tenzin/pull/2940">#2940</a></li>
<li>Adding vercel deploy to sudo for consul <a
href="https://github.com/advthreat/tenzin/pull/2936">#2936</a></li>
<li>Increasing number of data nodes to the current state <a
href="https://github.com/advthreat/tenzin/pull/2935">#2935</a></li>
<li>Security groups for OPS VPN in INT <a
href="https://github.com/advthreat/tenzin/pull/2924">#2924</a></li>
<li>Added CLI parameters for ES administration tools <a
href="https://github.com/advthreat/tenzin/pull/2915">#2915</a></li>
<li>Removing salt references for terminated OPs instance <a
href="https://github.com/advthreat/tenzin/pull/2900">#2900</a></li>
<li>Updated contacts of EDF team <a
href="https://github.com/advthreat/tenzin/pull/2895">#2895</a></li>
<li>Fixed JSON validation for IROH query <a
href="https://github.com/advthreat/tenzin/pull/2887">#2887</a></li>
<li>Fixed correct hostname and SSM keys <a
href="https://github.com/advthreat/tenzin/pull/2893">#2893</a></li>
<li>OPS OpenVPN salt deployment <a
href="https://github.com/advthreat/tenzin/pull/2883">#2883</a></li>
<li>Renaming data-openvpn to ops-openvpn <a
href="https://github.com/advthreat/tenzin/pull/2845">#2845</a></li>
<li>Increasing edf-reporting and iops-reporting memory allocation <a
href="https://github.com/advthreat/tenzin/pull/2838">#2838</a></li>
<li>Added list of Consul UI hostnames <a
href="https://github.com/advthreat/tenzin/pull/2789">#2789</a></li>
<li>Tool for quick SSH to Consul leader <a
href="https://github.com/advthreat/tenzin/pull/2785">#2785</a></li>
<li>Cleaning up intel2x hostname <a
href="https://github.com/advthreat/tenzin/pull/2654">#2654</a></li>
<li>Second VPN server for Non-OPS access <a
href="https://github.com/advthreat/tenzin/pull/2735">#2735</a></li>
<li>Fixed duplicated uid in user profile <a
href="https://github.com/advthreat/tenzin/pull/2740">#2740</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>NAM ElasticSearch clean up: DNS, S3 bucket for snapshots <a
href="https://github.com/advthreat/tenzin/pull/2697">#2697</a></li>
<li>Updating hostnames, fixed error with missing authentication <a
href="https://github.com/advthreat/tenzin/pull/2637">#2637</a></li>
<li>Tranfer of existing roles from one ES cluter to another <a
href="https://github.com/advthreat/tenzin/pull/2634">#2634</a></li>
</ul>
<h3 id="michael-simonson-3">Michael Simonson [3]</h3>
<h4 id="tenzin-2-1">tenzin [2]</h4>
<ul>
<li>Adds input buckets for non-int envs <a
href="https://github.com/advthreat/tenzin/pull/2863">#2863</a></li>
<li>SXOPs-hydrant-talos-coa-importer <a
href="https://github.com/advthreat/tenzin/pull/2741">#2741</a></li>
</ul>
<h4 id="tenzin-config-1-7">tenzin-config [1]</h4>
<ul>
<li>Issue SXOPs-562: Hydrant Manual Removal Importer <a
href="https://github.com/advthreat/tenzin-config/pull/859">#859</a></li>
</ul>
<h3 id="john-jardine-5">John Jardine [5]</h3>
<h4 id="tenzin-4">tenzin [4]</h4>
<ul>
<li>Revert "Move all Hydrant jobs to v1.35 (adds coas support)"</li>
<li>Revert "Include STAGE in hydrant container version update"</li>
<li>Include STAGE in hydrant container version update</li>
<li>Move all Hydrant jobs to v1.35 (adds coas support)</li>
</ul>
<h4 id="tenzin-config-1-8">tenzin-config [1]</h4>
<ul>
<li>Importer was missing the config files <a
href="https://github.com/advthreat/tenzin-config/pull/850">#850</a></li>
</ul>
<h3 id="gayan-jayasundara-7">Gayan Jayasundara [7]</h3>
<h4 id="tenzin-7-1">tenzin [7]</h4>
<ul>
<li>Bump crowdstrike and SentinalOne - Ian requested <a
href="https://github.com/advthreat/tenzin/pull/2904">#2904</a></li>
<li>Bump crowdstrike into 1.0.2a - Bug fix from Ian <a
href="https://github.com/advthreat/tenzin/pull/2846">#2846</a></li>
<li>SXOPS-512 Bump crowdstrike and sentinelone versions <a
href="https://github.com/advthreat/tenzin/pull/2802">#2802</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Migrate securex-ui-incidents from Nomad to Vercel - non-prod - DNS
<a href="https://github.com/advthreat/tenzin/pull/2691">#2691</a></li>
<li>securex-ui-control-center - non-prod vercel <a
href="https://github.com/advthreat/tenzin/pull/2690">#2690</a></li>
<li>Update cyberprotect integration to latest (2.0.6) <a
href="https://github.com/advthreat/tenzin/pull/2673">#2673</a></li>
<li>Redirect XDR int to Vercel <a
href="https://github.com/advthreat/tenzin/pull/2667">#2667</a></li>
</ul>
</body>
</html>