yogsototh/deft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
Yann Esposito (Yogsototh) 2024-06-27 11:09:53 +02:00
parent 0110eee062
commit 9f0200c13d
Signed by untrusted user who does not match committer: yogsototh
GPG key ID: 7B19A4C650D59646
54 changed files with 14257 additions and 5575 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.orgids
View file

File diff suppressed because one or more lines are too long

BIN
Cisco.org.gpg
View file

Binary file not shown.

BIN
SE_Orbital_provisioning.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 57 KiB

BIN
archives/Cisco.archive.org.gpg
View file

Binary file not shown.

456
archives/TODO.archive.org
View file

@ -12746,3 +12746,459 @@ SCHEDULED: <2024-01-31 Wed 10:07>
:ARCHIVE_TODO: DONE
:END:
[2024-01-31 Wed 07:07]
* DONE answer webexteams://im?space=06fcf5e0-9dca-11ee-baad-23b6ab543fdf&message=da31b7f0-c12b-11ee-ac23-e7bfffb2503c
SCHEDULED: <2024-02-02 Fri 10:51>
:PROPERTIES:
:ARCHIVE_TIME: 2024-02-15 Thu 10:00
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-02-01 Thu 20:50]
* DONE Appeler assurance Toyota
SCHEDULED: <2024-02-14 Wed 10:23>
:PROPERTIES:
:ARCHIVE_TIME: 2024-02-15 Thu 10:00
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-02-13 Tue 19:23]
* DONE [#B] Payer Farina
DEADLINE: <2024-02-01 Thu 10:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-02-15 Thu 10:01
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-01-31 Wed 21:03]
* DONE Carrosserie
SCHEDULED: <2024-01-18 Thu 10:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-02-15 Thu 10:01
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-01-17 Wed 17:14]
* DONE Decision crédit Toyota 17k
SCHEDULED: <2024-01-14 Sun 14:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-02-15 Thu 10:01
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-01-12 Fri 09:54]
* DONE Lire le wiki vos-finances [[https://www.reddit.com/r/vosfinances/wiki/index][wiki]]
SCHEDULED: <2024-02-03 Sat 19:10>
:PROPERTIES:
:ARCHIVE_TIME: 2024-02-15 Thu 10:01
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2023-10-29 Sun 15:35]
* DONE Réessayer [[https://www.mamedev.org/?p=530][MAME]]
SCHEDULED: <2024-01-27 Sat 11:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-02-15 Thu 10:01
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2023-10-25 Wed 08:03]
* DONE AI Assistant Token @Prerna :work:
SCHEDULED: <2024-02-02 Fri 11:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-02-15 Thu 10:01
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-02-01 Thu 23:04]
* DONE SCA re-onboard
SCHEDULED: <2024-02-29 Thu 10:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-03-10 Sun 18:24
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-02-28 Wed 20:03]
* DONE Check [[https://github.com/juspay/services-flake][flake compose service]]
SCHEDULED: <2024-02-19 Mon 10:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-03-10 Sun 18:24
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-02-17 Sat 23:37]
* CANCELED Compléter dossier MDPH best practices
SCHEDULED: <2024-02-09 Fri 15:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-03-10 Sun 18:24
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: CANCELED
:END:
:LOGBOOK:
- State "CANCELED" from "TODO" [2024-02-22 Thu 17:58]
:END:
[2024-01-21 Sun 11:38]
* DONE Check lettre Matthieu à Val
:PROPERTIES:
:ARCHIVE_TIME: 2024-03-10 Sun 18:25
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2023-10-03 Tue 19:16]
Raison de la radiation:
- manque de suivi
* DONE Envoyer un message a Joannie
SCHEDULED: <2024-03-22 Fri 10:33>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-15 Mon 12:47
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-02-23 Fri 22:32]
* DONE [[https://fr.m.wikipedia.org/wiki/Ma_Loute][Ma Loute — Wikipédia]]
SCHEDULED: <2024-03-16 Sat>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-15 Mon 12:47
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-03-16 Sat 13:42]
* DONE Update Meraki clients webexteams://im?space=b5844a30-2e19-11ee-b0bb-8575ace105f3&message=26fed6b0-eaf0-11ee-a113-5fa39a3c7afe
SCHEDULED: <2024-03-26 Tue 11:42>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-15 Mon 12:47
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-03-26 Tue 07:42]
* DONE Telecharger FROM
SCHEDULED: <2024-04-01 Mon 19:31>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-15 Mon 12:47
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-04-01 Mon 13:31]
* DONE Payer 60€ Psy Krystelle
SCHEDULED: <2024-03-28 Thu 09:39>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-15 Mon 12:47
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-03-28 Thu 07:39]
* DONE télécharger la guerre des mondes
SCHEDULED: <2024-04-08 Mon 10:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-15 Mon 12:47
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-04-06 Sat 19:53]
* DONE Commander gateaux aux perles de l'étang
SCHEDULED: <2024-04-25 Thu 14:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:34
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-04-25 Thu 12:13]
* DONE Appeler la MDPH!
SCHEDULED: <2024-04-22 Mon 14:30>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:34
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-04-18 Thu 17:59]
Madame Lagarde Sandrine pour la demande de compensation.
Num Dossier: 500992
Num Individu: 3362710
NIR: 2040313056049 97
Mercredi 15 au matin, vers 10h30.
* DONE Faire un virment de 3900+2600 vers Banque Pop
SCHEDULED: <2024-04-18 Thu 18:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:34
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-04-05 Fri 10:06]
* DONE Mettre les rideaux
SCHEDULED: <2024-03-28 Thu 14:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:34
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-03-28 Thu 12:15]
* DONE Commander les brises vues
SCHEDULED: <2024-03-26 Tue 10:30>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:34
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-03-25 Mon 17:10]
- Route du haut: 1m x 23
- Voisins: 180x500 x1 + 150x300 x1
- Terrasse: 90x300 x3 + 90x500 x1
* DONE Appeler Farina
SCHEDULED: <2024-03-26 Tue 10:20>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:34
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-03-25 Mon 17:09]
* CANCELED Appeler Diagonale Carrelage
SCHEDULED: <2024-03-26 Tue 10:10>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:34
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: CANCELED
:END:
:LOGBOOK:
- State "CANCELED" from "TODO" [2024-03-26 Tue 15:50] \\
Il nous ont contactés en premier
:END:
[2024-03-25 Mon 17:09]
* DONE Appeler Violet 06.19.84.29.28
SCHEDULED: <2024-03-26 Tue 10:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:34
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-03-25 Mon 17:09]
* DONE Envoyer email escaliers
SCHEDULED: <2024-03-20 Wed 10:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:34
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-03-19 Tue 22:21]
* DONE Envoyer documents
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:34
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-03-19 Tue 14:23]
gestion@toyota-assurances.fr
- photocopie du permis de conduire recto/verso
- manda SEPA
- photocopie de la carte grise du véhicule
- signature des conditions
- chèque du premier paiement 62.24€
* DONE Systeme pour voir un des 32 conseils de temps en temps (mothership?)
SCHEDULED: <2024-03-18 Mon 14:30>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:34
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-03-18 Mon 12:55]
* CANCELED Use Caddy to fix Let's encrypt with nginx
SCHEDULED: <2024-03-21 Thu 10:00> DEADLINE: <2024-07-01 Mon>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:34
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: CANCELED
:END:
:LOGBOOK:
- State "CANCELED" from "TODO" [2024-03-26 Tue 19:03] \\
Maybe not necessary
:END:
[2024-03-15 Fri 16:18]
* DONE Appeler Toyota
SCHEDULED: <2024-03-11 Mon 15:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:35
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-03-11 Mon 10:52]
* DONE Appeler Diagonale Carrelage
SCHEDULED: <2024-03-11 Mon 10:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:35
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-03-10 Sun 18:23]
* DONE Appeler Devis Isolation
SCHEDULED: <2024-03-11 Mon 10:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:35
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-03-10 Sun 18:23]
* DONE Appeler Farina
SCHEDULED: <2024-03-11 Mon 10:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:35
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-03-10 Sun 18:22]
* DONE Appeler Hydropolis
SCHEDULED: <2024-03-11 Mon 10:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:35
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
Tel: 04 83 88 16 70
Pas de contrat depuis 1 an.
[2024-03-10 Sun 18:14]
* DONE Aller chercher du vin et champagne pour demain
SCHEDULED: <2024-04-26 Fri 14:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:35
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-04-25 Thu 12:16]
* DONE Update Meraki clients [[webexteams://im?space=b5844a30-2e19-11ee-b0bb-8575ace105f3&message=885f3ba0-0334-11ef-9d9b-4309461a14ff][msg]]
SCHEDULED: <2024-04-26 Fri 10:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:35
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-04-26 Fri 09:02]
* DONE Add a mitre flag to an EU org
SCHEDULED: <2024-04-26 Fri 10:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:35
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_OLPATH: Inbox
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-04-26 Fri 09:03]
* DONE Appeler carte grise Antibe urgent !
SCHEDULED: <2024-04-17 Wed 10:00>
:PROPERTIES:
:ARCHIVE_TIME: 2024-04-29 Mon 10:37
:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
:ARCHIVE_CATEGORY: inbox
:ARCHIVE_TODO: DONE
:END:
[2024-04-08 Mon 18:26]

461
inbox.org
View file

@ -10,49 +10,87 @@
SPC y o c => DISPLAY org columns
#+end_comment
* Inbox
** DONE [#B] Payer Farina
DEADLINE: <2024-02-01 Thu 10:00>
[2024-01-31 Wed 21:03]
** TODO Compléter dossier MDPH best practices
SCHEDULED: <2024-01-30 Tue 10:00>
[2024-01-21 Sun 11:38]
** DONE Carrosserie
SCHEDULED: <2024-01-18 Thu 10:00>
[2024-01-17 Wed 17:14]
** DONE Decision crédit Toyota 17k
SCHEDULED: <2024-01-14 Sun 14:00>
[2024-01-12 Fri 09:54]
** TODO Lire le wiki vos-finances [[https://www.reddit.com/r/vosfinances/wiki/index][wiki]]
SCHEDULED: <2024-02-03 Sat 19:10>
[2023-10-29 Sun 15:35]
** DONE Réessayer [[https://www.mamedev.org/?p=530][MAME]]
SCHEDULED: <2024-01-27 Sat 11:00>
[2023-10-25 Wed 08:03]
** TODO Check lettre Matthieu à Val
[2023-10-03 Tue 19:16]
** DONE Appeler carte grise Aygo
SCHEDULED: <2024-04-29 Mon 14:40>
[2024-04-09 Tue 22:13]
** TODO Mail banque populaire interdiction copy/paste de l'identifiant sur iOS
[2024-04-05 Fri 09:55]
** DONE [#A] Documents Appartement Impots
SCHEDULED: <2024-05-30 Thu 10:00>
[2024-04-04 Thu 18:56]
** TODO Commander le matelas 140x190x16cm
SCHEDULED: <2024-06-28 Fri 19:00>
[2024-04-02 Tue 17:34]
** TODO https://github.com//incident-manager/issues/2408
[2024-03-11 Mon 16:41]
** TODO Envoyer documents hydropolis
[2024-03-11 Mon 15:52]
Raison de la radiation:
- manque de suivi
Numero de contrat: 152002674
- [ ] document de vente
- [ ] nouvelle addresse
** TODO [#B] [[file:death.org.gpg][Post Mortem]] pour la famille :family:
SCHEDULED: <2024-03-05 Tue 11:00 +1m>
SCHEDULED: <2024-07-07 Sun 11:00 +1m>
:PROPERTIES:
:LAST_REPEAT: [2024-06-10 Mon 12:07]
:END:
:LOGBOOK:
- State "DONE" from "TODO" [2024-06-10 Mon 12:07]
- State "DONE" from "TODO" [2024-04-18 Thu 14:43]
:END:
[2023-04-30 Sun 09:06]
1. Fermer mes serveurs
2. Trouver mes comptes
3. Récupérer mes access (mots de passe, keychain, etc…)
** TODO Voitures (addresses, Crit'Air)
SCHEDULED: <2024-01-29 Mon 11:00>
*** TODO Acheter vignette Crit'air Aygo
**** TODO Changer l'addresse du Aygo
***** TODO Joindre Toyota (Aygo)
*** TODO Acheter vignette Crit'air CHR
**** TODO Changer l'addresse du CHR
***** TODO Joindre Toyota (CHR)
*** TODO Décider choix Voiture CHR
**** TODO Continuer nouvelle LOA
***** TODO Aller chez le [[https://www.carrosserie-rca.fr/contact.php][carrossier]] 0481684549
***** TODO Changer les pneus
**** TODO Rachat + Crédit
** DONE Voitures (addresses, Crit'Air)
SCHEDULED: <2024-03-20 Wed 11:00>
*** DONE Acheter vignette Crit'air Aygo
**** DONE Changer l'addresse du Aygo
***** DONE Joindre Toyota (Aygo)
*** DONE Acheter vignette Crit'air CHR
**** CANCELED Changer l'addresse du CHR
:LOGBOOK:
- State "CANCELED" from "TODO" [2024-02-08 Thu 08:38]
:END:
***** CANCELED Joindre Toyota (CHR)
:LOGBOOK:
- State "CANCELED" from "TODO" [2024-02-08 Thu 08:38]
:END:
*** DONE Décider choix Voiture CHR
**** DONE Continuer nouvelle LOA
***** DONE Aller chez le [[https://www.carrosserie-rca.fr/contact.php][carrossier]] 0481684549
***** DONE Changer les pneus
**** DONE Rachat + Crédit
** DONE Acheter croquettes Oslo
SCHEDULED: <2024-04-29 Mon 10:00>
[2024-04-29 Mon 13:57]
** DONE Check de la durée de l'abonnement Pô
SCHEDULED: <2024-04-29 Mon 10:00>
[2024-04-29 Mon 13:58]
** DONE Faire les impots
SCHEDULED: <2024-05-18 Sat 10:00>
[2024-05-18 Sat 08:53]
** DONE Appeler et annuler l'assurance Toyota
SCHEDULED: <2024-05-23 Thu 10:00>
[2024-05-18 Sat 09:29]
** DONE [#A] Envoyer le certificat de cession du CHR FX-123-BS
SCHEDULED: <2024-05-30 Thu 10:00>
[2024-05-24 Fri 17:45]
** DONE [#A] Envoyer courrier recommandé à Toyota Antibes
SCHEDULED: <2024-05-29 Wed 10:00>
[2024-05-29 Wed 10:25]
** TODO Movie: The One I Love (2014)
SCHEDULED: <2024-06-27 Thu 10:00>
[2024-06-13 Thu 21:56]
** CANCELED Film "The Humt"
SCHEDULED: <2024-06-24 Mon 19:00>
:LOGBOOK:
- State "CANCELED" from "TODO" [2024-06-25 Tue 10:06] \\
Cannot find "The Hunt"
:END:
[2024-06-21 Fri 23:59]
* Perso :perso:
** Habits :habit:
** Maybe :maybe:
@ -64,11 +102,32 @@ explcit constraints. doc type system, tests
* Famille :family:
** Daily :daily:
*** TODO Attention gentille
SCHEDULED: <2024-01-30 Tue .+1d>
SCHEDULED: <2024-06-25 Tue .+1d>
:PROPERTIES:
:LAST_REPEAT: [2024-01-29 Mon 09:20]
:LAST_REPEAT: [2024-06-24 Mon 09:16]
:END:
:LOGBOOK:
- State "DONE" from "TODO" [2024-06-24 Mon 09:16]
- State "DONE" from "TODO" [2024-06-18 Tue 08:35]
- State "DONE" from "TODO" [2024-06-17 Mon 07:36]
- State "DONE" from "TODO" [2024-06-10 Mon 12:05]
- State "DONE" from "TODO" [2024-05-22 Wed 18:43]
- State "DONE" from "TODO" [2024-05-18 Sat 08:52]
- State "DONE" from "TODO" [2024-04-28 Sun 20:48]
- State "DONE" from "TODO" [2024-04-28 Sun 20:48]
- State "DONE" from "TODO" [2024-04-25 Thu 14:50]
- State "DONE" from "TODO" [2024-04-24 Wed 18:16]
- State "DONE" from "TODO" [2024-04-23 Tue 09:06]
- State "DONE" from "TODO" [2024-04-19 Fri 09:50]
- State "DONE" from "TODO" [2024-03-29 Fri 08:47]
- State "DONE" from "TODO" [2024-03-26 Tue 19:03]
- State "DONE" from "TODO" [2024-03-20 Wed 10:26]
- State "DONE" from "TODO" [2024-03-15 Fri 18:20]
- State "DONE" from "TODO" [2024-03-13 Wed 18:38]
- State "CANCELED" from "TODO" [2024-02-22 Thu 17:58]
- State "DONE" from "TODO" [2024-02-15 Thu 09:58]
- State "DONE" from "TODO" [2024-02-14 Wed 16:34]
- State "DONE" from "TODO" [2024-02-09 Fri 09:13]
- State "DONE" from "TODO" [2024-01-29 Mon 09:20]
- State "DONE" from "TODO" [2024-01-22 Mon 17:40]
- State "DONE" from "TODO" [2024-01-20 Sat 10:51]
@ -87,12 +146,16 @@ SCHEDULED: <2024-01-30 Tue .+1d>
:END:
** Weekly :weekly:
*** TODO Appeler Papa
SCHEDULED: <2023-12-05 Tue 12:30 .+1w>
SCHEDULED: <2024-06-25 Tue 12:30 .+1w>
:PROPERTIES:
:STYLE: habit
:LAST_REPEAT: [2023-11-28 Tue 09:56]
:LAST_REPEAT: [2024-06-18 Tue 08:35]
:END:
:LOGBOOK:
- State "DONE" from "TODO" [2024-06-18 Tue 08:35]
- State "DONE" from "TODO" [2024-05-18 Sat 08:52]
- State "DONE" from "TODO" [2024-04-08 Mon 15:38]
- State "DONE" from "TODO" [2024-02-14 Wed 16:34]
- State "DONE" from "TODO" [2023-11-28 Tue 09:56]
- State "DONE" from "TODO" [2023-11-05 Sun 19:19]
- State "DONE" from "TODO" [2023-10-29 Sun 19:22]
@ -106,12 +169,17 @@ SCHEDULED: <2023-12-05 Tue 12:30 .+1w>
- State "DONE" from "TODO" [2022-12-02 Fri 19:10]
:END:
*** TODO Appeler Maman
SCHEDULED: <2024-02-05 Mon 12:00 .+1w>
SCHEDULED: <2024-07-01 Mon 12:00 .+1w>
:PROPERTIES:
:STYLE: habit
:LAST_REPEAT: [2024-01-29 Mon 09:20]
:LAST_REPEAT: [2024-06-24 Mon 09:18]
:END:
:LOGBOOK:
- State "DONE" from "TODO" [2024-06-24 Mon 09:18]
- State "DONE" from "TODO" [2024-05-18 Sat 08:52]
- State "DONE" from "TODO" [2024-04-23 Tue 09:06]
- State "DONE" from "TODO" [2024-02-14 Wed 16:34]
- State "DONE" from "TODO" [2024-02-05 Mon 11:38]
- State "DONE" from "TODO" [2024-01-29 Mon 09:20]
- State "DONE" from "TODO" [2024-01-22 Mon 17:40]
- State "DONE" from "TODO" [2024-01-08 Mon 15:43]
@ -166,11 +234,12 @@ SCHEDULED: <2024-11-18 Mon 10:30 +1y>
:END:
[2020-05-23 Sat 10:32]
*** TODO [#A] Cadeau Rencontre Krystelle (1995) :yearly:
DEADLINE: <2024-04-08 Mon +1y -2w>
DEADLINE: <2025-04-08 Tue +1y -2w>
:PROPERTIES:
:LAST_REPEAT: [2023-04-04 Tue 22:57]
:LAST_REPEAT: [2024-04-08 Mon 15:38]
:END:
:LOGBOOK:
- State "DONE" from "TODO" [2024-04-08 Mon 15:38]
- State "DONE" from "TODO" [2023-04-04 Tue 22:57]
- State "DONE" from "TODO" [2022-04-07 Thu 11:56]
:END:
@ -186,11 +255,12 @@ DEADLINE: <2024-08-12 Mon +1y -2w>
- State "DONE" from "TODO" [2020-08-10 Mon 12:19]
:END:
*** TODO [#A] Cadeau Anniversaire Krystelle :yearly:
DEADLINE: <2024-04-26 Fri +1y -2w>
DEADLINE: <2025-04-26 Sat +1y -2w>
:PROPERTIES:
:LAST_REPEAT: [2023-04-20 Thu 15:42]
:LAST_REPEAT: [2024-04-26 Fri 09:03]
:END:
:LOGBOOK:
- State "DONE" from "TODO" [2024-04-26 Fri 09:03]
- State "DONE" from "TODO" [2023-04-20 Thu 15:42]
- State "DONE" from "TODO" [2022-04-26 Tue 18:53]
:END:
@ -211,22 +281,30 @@ DEADLINE: <2025-01-04 Sat +1y>
** Krystelle :krystelle:
** Anna :anna:
*** TODO Trouver un établissement DAEU
SCHEDULED: <2024-02-24 Sat 12:00>
SCHEDULED: <2024-07-02 Tue 12:00>
[2023-08-02 Wed 12:39]
https://www.daeu.fr/sinscrire-au-daeu/trouver-un-etablissement/
** Bastien :bastien:
** Monthly :monthly:
*** TODO Nettoyer la fontaine des animaux
SCHEDULED: <2024-02-19 Mon 12:00 .+3w>
SCHEDULED: <2024-07-08 Mon 12:00 .+3w>
:PROPERTIES:
:LAST_REPEAT: [2024-01-29 Mon 09:20]
:LAST_REPEAT: [2024-06-17 Mon 07:36]
:END:
:LOGBOOK:
- State "DONE" from "TODO" [2024-06-17 Mon 07:36]
- State "DONE" from "TODO" [2024-05-22 Wed 18:43]
- State "DONE" from "TODO" [2024-04-23 Tue 09:04]
- State "DONE" from "TODO" [2024-03-29 Fri 08:46]
- State "CANCELED" from "TODO" [2024-02-29 Thu 18:53]
- State "DONE" from "TODO" [2024-01-29 Mon 09:20]
- State "DONE" from "TODO" [2024-01-08 Mon 15:42]
- State "DONE" from "TODO" [2023-12-04 Mon 15:04]
:END:
[2023-10-05 Thu 21:09]
** DONE [#A] Payer Farina :work:
SCHEDULED: <2024-04-16 Tue 10:00>
[2024-04-15 Mon 21:02]
* Memory
** TODO client TG dans le config.edn :spaced:cisco:
:LOGBOOK:
@ -235,22 +313,22 @@ SCHEDULED: <2024-02-19 Mon 12:00 .+3w>
:END:
Ne pas oublier le client de TG est dans le config.edn
** TODO Search within org notes :spaced:org:
SCHEDULED: <2024-02-05 Mon>
SCHEDULED: <2024-10-05 Sat>
:PROPERTIES:
:SPACED_REPETITION: 4
:SPACED_REPETITION: 5
:END:
=helm-org-rifle= (~SPC y o s~)
** TODO update ~[/]~ and ~[%]~ in org mode ~SPC m #~ :spaced:org:
SCHEDULED: <2024-02-05 Mon>
SCHEDULED: <2024-07-05 Fri>
:PROPERTIES:
:SPACED_REPETITION: 4
:SPACED_REPETITION: 3
:END:
use (~org-update-statistics-cookies~)
** TODO projectile toggle from implementation to test file =SPC p y= :spaced:
SCHEDULED: <2024-02-06 Tue>
** DONE projectile toggle from implementation to test file =SPC p y= :spaced:
SCHEDULED: <2024-06-06 Thu>
:PROPERTIES:
:SPACED_REPETITION: 4
:SPACED_REPETITION: 5
:END:
:LOGBOOK:
- State "DELEGATED" from "HOLD" [2023-10-23 Mon 11:40]
@ -260,16 +338,16 @@ SCHEDULED: <2024-02-06 Tue>
|----------+------+-----+----------+----------------------|
| front | 2.65 | 7 | 287.31 | 2021-11-08T21:22:55Z |
:END:
** TODO Create inactive Timestamp: ~SPC m d T~ :spaced:org:doom:
SCHEDULED: <2024-02-05 Mon>
** DONE Create inactive Timestamp: ~SPC m d T~ :spaced:org:doom:
SCHEDULED: <2024-06-05 Wed>
:PROPERTIES:
:SPACED_REPETITION: 4
:SPACED_REPETITION: 5
:END:
[2020-09-01 Tue 12:13]
** TODO Clone sub tree with time shift :spaced:
SCHEDULED: <2024-02-04 Sun>
** DONE Clone sub tree with time shift :spaced:
SCHEDULED: <2024-06-04 Tue>
:PROPERTIES:
:SPACED_REPETITION: 4
:SPACED_REPETITION: 5
:END:
=org-clone-subtree-with-time-shift=
* Work :work:
@ -279,3 +357,262 @@ SCHEDULED: <2024-02-04 Sun>
- =SPC m s c=
=- org-clone-subtree-with-time-shift=
#+end_comment
** W11
*** Friday
**** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-03-15 Fri 09:00>
** W12
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-03-18 Mon 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-03-19 Tue 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-03-20 Wed 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-03-21 Thu 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-03-22 Fri 09:00>
** W13
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-03-25 Mon 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-03-26 Tue 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-03-27 Wed 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-03-28 Thu 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-03-29 Fri 09:00>
** W14
*** CANCELED Morning Tour write down tasks for the day
SCHEDULED: <2024-04-01 Mon 09:00>
:LOGBOOK:
- State "CANCELED" from "TODO" [2024-04-02 Tue 15:16]
:END:
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-02 Tue 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-03 Wed 09:00>
*** CANCELED Morning Tour write down tasks for the day
SCHEDULED: <2024-04-04 Thu 09:00>
:LOGBOOK:
- State "CANCELED" from "TODO" [2024-04-04 Thu 18:28]
:END:
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-05 Fri 09:00>
** W15
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-08 Mon 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-09 Tue 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-10 Wed 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-11 Thu 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-12 Fri 09:00>
** W16
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-15 Mon 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-16 Tue 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-17 Wed 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-18 Thu 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-19 Fri 09:00>
** W17
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-22 Mon 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-23 Tue 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-24 Wed 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-25 Thu 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-26 Fri 09:00>
** W18
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-29 Mon 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-04-30 Tue 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-05-01 Wed 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-05-02 Thu 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-05-03 Fri 09:00>
** W20
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-05-13 Mon 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-05-14 Tue 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-05-15 Wed 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-05-16 Thu 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-05-17 Fri 09:00>
** W21
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-05-22 Wed 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-05-23 Thu 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-05-24 Fri 09:00>
** W22
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-05-27 Mon 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-05-28 Tue 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-05-29 Wed 09:00>
*** CANCELED Morning Tour write down tasks for the day
SCHEDULED: <2024-05-30 Thu 09:00>
:LOGBOOK:
- State "CANCELED" from "TODO" [2024-05-31 Fri 10:07]
:END:
*** CANCELED Morning Tour write down tasks for the day
SCHEDULED: <2024-05-31 Fri 09:00>
:LOGBOOK:
- State "CANCELED" from "TODO" [2024-05-31 Fri 10:07]
:END:
** W23
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-03 Mon 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-04 Tue 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-05 Wed 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-06 Thu 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-07 Fri 09:00>
** W24
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-10 Mon 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-11 Tue 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-12 Wed 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-13 Thu 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-14 Fri 09:00>
** W25
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-17 Mon 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-18 Tue 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-19 Wed 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-20 Thu 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-21 Fri 09:00>
** W26
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-24 Mon 09:00>
*** DONE Morning Tour write down tasks for the day
SCHEDULED: <2024-06-25 Tue 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-06-26 Wed 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-06-27 Thu 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-06-28 Fri 09:00>
** W27
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-01 Mon 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-02 Tue 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-03 Wed 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-04 Thu 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-05 Fri 09:00>
** W28
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-08 Mon 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-09 Tue 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-10 Wed 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-11 Thu 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-12 Fri 09:00>
** W29
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-15 Mon 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-16 Tue 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-17 Wed 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-18 Thu 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-19 Fri 09:00>
** W30
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-22 Mon 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-23 Tue 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-24 Wed 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-25 Thu 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-26 Fri 09:00>
** W31
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-29 Mon 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-30 Tue 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-07-31 Wed 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-08-01 Thu 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-08-02 Fri 09:00>
** W32
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-08-05 Mon 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-08-06 Tue 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-08-07 Wed 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-08-08 Thu 09:00>
*** TODO Morning Tour write down tasks for the day
SCHEDULED: <2024-08-09 Fri 09:00>
* TODO [#A] Annuler contrat Roole
SCHEDULED: <2025-01-16 Thu 10:28> DEADLINE: <2025-02-14 Fri 10:27>
[2024-02-16 Fri 15:27]
* TODO Acheter bois
SCHEDULED: <2024-06-27 Thu 10:00>
[2024-04-07 Sun 19:55]
* DONE Histoire de fantômes chinois
SCHEDULED: <2024-05-09 Thu 09:51>
[2024-05-08 Wed 22:50]
* DONE Appeler les poubelles
SCHEDULED: <2024-05-13 Mon 09:30>
[2024-05-11 Sat 20:06]
* DONE Chris Duane JWT
SCHEDULED: <2024-05-14 Tue 10:01>
[2024-05-13 Mon 23:01]
* DONE anime blood c
SCHEDULED: <2024-06-17 Mon 10:13>
[2024-06-16 Sun 13:13]
* [[https://nlnetlabs.nl/projects/unbound/support/][NLnet Labs - Unbound - Support]]
SCHEDULED: <2024-06-27 Thu 10:00>
[2024-06-16 Sun 19:22]
* TODO Élastique de piscine
SCHEDULED: <2024-06-25 Tue 11:27>
[2024-06-21 Fri 11:27]
* DONE Msg Abhiram
SCHEDULED: <2024-06-24 Mon 10:00>
[2024-06-24 Mon 08:42]

BIN
notes.org.gpg
View file

Binary file not shown.

53
notes/72yo_life_advices.org Normal file
View file

@ -0,0 +1,53 @@
:PROPERTIES:
:ID: 5ba2342c-b65c-49e4-b362-5cc3a28f0d14
:END:
#+Title: 72yo life advices
#+Author: Yann Esposito
#+Date: [2024-03-18]
- tags ::
- source :: https://old.reddit.com/r/lifehacks/comments/1bgw44k/i_turned_72_today/
Heres 32 things Ive learned that I hope help you in your journey:
- Its usually better to be nice than right.
- Nothing worthwhile comes easy.
- Work on a passion project, even just 30 minutes a day. It compounds.
- Become a lifelong learner (best tip).
- Working from 7am to 7pm isnt productivity. Its guilt.
- To be really successful become useful.
- Like houses in need of repair, problems usually dont fix themselves.
- Envy is like drinking poison expecting the other person to die.
- Dont hold onto your “great idea” until its too late.
- People arent thinking about you as much as you think.
- Being grateful is a cheat sheet for happiness. (Especially today.)
- Write your life plan with a pencil that has an eraser.
- Choose your own path or someone will choose it for you.
- Never say, Ill never…
- Not all advice is created equal.
- Be the first one to smile.
- The expense of something special is forgotten quickly. The experience lasts a lifetime. Do it.
- Dont say something to yourself that you wouldnt say to someone else.
- Its not how much money you make. Its how much you take home.
- Feeling good is better than that “third” slice of pizza.
- Who you become is more important than what you accomplish.
- Nobody gets to their death bed and says, Im sorry for trying so many things.
- There are always going to be obstacles in your life. Especially if you go after big things.
- The emptiest head rattles the loudest.
- If you dont let some things go, they eat you alive.
- Try to spend 12 minutes a day in quiet reflection, meditation, or prayer.
- Try new things. If it doesnt work out, stop. At least you tried.
- NEVER criticize, blame, or complain.
- You cant control everything. Focus on what you can control.
- If you think you have it tough, look around.
- It's only over when you say it is.
- One hand washes the other and together they get clean. Help someone else.
If you're lucky enough to get up to my age, the view becomes more clear.
It may seem like nothing good is happening to you, or just the opposite.
Both will probably change over time.
I'm still working (fractionally), and posting here, because business and people
are my mojo.
I hope you find yours.
Onward!
Louie

107
notes/ai_and_death_of_the_web_as_we_know_it.org Normal file
View file

@ -0,0 +1,107 @@
:PROPERTIES:
:ID: 1f142832-05f9-4280-a8ca-aa6f35209f91
:END:
#+title: AI and Death of the web as we know it
#+Author: Yann Esposito
#+Date: [2024-05-16]
- tags ::
- source ::
* Constat
First, since a few years now, we are experiencing a huge acceleration of the
"enshitification" of the web.
Most of us relied on services and soon, most of these servies will be worse or
completely will not provide the same benefits as before.
A typical example, as a software engineer we often searched technical knowledge
using google. Quite often we ended up on Stack Overflow, or reddit, or twitter, etc…
Now with the promise of infinite AI Generated +Spam+ SEO content. Most search will
point to a terrible website full of ads, with the additional cost that the
content could not be trusted as it was not just copied from a reliable source,
no, worse, it will be invented by the AI that has a tendency to hallucinate its
answer and pretty often return wrong and even potentially dangerous ones.
Typically, imagine generated recipes, people made some experimentation and the
generated recipe are good to put you to the Hospital if you follow these advises.
So now, that's it. We are loosing our ability to more or less, trust random
content from the web.
Is this the end?
Perhaps.
Is there something we could do about it?
I think so yes :)
And this problem already is mostly solved using the notion of "Web of Trust".
Web of Trust is a decentralized system that help you trust resources.
But you have you word to say. For example, if you trust someone for a while and
they change, they start to put horrible ads, AI generated content on their
content. You simply "downvote" or "block" them. All your direct connection of
the network of trust will be impacted by your decision, and if enough people
like you start to dislike the new content. The content of this user will
disappear forever.
This is a bit like Reddit karma, but instead of the mechanism being centralized
and controlled by a single source. This is distributed on the customers. Some
might enjoy a user, for them that user will have a big note, for other it will
be not enjoyable and his note will be very low. So low, you will almost never be
exposed to the content produced by this user.
That will probably solve a first issue. Remove from our collective sight all the
SEO spam website/content, etc…
Now, what about discoverability? Being able to search for content using this new knowledge?
Here we have different multiple solutions:
1. Still rely on classical search engines but use a browser plugin to filter the
results with only website with a trust value that is high enough
2. Use the "Web of Trust" to the rescue. We could have servers taking care of
downloading the website from the most trusted websites (starting from a few
trusted people) and open source the algorithm so people could spawn that
system on their local computer or host it and provide their server to their friends.
And we will have a very small web at first, but with a quality value that
should be very high as compared to the "Big Web".
* BONUS
I think one issue with the "Web of Trust" is the ability for attacker to "steal
an identity" of a trusted producer and produce in its name.
In particular, if the "Web of Trust" simply uses domain names, these are know to
rot easily, and could be taken.
For this, one simple but efficient mechanism will simply be to cryptographically
sign your content.
So instead of having a "web of trust" that is using domain name, we could
additionally add GPG signatures. This could be added in the header of the HTML
pages, this way a browser that will be "Web of Trust"-friendly could display a
green mark saying "Hey this content was really produced by this user with this
value of trust".
This would probably change how we use the web, because it will forces us to
"vote" time to time. Probably with more and more subtleties. For example with
different level of like/dislike in order to be able to completely block some
sources, and not just make them less prominent.
* Last but not least some wise words from Socrates
Don't forget what Socrates has to say about the invention of writing:
"For this invention will produce forgetfulness in the minds of those who learn
to use it, because they will not practice their memory.
Their trust in writing, produced by external characters which are no part of
themselves, will discourage the use of their own memory within them.
You have invented an elixir not of memory, but of reminding; and you offer your
pupils the appearance of wisdom, not true wisdom, for they will read many things
without instruction and will therefore seem [275b] to know many things, when
they are for the most part ignorant and hard to get along with, since they are
not wise, but only appear wise."
We put our confidence in a shared memory, it was great knowledge sharing.
And with the recent changes it appears we will need to regress and use our
memory, read books, read man pages, go to official documentation website at
best.
I feel the potentially single way to solve this issue is perhaps with a "Web of Trust" that will drastically reduce the size of our shared memory.

BIN
notes/assets/Déclaration/2020-05-30_10-32-18_2020-05-19_13-37-48_cisco_systems_france__-_pre__sentation_rsu-so_-_v.13.05.19.pdf
View file

Binary file not shown.

BIN
notes/assets/Déclaration/2020-05-30_10-32-44_2020-05-19_13-37-48_cisco_systems_france__-_pre__sentation_rsu-so_-_v.13.05.19.pdf
View file

Binary file not shown.

BIN
notes/assets/Déclaration/2020-06-01_15-57-56_article-83-PreRetraite.pdf
View file

Binary file not shown.

10
notes/blog.org Normal file
View file

@ -0,0 +1,10 @@
:PROPERTIES:
:ID: a5be1daf-1010-428f-a30f-8faf95c1a42f
:END:
#+title: blog
#+Author: Yann Esposito
#+Date: [2024-06-27]
- tags ::
- source ::

22
notes/budget_famille.org Normal file
View file

@ -0,0 +1,22 @@
:PROPERTIES:
:ID: 6899703d-51cb-49e6-a16b-30ae460ed055
:END:
#+title: Budget Famille
#+Author: Yann Esposito
#+Date: [2024-05-18]
- tags ::
- source ::
* 2024-05-18
Courant: LCL 200
BP 920
Epargne: LA: 5780
PEL: 9310
LA: f420
RSU/ESPP: Dispo; 6020 (136 x 48$)
A venir: 75k
Credits: maison 429k
appart 110k

397
notes/chien_espoir_handicap_ag.org
View file

@ -1,24 +1,30 @@
:PROPERTIES:
:ID: 7a934ca5-31c0-4cf8-8a86-1efa89904b31
:END:
#+title: Chien Espoir Handicap AG
#+title: Chien Espoir Handicap AG/Reunions
#+Author: Yann Esposito
#+Date: [2023-06-13]
#+Lang: fr
- tags :: [[id:c26339f6-e0bc-40e3-8fe3-94e4b41b61b0][chien d'assistance]]
- source ::
* Contacts
:PROPERTIES:
:EXPORT_FILE_NAME: Contacts
:END:
| Nom | email | telephone | addresse |
|-----------------------------+---------------------------------+------------+--------------------------------------------|
| Matthieu Delpeuch | chien.espoir.handicap@gmail.com | 0651597922 | Antibes |
| Mélodie Durand | melody.durandbernard@gmail.com | 0664335877 | 138 impasse Camatte 06410 Biot |
| Claire Mainguené Costa-Foru | claire.mainguene@wanadoo.fr | 0661092711 | 11 route du Mont Agel, 06320, La Turbie |
| Lionel Rebière | lrebi@yahoo.com | 0686263291 | 13320, Bouc-bel-Air |
| Joëlle Rebière | | 0637629720 | |
| Krystelle Esposito | krystelle.esposito@gmail.com | 0662203951 | 12, allée du Fer à Cheval, 13500 Martigues |
| Yann Esposito | yann@esposito.host | 0650845271 | 12, allée du Fer à Cheval, 13500 Martigues |
| Nom | email | telephone | addresse |
|-----------------------------+---------------------------------+----------------+--------------------------------------------|
| Matthieu Delpeuch | chien.espoir.handicap@gmail.com | 0651597922 | Antibes |
| Mélodie Durand | melody.durandbernard@gmail.com | 0664335877 | 138 impasse Camatte 06410 Biot |
| Claire Mainguené Costa-Foru | claire.mainguene@wanadoo.fr | 0661092711 | 11 route du Mont Agel, 06320, La Turbie |
| Lionel Rebière | lrebi@yahoo.com | 0686263291 | 13320, Bouc-bel-Air |
| Joëlle Rebière | | 0637629720 | |
| Krystelle Esposito | krystelle.esposito@gmail.com | 0662203951 | 12, allée du Fer à Cheval, 13500 Martigues |
| Yann Esposito | yann@esposito.host | 0650845271 | 12, allée du Fer à Cheval, 13500 Martigues |
| Clara Toti | cynoschool06@outlook.fr | 0665636981 | 2 ruelle du soleil, 06830, Gilette |
| Milena Molesini | milenamolesini@gmail.com | | |
| Céline Dragon | celine.dragon@free.fr | 0622404831 | |
| username | password |
@ -30,21 +36,25 @@
| joelle | anleika |
| yann | annapo |
| krystelle | annapo |
| clara | ceh2024 |
#+begin_comment
htpasswd -b -c htpasswd_chien.tmp.1 matthieu ginette
htpasswd -b -c htpasswd_chien.tmp.2 melodie flondine
htpasswd -b -c htpasswd_chien.tmp.3 claire lacie
htpasswd -b -c htpasswd_chien.tmp.4 lionel anleika
htpasswd -b -c htpasswd_chien.tmp.5 joelle anleika
htpasswd -b -c htpasswd_chien.tmp.4 lionel leika
htpasswd -b -c htpasswd_chien.tmp.5 joelle leika
htpasswd -b -c htpasswd_chien.tmp.6 yann annapo
htpasswd -b -c htpasswd_chien.tmp.7 krystelle annapo
htpasswd -b -c htpasswd_chien.tmp.8 clara ceh2024
cat htpasswd_chien.tmp.* > htpasswd_chien
rm
rm htpasswd_chien.tmp.*
#+end_comment
* [2023-06-13 Tue]
:PROPERTIES:
:EXPORT_FILE_NAME: 2023-06-13
:END:
- Matt
- Melo
@ -80,7 +90,9 @@ Prévoir entretient avec Melo.
- jeune croisé labrador
* [2023-10-03 Tue]
:PROPERTIES:
:EXPORT_FILE_NAME: 2023-10-03
:END:
** Lettre Val
** Nouveau Contrat
@ -100,6 +112,9 @@ Livret Captt.
Ancienne médecin. Peut-être remplacer Melo.
* [2023-11-23 Thu]
:PROPERTIES:
:EXPORT_FILE_NAME: 2023-11-23
:END:
- Présentation Médecin
- Présentation de tous
@ -124,6 +139,9 @@ Ajouter des binômes:
- Relire et check logo
* [2024-01-12 Fri]
:PROPERTIES:
:EXPORT_FILE_NAME: 2024-01-12
:END:
** Personnes presentent:
- Matthieu
- Clara
@ -275,3 +293,350 @@ Ajouter des binômes:
- Changer les couleurs du site web.
- Ajouter le périmetre d'accueil sur le site web.
- Ajouter un lien pour faire un don.
* [2024-02-16 Fri 19:05]
:PROPERTIES:
:EXPORT_FILE_NAME: 2024-02-16
:END:
** Personnes présentes
- Matthieu Delpeuch
- Mélodie Durand
- Lionel Rebière
- Clara Toti
- Krystelle Esposito
** Compte Rendu
Les points suivants ont été abordés:
- État des comptes banquaires ; environ 4000€
- Proposition de fournir un harnais de guidage avec dossard à chaque chien
d'assistance de l'association afin d'offrir une meilleure visibiblité à
l'association ainsi qu'une unité.
Nous allons demander des devis
- Information donnée au groupe de dons faits au bénéfice de l'association.
Un provenant d'un membre bénéficiaire, un autre d'un particulier.
- Matthieu et Clara ont fait un retour sur la 1ere rencontre en audioconférence
d'un éventuel bénéficiaire. Ce premier retour et plutôt positif ; la personne
a des attentes raisonnables et n'est pas novice dans l'univers du chien.
De plus elle est consciente des spécificités des animaux de refuges et y a
déjà adopté son actuel chien de compagnie.
L'entourage du demandeur semble aidant et impliqué.
Matthieu et Clara soulignent quand même que la personne a quelques notions
obsolètes de l'éducation canine mais qu'il semble assez ouvert et motivé pour
s'adapter aux nouvelles situations.
Lionel et Mélodie demandent si cette personne a les moyens d'entretenir et de
financer un nouveau chien.
Cette question sera abordée lors des prochains échanges si l'association
décide de poursuivre le processus d'intégration au programme de formation.
La décision a été prise à l'unanimité de poursuivre avec ce demandeur.
- Clara soulève le problème du premier questionnaire d'accueil qui est trop
orienté sur l'autisme. Certains points ne correspondent pas à tous les
handicaps. Après discussion il est décidé que Matthieu et Clara s'occuperont
des questions concernant les spécificité éducatives et environnementales des
chiens et Mélodie et Christelle se pencheront sur la partie plus générale du
questionnaire.
- Une discussion a eu lieu sur les moyens de trouver de nouveaux financements.
As-t-on vraiment besoin d'aller chercher plus an prenant en considérations que
celà demande beaucoup de temps et d'investissement aux membres et que de plus
la plupart des financement peuvent être soumis à des obligations de résultats.
La question reste ouverte pour les futures réunions.
** Actions
- [ ] demander des devis pour les harnais et dossards
* [2024-03-15 Fri]
:PROPERTIES:
:EXPORT_FILE_NAME: 2024-03-15
:END:
** Personnes présentes
- Claire
- Clara
- Yann
- Krystelle
** Notes
@Claire: quelle est la pathologie douloureuse de l'éventuel bénéficiaire.
@Clara: nous verrons si on pourra allez revoir la personne et être accompagné
par Claire.
** Actions
Trouver une nouvelle date.
* [2024-04-12 Fri]
:PROPERTIES:
:EXPORT_FILE_NAME: _2024-04-12_Fri_
:END:
** Personnes présentes
Matthieu, Claire, Clara, Lionel, Krystelle, Yann.
** Points
*** Dossard
Homogénéiser le dossard.
Au niveau des financements, il faut être une association serieuse et carrée.
Une autre asso, pour rentrer il faut payer une somme pour prendre en charge le
matériel, le premier mois de croquettes, etc…
Disons 500€: Chien, dossard, croquettes, quelques cours d'éducation.
Peux-t-on recevoir de l'argent (pas avec une association a but non lucratif)
*** Questionnaire
Questionnaire plus général que sur les troubles autistiques.
* [2024-05-16 Thu]
:PROPERTIES:
:EXPORT_FILE_NAME: 2024-05-16
:END:
** Personnes présentes
:PROPERTIES:
:EXPORT_FILE_NAME: Personnes_pr_sentes
:END:
- Céline
- Clara
- Krystelle
- Matt
- Milena
- Yann
** TL;DR
1. Modifier le harnais pour agrandir le logo, et changer la police
2. refus du Monsieur de la réunion d'hier pour devenir bénéficiaire
3. une rencontre demain avec Matthieu, Céline et le bénéficiaire potentiel
4. Création d'un Google drive pour partager les documents
5. Création de cartes à imprimer pour que les membres du bureaux puisse les
donner pour permettre aux personnes de faire des dons et de contacter
facilement l'association
6. Modifier légèrement la proposition 2 des cartes pour que le rendu à
l'impression soit plus lisible.
** Dossard
- Mettre tout le texte en capitale et agrandir le logo et le changer.
Changer la Police utiliser la police sans serif Helvetica.
** Réunion hier
@Matthieu:
Monsieur 50aine, ils habitent Nice, centre ville, pas de parc.
Il veut un chien de compagnie mais avec peu de demande technique.
Environnement; 9ème étage en appartement, 2 lapin
Mauvais feeling avec elle. Ils font un peu débordés.
Le chien sera brut et il faudra travailler sur le chien.
Lui très motivé. Ils ont pris un vieux chien en refuge.
Il est sorti 2x/j.
Il faut qu'un chien d'assistance sorte plus souvent.
@Clara: pas de crainte de Matt.
J'ai pas envie de placer un chien dans cet environnement.
Zone d'immeubles, grande avenue, presque centre ville, que transport en commun.
Le parc le plus proche en fauteuil roulant 20min.
Compliqué en tant que besoin.
Les moyens financier et humain sont peut-être insuffisants.
L'appartement pas adapté au handicap du monsieur.
Pas d'aide pour avoir le fauteuil électrique, don.
Beaucoup d'animaux, pas super propre (chat, lapins).
Les enfants sont partis, si il est hospitalisé, personne pour s'occuper des
animaux.
Mais pas de système pour s'occuper des animaux en cas de problème.
@Milena: coté humain, je pense que ça le fait.
Ils sont dans une forme d'écoute et de respect mutuel.
Je rejoins sur le fait qu'ils sont isolés.
Et sur le reste de l'environnement c'est vous qui savez.
@Clara: Il faut mettre une femelle assez grande. Et pas trop jeune. Ce qui fait
trop de contrainte pour trouver le chien.
@Matt: environnement exiguë.
@Milena: la demande n'est pas claire.
Il veut continuer à avoir un chien avec les avantages de pouvoir rentrer dans un
magasin. Est-ce une demande pertinente.
Elle est légitime, mais pas forcément pertinente.
@Clara: Le fait d'avoir un chien l'aide à sortir.
En terme de besoin, il n'y a pas de besoin technique.
@Milena: Il servira à la motivation, mais ne favorise pas plus d'autonomie.
@Clara: peut rassurer aussi la conjointe.
@Matt: Avec toutes les contraintes, on est obligé d'aller vers une
certification.
Mais je ne pense pas que l'environnement et le profil humain s'y prêtent.
@Milena: Légitime mais est-elle pertinente pour l'asso ?
@Krystelle: ça me dérange de placer un chien dans un environnement pas forcément adapté.
Pour avoir accompagner pour les démarches, c'est beaucoup de temps sur les temps
de libre pour travailler.
Ce n'est pas qu'1h par semaine mais beaucoup plus.
@Matt: On leur a dit, mais de ce que je ressens, j'ai la sensation le monsieur a
tellement envie qu'il a dit oui mais il a pas conscience du travail qui a à faire
sur le chien.
On vu le problème avec Zucco et quand il arrive le chien, mais le chien il a
gratté, il a mangé, il aboie, etc…
Mais ils ont tellement un amour des animaux ils sont aveuglé du travail qui a
derrière.
Le monsieur n'est plus maître chien depuis longtemps.
Je vais plus tendre vers le non.
@Milena: pour la motivation, il n'y aura de surprise.
Mais je te rejoins au niveau de l'organisation.
J'émets un doute.
@Clara: aussi l'entretient, le financier. Ils ont pas les moyens de faire mieux.
@Matt: avec Céline on a un chien à voir pour un bénéficiaire, on va peut-être
répondre favorablement.
Moi j'ai une demande, à Fréjus, j'attendais qu'on voit le monsieur d'hier vu
qu'il avait la priorité.
Je prendrai RDV avec la jeune femme de Fréjus.
@Krystelle: Faire rencontrer des personnes d'une famille qui a fait famille
d'accueil pour expliquer les réalités. Peut-être que ça peut être un petit peu
plus parlant.
@Matt: au début, les 1er RDV avec Mélodie qui a un coté très humain qui fait.
Si vous pouvez être présent avec grand plaisir.
@Krystelle: si c'est dans mes horaires je me libère.
@Matt: Oui ça serait très bien.
@Milena: Peut-être faire un visio séparée.
@Krystelle: Celà permettrait d'expliquer des réalités pour avoir des une vision
réaliste de ce que représente être un bénéficiaire de l'association.
@Matt: oui c'est une bonne idée.
** Bénéficiaire 2
@Celine: de l'extérieur, les besoins du chien.
Le monsieur ne peut pas supporter d'être sans chien.
Cognitivement c'est compliqué mais il est volontaire.
Sa femme est très volontaire.
Je lui est même proposer en cas de refus de chien d'assistance d'au moins venir
pour l'aider à gérer le chien.
C'est un golden qui est très actif.
@Matt: ils sont très anxieux.
@Celine: ils avaient un Beagle.
@Celine: il a besoin qu'il allume les lumières, qu'il marche au pied.
@Clara: quel handicap? Il est en fauteuil et paralysé d'un coté.
@Celine: ils partent régulièrement prendre l'avion avec lui.
Hémiplégie. Ils essayent de faire des choses.
Ce monsieur à une aide qui vient chez lui.
On pourrait une fois de temps en temps à domicile.
La personne peut l'amener en voiture.
@Clara: ça semble un travail qui se fait avec de la motivation.
@Matt: quel âge le chien?
@Celine: 7 ou 9 mois.
Parfois ils ont pris de mauvaises habitudes, il faudra l'éduquer.
L'environnement est bon.
@Milena: seule limite, passer au delà des anxiétés et changer ses habitudes.
@Clara: ce sont des problématiques qu'on a dans le quotidien. Donc rien d'inhabituel.
@Celine: le chien ne comprends pas tout, je pense que la dame sera là pour l'accompagner.
@Milena: c'était difficile le jour du RDV pour le monsieur il revenait de l'hôpital.
@Celine: on sent qu'il y a de la bonne volonté.
@Clara: ils ont un système d'aide.
@Krystelle: ils sont d'où ?
@Celine: de Ventabren
** Actions
- Clara; va faire le Google drive
- Clara; nouvelles cartes, soit changer le vert, soit utiliser des fontes
blanches sur le vert.
- Clara; pour les dossards, renvoyer le logo pour agrandir et changer la police
- Clara: cartes de contact pour l'association
- Krystelle & Yann; s'occuper du harnais (changer la police et agrandir le log)
- Matt; mail de refus pour le rdv d'hier
- Celine & Matt; réunion demain 18h
** [2024-06-12 Wed]
*** Personnes présentes
- Matt
- Lionel
- Claire
- Clara
- Krystelle
- Yann
- Céline
- Milena
*** Sujets
@Matt
Un refus la semaine précédente
@Matt
Rencontrer des gens avec Céline, ils ont déjà un chien, Céline s'en occupera.
Renvoyer un contrat.
Bénéficiaire Douglas, le chien s'appelle Douglas.
@Matt
Addresse de l'asso est l'ancienne addresse perso.
Est-ce que je la domicilie chez mes parents ?
Décision: oui chez les parents, reste dans le 06.
@Matt
Valeine, 35 ans.
Visio avec une bénéficiaire de Fréjus, qui a été amputée.
@Milena
Plutôt positif en terme d'environnement et profil pour moi. On était pas sûr de
jusqu'où va son handicap. Toute une partie paralysée.
Elle a déjà le chien.
Chien doit faire rapport d'objet.
Rapport au sol.
Peu d'attente sur les capacités du chien.
Peut-être que le chien n'ira pas.
@Celine
Est-ce qu'il y a besoin de faire des comptes rendus.
@Matt
Gamin sera certifié cet été.
Les derniers temps, on suit le chien 2x par mois.
Ralonger le temps entre les scéances pour autonomiser et pas avoir trop de frais
dans l'asso.
Il faudrait expliquer cela pour les bénéficiaires.
@Lionel
Factures Educ, Psy.
@Matt 3656€, de hello asso.
@Matt dossard validé fond vert clair, texte noir.
@Krystelle: Dimensions du chien.
*** Actions
- Matt: changer l'addresse de l'asso à celle de ses parents
- Yann: Changer l'addresse de l'asso sur le site; 28 Boulevard Pointcarré, 06160, Juan les Pins
- Céline: envoyer un message à Norbert pour demander les dimensions du chien.
- Tous: Checker le contrat et le valider
- Tous: Checker le compte rendu de Valeine, RDV si besoin

437
notes/cisco_custom_roles.html
View file

@ -1,437 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="author" content="Yann Esposito" />
<title>Custom Roles</title>
<style>
html {
line-height: 1.5;
font-family: Georgia, serif;
font-size: 20px;
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 1em;
}
h1 {
font-size: 1.8em;
}
}
@media print {
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
font-size: 85%;
margin: 0;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
pre > code.sourceCode { white-space: pre; position: relative; }
pre > code.sourceCode > span { display: inline-block; line-height: 1.25; }
pre > code.sourceCode > span:empty { height: 1.2em; }
.sourceCode { overflow: visible; }
code.sourceCode > span { color: inherit; text-decoration: inherit; }
div.sourceCode { margin: 1em 0; }
pre.sourceCode { margin: 0; }
@media screen {
div.sourceCode { overflow: auto; }
}
@media print {
pre > code.sourceCode { white-space: pre-wrap; }
pre > code.sourceCode > span { text-indent: -5em; padding-left: 5em; }
}
pre.numberSource code
{ counter-reset: source-line 0; }
pre.numberSource code > span
{ position: relative; left: -4em; counter-increment: source-line; }
pre.numberSource code > span > a:first-child::before
{ content: counter(source-line);
position: relative; left: -1em; text-align: right; vertical-align: baseline;
border: none; display: inline-block;
-webkit-touch-callout: none; -webkit-user-select: none;
-khtml-user-select: none; -moz-user-select: none;
-ms-user-select: none; user-select: none;
padding: 0 4px; width: 4em;
color: #aaaaaa;
}
pre.numberSource { margin-left: 3em; border-left: 1px solid #aaaaaa; padding-left: 4px; }
div.sourceCode
{ }
@media screen {
pre > code.sourceCode > span > a:first-child::before { text-decoration: underline; }
}
code span.al { color: #ff0000; font-weight: bold; } /* Alert */
code span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
code span.at { color: #7d9029; } /* Attribute */
code span.bn { color: #40a070; } /* BaseN */
code span.bu { color: #008000; } /* BuiltIn */
code span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
code span.ch { color: #4070a0; } /* Char */
code span.cn { color: #880000; } /* Constant */
code span.co { color: #60a0b0; font-style: italic; } /* Comment */
code span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
code span.do { color: #ba2121; font-style: italic; } /* Documentation */
code span.dt { color: #902000; } /* DataType */
code span.dv { color: #40a070; } /* DecVal */
code span.er { color: #ff0000; font-weight: bold; } /* Error */
code span.ex { } /* Extension */
code span.fl { color: #40a070; } /* Float */
code span.fu { color: #06287e; } /* Function */
code span.im { color: #008000; font-weight: bold; } /* Import */
code span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
code span.kw { color: #007020; font-weight: bold; } /* Keyword */
code span.op { color: #666666; } /* Operator */
code span.ot { color: #007020; } /* Other */
code span.pp { color: #bc7a00; } /* Preprocessor */
code span.sc { color: #4070a0; } /* SpecialChar */
code span.ss { color: #bb6688; } /* SpecialString */
code span.st { color: #4070a0; } /* String */
code span.va { color: #19177c; } /* Variable */
code span.vs { color: #4070a0; } /* VerbatimString */
code span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
</style>
<style>code {opacity:80%; font-size: 75%; background-color: rgba(127,127,127,0.3);body{font-family:"CMU Typewriter"} :root {--r-heading-font: Futura,sans-serif; --r-main-font-size: 36px; --r-main-font: Futura,sans-serif;}</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">Custom Roles</h1>
<p class="subtitle">XDR IROH</p>
<p class="author">Yann Esposito</p>
<p class="date">[2023-10-03 Tue 15:30]</p>
</header>
<h1 id="current-state">Current state</h1>
<h2 id="listing-roles-already-by-org">Listing Roles (already by
org)</h2>
<p><code class="verbatim">GET /iroh/profile/roles</code></p>
<p>Provide a data structure with describing all roles for an Org:</p>
<ul>
<li>3 roles for XDR (admin, user, sat)</li>
<li>2 roles for SX (admin, user)</li>
</ul>
<h2 id="role-permissions">⚠ Role ≠ Permissions</h2>
<p>The role associated to a user do not necessarily matches the user
permission.</p>
<p>The role is only one of the component to use to determine a token or
even a user permissions. The permissions are represented by
<em>scopes</em> which are computed using:</p>
<ul>
<li>the user role</li>
<li>the org properties (activated or not, XDR or not etc…)</li>
<li>entitlements (not in use but will probably be the case in the
future)</li>
</ul>
<h2 id="role-permissions-tokens">⚠ Role ≠ Permissions (Tokens)</h2>
<ul>
<li>the user scopes</li>
<li>as well as the client scopes</li>
<li>as well as the scopes requested during the OAuth2 authorization
flow</li>
</ul>
<h2 id="current-response-for-an-xdr-enabled-org">Current response for an
XDR-enabled org</h2>
<div class="sourceCode" id="cb1"><pre
class="sourceCode clojure"><code class="sourceCode clojure"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a>GET /iroh/profile/roles</span>
<span id="cb1-2"><a href="#cb1-2" aria-hidden="true" tabindex="-1"></a>{<span class="at">:admin</span> {<span class="at">:english</span> {<span class="at">:only-role-name</span> <span class="st">&quot;administrator&quot;</span>,</span>
<span id="cb1-3"><a href="#cb1-3" aria-hidden="true" tabindex="-1"></a> <span class="at">:adjective</span> <span class="st">&quot;an&quot;</span>,</span>
<span id="cb1-4"><a href="#cb1-4" aria-hidden="true" tabindex="-1"></a> <span class="at">:only-role-name-capitalized</span> <span class="st">&quot;Administrator&quot;</span>,</span>
<span id="cb1-5"><a href="#cb1-5" aria-hidden="true" tabindex="-1"></a> <span class="at">:english-role-name</span> <span class="st">&quot;an administrator&quot;</span>},</span>
<span id="cb1-6"><a href="#cb1-6" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-name</span> <span class="st">&quot;Administrator&quot;</span>,</span>
<span id="cb1-7"><a href="#cb1-7" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-id</span> <span class="st">&quot;admin&quot;</span>,</span>
<span id="cb1-8"><a href="#cb1-8" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span> <span class="st">&quot;An admin of users.&quot;</span>,</span>
<span id="cb1-9"><a href="#cb1-9" aria-hidden="true" tabindex="-1"></a> <span class="at">:visibility</span> <span class="st">&quot;public&quot;</span>},</span>
<span id="cb1-10"><a href="#cb1-10" aria-hidden="true" tabindex="-1"></a> <span class="at">:sat</span> {<span class="at">:english</span> {<span class="at">:only-role-name</span> <span class="st">&quot;security analyst&quot;</span>,</span>
<span id="cb1-11"><a href="#cb1-11" aria-hidden="true" tabindex="-1"></a> <span class="at">:adjective</span> <span class="st">&quot;a&quot;</span>,</span>
<span id="cb1-12"><a href="#cb1-12" aria-hidden="true" tabindex="-1"></a> <span class="at">:only-role-name-capitalized</span> <span class="st">&quot;Security Analyst&quot;</span>,</span>
<span id="cb1-13"><a href="#cb1-13" aria-hidden="true" tabindex="-1"></a> <span class="at">:english-role-name</span> <span class="st">&quot;a security analyst&quot;</span>},</span>
<span id="cb1-14"><a href="#cb1-14" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-name</span> <span class="st">&quot;Security Analyst&quot;</span>,</span>
<span id="cb1-15"><a href="#cb1-15" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-id</span> <span class="st">&quot;sat&quot;</span>,</span>
<span id="cb1-16"><a href="#cb1-16" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span></span>
<span id="cb1-17"><a href="#cb1-17" aria-hidden="true" tabindex="-1"></a> <span class="st">&quot;No account admin. SXO read only + run existing workflows.&quot;</span>,</span>
<span id="cb1-18"><a href="#cb1-18" aria-hidden="true" tabindex="-1"></a> <span class="at">:visibility</span> <span class="st">&quot;public&quot;</span>},</span>
<span id="cb1-19"><a href="#cb1-19" aria-hidden="true" tabindex="-1"></a> <span class="at">:user</span> {<span class="at">:english</span> {<span class="at">:only-role-name</span> <span class="st">&quot;incident responder&quot;</span>,</span>
<span id="cb1-20"><a href="#cb1-20" aria-hidden="true" tabindex="-1"></a> <span class="at">:adjective</span> <span class="st">&quot;an&quot;</span>,</span>
<span id="cb1-21"><a href="#cb1-21" aria-hidden="true" tabindex="-1"></a> <span class="at">:only-role-name-capitalized</span> <span class="st">&quot;Incident Responder&quot;</span>,</span>
<span id="cb1-22"><a href="#cb1-22" aria-hidden="true" tabindex="-1"></a> <span class="at">:english-role-name</span> <span class="st">&quot;an incident responder&quot;</span>},</span>
<span id="cb1-23"><a href="#cb1-23" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-name</span> <span class="st">&quot;Incident Responder&quot;</span>,</span>
<span id="cb1-24"><a href="#cb1-24" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-id</span> <span class="st">&quot;user&quot;</span>,</span>
<span id="cb1-25"><a href="#cb1-25" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span></span>
<span id="cb1-26"><a href="#cb1-26" aria-hidden="true" tabindex="-1"></a> <span class="st">&quot;This is the closest to current user role:- no account administration- cannot create/change modules- SXO read only, but can run and edit workflows&quot;</span>,</span>
<span id="cb1-27"><a href="#cb1-27" aria-hidden="true" tabindex="-1"></a> <span class="at">:visibility</span> <span class="st">&quot;public&quot;</span>}}</span></code></pre></div>
<h2 id="current-response-for-an-sx-only-org">Current response for an
SX-only org</h2>
<div class="sourceCode" id="cb2"><pre
class="sourceCode clojure"><code class="sourceCode clojure"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a>GET /iroh/profile/roles</span>
<span id="cb2-2"><a href="#cb2-2" aria-hidden="true" tabindex="-1"></a>{<span class="at">:admin</span> {<span class="at">:english</span> {<span class="at">:only-role-name</span> <span class="st">&quot;admin&quot;</span>,</span>
<span id="cb2-3"><a href="#cb2-3" aria-hidden="true" tabindex="-1"></a> <span class="at">:adjective</span> <span class="st">&quot;an&quot;</span>,</span>
<span id="cb2-4"><a href="#cb2-4" aria-hidden="true" tabindex="-1"></a> <span class="at">:only-role-name-capitalized</span> <span class="st">&quot;Admin&quot;</span>,</span>
<span id="cb2-5"><a href="#cb2-5" aria-hidden="true" tabindex="-1"></a> <span class="at">:english-role-name</span> <span class="st">&quot;an admin&quot;</span>},</span>
<span id="cb2-6"><a href="#cb2-6" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-name</span> <span class="st">&quot;Admin&quot;</span>,</span>
<span id="cb2-7"><a href="#cb2-7" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-id</span> <span class="st">&quot;admin&quot;</span>,</span>
<span id="cb2-8"><a href="#cb2-8" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span> <span class="st">&quot;An admin of users.&quot;</span>,</span>
<span id="cb2-9"><a href="#cb2-9" aria-hidden="true" tabindex="-1"></a> <span class="at">:visibility</span> <span class="st">&quot;public&quot;</span>},</span>
<span id="cb2-10"><a href="#cb2-10" aria-hidden="true" tabindex="-1"></a> <span class="at">:user</span> {<span class="at">:english</span> {<span class="at">:only-role-name</span> <span class="st">&quot;user&quot;</span>,</span>
<span id="cb2-11"><a href="#cb2-11" aria-hidden="true" tabindex="-1"></a> <span class="at">:adjective</span> <span class="st">&quot;a&quot;</span>,</span>
<span id="cb2-12"><a href="#cb2-12" aria-hidden="true" tabindex="-1"></a> <span class="at">:only-role-name-capitalized</span> <span class="st">&quot;User&quot;</span>,</span>
<span id="cb2-13"><a href="#cb2-13" aria-hidden="true" tabindex="-1"></a> <span class="at">:english-role-name</span> <span class="st">&quot;a user&quot;</span>},</span>
<span id="cb2-14"><a href="#cb2-14" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-name</span> <span class="st">&quot;User&quot;</span>,</span>
<span id="cb2-15"><a href="#cb2-15" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-id</span> <span class="st">&quot;user&quot;</span>,</span>
<span id="cb2-16"><a href="#cb2-16" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span> <span class="st">&quot;A standard user.&quot;</span>,</span>
<span id="cb2-17"><a href="#cb2-17" aria-hidden="true" tabindex="-1"></a> <span class="at">:visibility</span> <span class="st">&quot;public&quot;</span>}}</span></code></pre></div>
<h2 id="what-the-api-already-support">What the API already support</h2>
<ul>
<li>list all roles for every Org</li>
<li>change the role of a user</li>
<li>support roles during invitation and Org access request</li>
<li>expose a permissions endpoint to check permission access
independently of the role</li>
<li>read/write access restriction</li>
<li>fine grained <em>resource</em> target in the scopes
<code>enrich</code><code>enrich/observables/observe:write</code></li>
</ul>
<h2 id="what-the-api-does-not-support">What the API does not
support</h2>
<ul>
<li>No support for create+update but not delete.</li>
<li>No support for multiple roles</li>
<li>No support for custom role creation (obviously)
<ul>
<li>No scopes API for roles</li>
</ul></li>
</ul>
<h1 id="expected-changes">Expected Changes</h1>
<h2 id="new-api-exhaustive-scopes-list">New API: (exhaustive scopes
list)</h2>
<p>Exhaustive list of scopes as a forest structure</p>
<div class="sourceCode" id="cb3"><pre
class="sourceCode clojure"><code class="sourceCode clojure"><span id="cb3-1"><a href="#cb3-1" aria-hidden="true" tabindex="-1"></a>[{<span class="at">:scope</span> <span class="st">&quot;global-intel&quot;</span></span>
<span id="cb3-2"><a href="#cb3-2" aria-hidden="true" tabindex="-1"></a> (optional <span class="at">:description</span>) ,,,</span>
<span id="cb3-3"><a href="#cb3-3" aria-hidden="true" tabindex="-1"></a> <span class="at">:accessors</span> [<span class="st">&quot;read&quot;</span>]</span>
<span id="cb3-4"><a href="#cb3-4" aria-hidden="true" tabindex="-1"></a> <span class="at">:sub-scopes</span> [{<span class="at">:scope</span> <span class="st">&quot;global-intel/incident&quot;</span></span>
<span id="cb3-5"><a href="#cb3-5" aria-hidden="true" tabindex="-1"></a> <span class="at">:accessors</span> [<span class="st">&quot;read&quot;</span>]}</span>
<span id="cb3-6"><a href="#cb3-6" aria-hidden="true" tabindex="-1"></a> {<span class="at">:scope</span> <span class="st">&quot;global-intel/sighting&quot;</span></span>
<span id="cb3-7"><a href="#cb3-7" aria-hidden="true" tabindex="-1"></a> <span class="at">:accessors</span> [<span class="st">&quot;read&quot;</span>]}</span>
<span id="cb3-8"><a href="#cb3-8" aria-hidden="true" tabindex="-1"></a> ,,,]}</span>
<span id="cb3-9"><a href="#cb3-9" aria-hidden="true" tabindex="-1"></a> {<span class="at">:scope</span> <span class="st">&quot;private-intel&quot;</span></span>
<span id="cb3-10"><a href="#cb3-10" aria-hidden="true" tabindex="-1"></a> (optional <span class="at">:description</span>) ,,,</span>
<span id="cb3-11"><a href="#cb3-11" aria-hidden="true" tabindex="-1"></a> <span class="at">:accessors</span> [<span class="st">&quot;rw&quot;</span>,<span class="st">&quot;read&quot;</span>,<span class="st">&quot;write&quot;</span>]</span>
<span id="cb3-12"><a href="#cb3-12" aria-hidden="true" tabindex="-1"></a> <span class="at">:sub-scopes</span> [{,,,}]}]</span></code></pre></div>
<h2 id="new-api-maybe">New API (maybe?)</h2>
<p>Expose only a subset of scopes aliases pre-negociated with UX/UI/Doc
team:</p>
<div class="sourceCode" id="cb4"><pre
class="sourceCode clojure"><code class="sourceCode clojure"><span id="cb4-1"><a href="#cb4-1" aria-hidden="true" tabindex="-1"></a>[{<span class="at">:scope-alias</span> <span class="st">&quot;threat-hunt&quot;</span></span>
<span id="cb4-2"><a href="#cb4-2" aria-hidden="true" tabindex="-1"></a> <span class="at">:scopes</span> [<span class="st">&quot;enrich/observables/observe:read&quot;</span>,<span class="st">&quot;inspect&quot;</span>,<span class="st">&quot;investigation&quot;</span>]</span>
<span id="cb4-3"><a href="#cb4-3" aria-hidden="true" tabindex="-1"></a> <span class="at">:description</span> ,,,,}</span>
<span id="cb4-4"><a href="#cb4-4" aria-hidden="true" tabindex="-1"></a> {<span class="at">:scope-alias</span> <span class="st">&quot;incidents&quot;</span></span>
<span id="cb4-5"><a href="#cb4-5" aria-hidden="true" tabindex="-1"></a> <span class="at">:scopes</span> [<span class="st">&quot;private-intel&quot;</span>,<span class="st">&quot;global-intel:read&quot;</span>]</span>
<span id="cb4-6"><a href="#cb4-6" aria-hidden="true" tabindex="-1"></a> <span class="at">:description</span> ,,,}</span>
<span id="cb4-7"><a href="#cb4-7" aria-hidden="true" tabindex="-1"></a> ,,, ]</span></code></pre></div>
<h2 id="new-api-crudsearch">New API: CRUD+Search</h2>
<p>API to manage new custom roles</p>
<div class="sourceCode" id="cb5"><pre
class="sourceCode clojure"><code class="sourceCode clojure"><span id="cb5-1"><a href="#cb5-1" aria-hidden="true" tabindex="-1"></a>(s/defschema NewRole</span>
<span id="cb5-2"><a href="#cb5-2" aria-hidden="true" tabindex="-1"></a> {<span class="at">:role-name</span> s/Str</span>
<span id="cb5-3"><a href="#cb5-3" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span> s/Str</span>
<span id="cb5-4"><a href="#cb5-4" aria-hidden="true" tabindex="-1"></a> <span class="at">:provided-scopes</span> Scopes})</span>
<span id="cb5-5"><a href="#cb5-5" aria-hidden="true" tabindex="-1"></a></span>
<span id="cb5-6"><a href="#cb5-6" aria-hidden="true" tabindex="-1"></a>(s/defschema Role</span>
<span id="cb5-7"><a href="#cb5-7" aria-hidden="true" tabindex="-1"></a> (st/merge NewRole</span>
<span id="cb5-8"><a href="#cb5-8" aria-hidden="true" tabindex="-1"></a> {<span class="at">:id</span> s/Str</span>
<span id="cb5-9"><a href="#cb5-9" aria-hidden="true" tabindex="-1"></a> <span class="at">:created-at</span> Date</span>
<span id="cb5-10"><a href="#cb5-10" aria-hidden="true" tabindex="-1"></a> <span class="at">:updated-at</span> Date}))</span></code></pre></div>
<h2 id="existing-apis">Existing APIs</h2>
<p>The <code class="verbatim">GET /iroh/profile/roles</code> will look
like today + added the new custom roles that will look like:</p>
<div class="sourceCode" id="cb6"><pre
class="sourceCode clojure"><code class="sourceCode clojure"><span id="cb6-1"><a href="#cb6-1" aria-hidden="true" tabindex="-1"></a>{<span class="at">:admin</span> ...</span>
<span id="cb6-2"><a href="#cb6-2" aria-hidden="true" tabindex="-1"></a> <span class="at">:sat</span> ...</span>
<span id="cb6-3"><a href="#cb6-3" aria-hidden="true" tabindex="-1"></a> <span class="at">:user</span> ...</span>
<span id="cb6-4"><a href="#cb6-4" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-d394db9e-613f-11ee-aff9-325096b39f47</span></span>
<span id="cb6-5"><a href="#cb6-5" aria-hidden="true" tabindex="-1"></a> {<span class="at">:role-name</span> <span class="st">&quot;My Company Custom Role&quot;</span></span>
<span id="cb6-6"><a href="#cb6-6" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span> <span class="st">&quot;This is a role that is read only except for workflows&quot;</span></span>
<span id="cb6-7"><a href="#cb6-7" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-id</span> <span class="at">:role-d394db9e-613f-11ee-aff9-325096b39f47</span></span>
<span id="cb6-8"><a href="#cb6-8" aria-hidden="true" tabindex="-1"></a> <span class="at">:visibility</span> <span class="st">&quot;org&quot;</span></span>
<span id="cb6-9"><a href="#cb6-9" aria-hidden="true" tabindex="-1"></a> <span class="at">:associated-scopes</span> #{<span class="st">&quot;inspect:read&quot;</span> <span class="st">&quot;ao&quot;</span> <span class="st">&quot;insights:read&quot;</span> <span class="st">&quot;profile:read&quot;</span>}}</span>
<span id="cb6-10"><a href="#cb6-10" aria-hidden="true" tabindex="-1"></a></span>
<span id="cb6-11"><a href="#cb6-11" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-8891b9f4-6140-11ee-8e1a-325096b39f47</span></span>
<span id="cb6-12"><a href="#cb6-12" aria-hidden="true" tabindex="-1"></a> {<span class="at">:role-name</span> <span class="st">&quot;Manager&quot;</span></span>
<span id="cb6-13"><a href="#cb6-13" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span> <span class="st">&quot;Only for Sam who manage this team but should not directly act&quot;</span></span>
<span id="cb6-14"><a href="#cb6-14" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-id</span> <span class="at">:role-8891b9f4-6140-11ee-8e1a-325096b39f47</span></span>
<span id="cb6-15"><a href="#cb6-15" aria-hidden="true" tabindex="-1"></a> <span class="at">:visibility</span> <span class="st">&quot;org&quot;</span></span>
<span id="cb6-16"><a href="#cb6-16" aria-hidden="true" tabindex="-1"></a> <span class="at">:associated-scopes</span> #{<span class="st">&quot;inspect:read&quot;</span> <span class="st">&quot;ao:read&quot;</span> <span class="st">&quot;insights:read&quot;</span> <span class="st">&quot;profile:read&quot;</span> <span class="st">&quot;users&quot;</span> <span class="st">&quot;profile&quot;</span>}}}</span></code></pre></div>
<ul>
<li><code>visibility</code>; <code>org</code> for custom,
<code>public</code> for global.</li>
<li><code>associated-scopes</code>; only for role management UI</li>
</ul>
<h2 id="introduce-sub-accessors-maybe">Introduce sub-accessors
(maybe?)</h2>
<p>Today: <code>read</code>, <code>write</code></p>
<pre><code>inspect = inspect:rw
= inspect:read + inspect:write.
</code></pre>
<p>Tomorrow: introduce <code>read:get</code>, <code>read:search</code>,
<code>write:create</code>, <code>write:update</code>,
<code>write:delete</code>, <code>write:execute</code>.</p>
<h3 id="equivalence-of-new-accessors">Equivalence of new accessors</h3>
<div class="sourceCode" id="cb8"><pre
class="sourceCode python"><code class="sourceCode python"><span id="cb8-1"><a href="#cb8-1" aria-hidden="true" tabindex="-1"></a>rw <span class="op">=</span> read <span class="op">+</span> write</span>
<span id="cb8-2"><a href="#cb8-2" aria-hidden="true" tabindex="-1"></a></span>
<span id="cb8-3"><a href="#cb8-3" aria-hidden="true" tabindex="-1"></a>read <span class="op">=</span> read:get <span class="co"># GET by id</span></span>
<span id="cb8-4"><a href="#cb8-4" aria-hidden="true" tabindex="-1"></a> <span class="op">+</span> read:search <span class="co"># GET/POST search entities</span></span>
<span id="cb8-5"><a href="#cb8-5" aria-hidden="true" tabindex="-1"></a>write <span class="op">=</span> write:create <span class="co"># POST create new entity</span></span>
<span id="cb8-6"><a href="#cb8-6" aria-hidden="true" tabindex="-1"></a> <span class="op">+</span> write:update <span class="co"># PUT/PATCH</span></span>
<span id="cb8-7"><a href="#cb8-7" aria-hidden="true" tabindex="-1"></a> <span class="op">+</span> write:delete <span class="co"># DELETE</span></span>
<span id="cb8-8"><a href="#cb8-8" aria-hidden="true" tabindex="-1"></a> <span class="op">+</span> write:execute <span class="co"># POST to trigger action</span></span></code></pre></div>
<h1 id="most-important-points">Most important points</h1>
<ul>
<li>Dynamic role <code>ids</code>. <strong>Must use the API</strong>
<ul>
<li>when you call <code
class="verbatim">/iroh/profile/whoami</code></li>
<li>when you look into the JWT</li>
<li><strong>note</strong>: potentially a list of roles!</li>
</ul></li>
<li><code>associated-scopes</code> field only useful for the Role
Management UI.</li>
<li>Use <code class="verbatim">/iroh/profile/permissions</code></li>
<li>can also use <code>scopes</code> claim if present</li>
</ul>
<h2 id="multiple-roles">Multiple Roles</h2>
<p>Expect the role to be a sorted comma separated role ids like;
<code>admin,role-344,sat,user</code> (which would be equivalent to
<code>admin</code> here) in the tokens and not a list to prevent
breaking changes. But it will probably be a list in the
<code>/whoami</code> response.</p>
</body>
</html>

269
notes/cisco_custom_roles.tex
View file

@ -1,269 +0,0 @@
% Created 2023-10-04 Wed 14:01
% Intended LaTeX compiler: pdflatex
\documentclass[11pt]{article}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage{graphicx}
\usepackage{longtable}
\usepackage{wrapfig}
\usepackage{rotating}
\usepackage[normalem]{ulem}
\usepackage{amsmath}
\usepackage{amssymb}
\usepackage{capt-of}
\usepackage{hyperref}
\author{Yann Esposito}
\date{\textit{[2023-10-03 Tue 15:30]}}
\title{Custom Roles\\\medskip
\large XDR IROH}
\hypersetup{
pdfauthor={Yann Esposito},
pdftitle={Custom Roles},
pdfkeywords={},
pdfsubject={},
pdfcreator={Emacs 29.1 (Org mode 9.7)},
pdflang={English}}
\begin{document}
\maketitle
\section{Current state}
\label{sec:org5577c77}
\subsection{Listing Roles (already by org)}
\label{sec:org3475552}
\texttt{GET /iroh/profile/roles}
Provide a data structure with describing all roles for an Org:
\begin{itemize}
\item 3 roles for XDR (admin, user, sat)
\item 2 roles for SX (admin, user)
\end{itemize}
\subsection{⚠ Role ≠ Permissions}
\label{sec:org45793d5}
The role associated to a user do not necessarily matches the user permission.
The role is only one of the component to use to determine a token or even a user permissions.
The permissions are represented by \emph{scopes} which are computed using:
\begin{itemize}
\item the user role
\item the org properties (activated or not, XDR or not etc…)
\item entitlements (not in use but will probably be the case in the future)
\end{itemize}
\subsection{⚠ Role ≠ Permissions (Tokens)}
\label{sec:org0374daf}
\begin{itemize}
\item the user scopes
\item as well as the client scopes
\item as well as the scopes requested during the OAuth2 authorization flow
\end{itemize}
\subsection{Current response for an XDR-enabled org}
\label{sec:orga98ced4}
\begin{verbatim}
GET /iroh/profile/roles
{:admin {:english {:only-role-name "administrator",
:adjective "an",
:only-role-name-capitalized "Administrator",
:english-role-name "an administrator"},
:role-name "Administrator",
:role-id "admin",
:role-description "An admin of users.",
:visibility "public"},
:sat {:english {:only-role-name "security analyst",
:adjective "a",
:only-role-name-capitalized "Security Analyst",
:english-role-name "a security analyst"},
:role-name "Security Analyst",
:role-id "sat",
:role-description
"No account admin. SXO read only + run existing workflows.",
:visibility "public"},
:user {:english {:only-role-name "incident responder",
:adjective "an",
:only-role-name-capitalized "Incident Responder",
:english-role-name "an incident responder"},
:role-name "Incident Responder",
:role-id "user",
:role-description
"This is the closest to current user role:- no account administration- cannot create/change modules- SXO read only, but can run and edit workflows",
:visibility "public"}}
\end{verbatim}
\subsection{Current response for an SX-only org}
\label{sec:org8122353}
\begin{verbatim}
GET /iroh/profile/roles
{:admin {:english {:only-role-name "admin",
:adjective "an",
:only-role-name-capitalized "Admin",
:english-role-name "an admin"},
:role-name "Admin",
:role-id "admin",
:role-description "An admin of users.",
:visibility "public"},
:user {:english {:only-role-name "user",
:adjective "a",
:only-role-name-capitalized "User",
:english-role-name "a user"},
:role-name "User",
:role-id "user",
:role-description "A standard user.",
:visibility "public"}}
\end{verbatim}
\subsection{What the API already support}
\label{sec:orgc601aac}
\begin{itemize}
\item list all roles for every Org
\item change the role of a user
\item support roles during invitation and Org access request
\item expose a permissions endpoint to check permission access independently of the role
\item read/write access restriction
\item fine grained \emph{resource} target in the scopes \texttt{enrich}\texttt{enrich/observables/observe:write}
\end{itemize}
\subsection{What the API does not support}
\label{sec:orga19776c}
\begin{itemize}
\item No support for create+update but not delete.
\item No support for multiple roles (not sure what it means yet)
\item No support for custom role creation (obviously)
\begin{itemize}
\item No scopes API for roles
\end{itemize}
\end{itemize}
\section{Expected Changes}
\label{sec:org591e358}
\subsection{New API: (exhaustive scopes list)}
\label{sec:orgad4cfdd}
Exhaustive list of scopes as a forest structure
\begin{verbatim}
[{:scope "global-intel"
(optional :description) ,,,
:accessors ["read"]
:sub-scopes [{:scope "global-intel/incident"
:accessors ["read"]}
{:scope "global-intel/sighting"
:accessors ["read"]}
,,,]}
{:scope "private-intel"
(optional :description) ,,,
:accessors ["rw","read","write"]
:sub-scopes [{,,,}]}]
\end{verbatim}
\subsection{New API (maybe?)}
\label{sec:org7dbeae2}
Expose only a subset of scopes aliases pre-negociated with UX/UI/Doc team:
\begin{verbatim}
[{:scope-alias "threat-hunt"
:scopes ["enrich/observables/observe:read","inspect","investigation"]
:description ,,,,}
{:scope-alias "incidents"
:scopes ["private-intel","global-intel:read"]
:description ,,,}
,,, ]
\end{verbatim}
\subsection{New API: CRUD+Search}
\label{sec:orgc22dbdb}
API to manage new custom roles
\begin{verbatim}
(s/defschema NewRole
{:role-name s/Str
:role-description s/Str
:provided-scopes Scopes})
(s/defschema Role
(st/merge NewRole
{:id s/Str
:created-at Date
:updated-at Date}))
\end{verbatim}
\subsection{Existing APIs}
\label{sec:org8b0636c}
The \texttt{GET /iroh/profile/roles} will look like today + added the new custom roles
that will look like:
\begin{verbatim}
{:admin ...
:sat ...
:user ...
:role-d394db9e-613f-11ee-aff9-325096b39f47
{:role-name "My Company Custom Role"
:role-description "This is a role that is read only except for workflows"
:role-id :role-d394db9e-613f-11ee-aff9-325096b39f47
:visibility "org"
:associated-scopes #{"inspect:read" "ao" "insights:read" "profile:read"}}
:role-8891b9f4-6140-11ee-8e1a-325096b39f47
{:role-name "Manager"
:role-description "Only for Sam who manage this team but should not directly act"
:role-id :role-8891b9f4-6140-11ee-8e1a-325096b39f47
:visibility "org"
:associated-scopes #{"inspect:read" "ao:read" "insights:read" "profile:read" "users" "profile"}}}
\end{verbatim}
\begin{itemize}
\item \texttt{visibility}; \texttt{org} for custom, \texttt{public} for global.
\item \texttt{associated-scopes}; only for role management UI
\end{itemize}
\subsection{Introduce sub-accessors (maybe?)}
\label{sec:org6e45fe3}
Today: \texttt{read}, \texttt{write}
\begin{verbatim}
inspect = inspect:rw
= inspect:read + inspect:write.
\end{verbatim}
Tomorrow: introduce \texttt{read:get}, \texttt{read:search}, \texttt{write:create}, \texttt{write:update},
\texttt{write:delete}, \texttt{write:execute}.
\subsubsection{Equivalence of new accessors}
\label{sec:org312e35c}
\begin{verbatim}
rw = read + write
read = read:get # GET by id
+ read:search # GET/POST search entities
write = write:create # POST create new entity
+ write:update # PUT/PATCH
+ write:delete # DELETE
+ write:execute # POST to trigger action
\end{verbatim}
\section{Most important points}
\label{sec:org072056b}
\begin{itemize}
\item Dynamic role \texttt{ids}. \textbf{Must use the API}
\begin{itemize}
\item when you call \texttt{/iroh/profile/whoami}
\item when you look into the JWT
\item \textbf{note}: potentially a list of roles!
\end{itemize}
\item \texttt{associated-scopes} field only useful for the Role Management UI.
\item Use \texttt{/iroh/profile/permissions}
\item can also use \texttt{scopes} claim if present
\end{itemize}
\subsection{Multiple Roles}
\label{sec:org27898f0}
\begin{itemize}
\item if union of roles for the same user:
Expect the role to be a sorted comma separated role ids like;
\texttt{admin,role-344,sat,user} (which would be equivalent to \texttt{admin} here)
\item if one role per session, then we will use different \texttt{user-id} and thus the role
must appear in the UIs (Registration UI, Org switching, etc…)
\end{itemize}
\end{document}

47
notes/cisco_iroh_client_data_retention.org Normal file
View file

@ -0,0 +1,47 @@
:PROPERTIES:
:ID: b129bbc2-43c7-4ba6-bcba-23fcc45add4f
:END:
#+Title: Cisco IROH Client Data Retention
#+Author: Yann Esposito
#+Date: [2024-06-05]
- tags ::
- source ::
* Recommendation
As a client of XDR API (IROH) you can retrieve the Data Retention policy using
multiple APIs. But the recommended API to use is ~/iroh/profile/whoami~
(See link in TEST: https://visibility.test.iroh.site/iroh/profile/index.html#/Profile/get_iroh_profile_whoami)
You should call this API using an IROH access token that you could retrieve
using the refresh token you should already have for your customer.
Inside this HTTP call, the body of the request should looks like:
#+begin_src javascript
{
"user": {...},
"org": {
...
"entitlement-summary": {
"tier": {"title": "advantage", ...},
"extra_data_retention": {...},
"extra_ingest": {...},
"techvals": {
"data-retention-in-days": 180,
"data-maximal-size-in-GB": 30,
...
}
}
}
}
#+end_src
The recommended method to retrieve the number of days is to use
~org["entitlement-summary"]["techvals"]["data-retention-in-days"]~ value.
Note for some org the entitlement summary will not be provided entirely as some
XDR org do not have any entitlements (beta orgs, test orgs, not yet sync with
PIAM, etc…)
For these cases we do not provide any default number of day.

536
notes/composable_shell_nix.html
View file

@ -1,536 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="author" content="Yann Esposito" />
<title>Composable shell.nix</title>
<style>
html {
line-height: 1.5;
font-family: Georgia, serif;
font-size: 20px;
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 1em;
}
h1 {
font-size: 1.8em;
}
}
@media print {
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
font-size: 85%;
margin: 0;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
pre > code.sourceCode { white-space: pre; position: relative; }
pre > code.sourceCode > span { display: inline-block; line-height: 1.25; }
pre > code.sourceCode > span:empty { height: 1.2em; }
.sourceCode { overflow: visible; }
code.sourceCode > span { color: inherit; text-decoration: inherit; }
div.sourceCode { margin: 1em 0; }
pre.sourceCode { margin: 0; }
@media screen {
div.sourceCode { overflow: auto; }
}
@media print {
pre > code.sourceCode { white-space: pre-wrap; }
pre > code.sourceCode > span { text-indent: -5em; padding-left: 5em; }
}
pre.numberSource code
{ counter-reset: source-line 0; }
pre.numberSource code > span
{ position: relative; left: -4em; counter-increment: source-line; }
pre.numberSource code > span > a:first-child::before
{ content: counter(source-line);
position: relative; left: -1em; text-align: right; vertical-align: baseline;
border: none; display: inline-block;
-webkit-touch-callout: none; -webkit-user-select: none;
-khtml-user-select: none; -moz-user-select: none;
-ms-user-select: none; user-select: none;
padding: 0 4px; width: 4em;
color: #aaaaaa;
}
pre.numberSource { margin-left: 3em; border-left: 1px solid #aaaaaa; padding-left: 4px; }
div.sourceCode
{ }
@media screen {
pre > code.sourceCode > span > a:first-child::before { text-decoration: underline; }
}
code span.al { color: #ff0000; font-weight: bold; } /* Alert */
code span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
code span.at { color: #7d9029; } /* Attribute */
code span.bn { color: #40a070; } /* BaseN */
code span.bu { color: #008000; } /* BuiltIn */
code span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
code span.ch { color: #4070a0; } /* Char */
code span.cn { color: #880000; } /* Constant */
code span.co { color: #60a0b0; font-style: italic; } /* Comment */
code span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
code span.do { color: #ba2121; font-style: italic; } /* Documentation */
code span.dt { color: #902000; } /* DataType */
code span.dv { color: #40a070; } /* DecVal */
code span.er { color: #ff0000; font-weight: bold; } /* Error */
code span.ex { } /* Extension */
code span.fl { color: #40a070; } /* Float */
code span.fu { color: #06287e; } /* Function */
code span.im { color: #008000; font-weight: bold; } /* Import */
code span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
code span.kw { color: #007020; font-weight: bold; } /* Keyword */
code span.op { color: #666666; } /* Operator */
code span.ot { color: #007020; } /* Other */
code span.pp { color: #bc7a00; } /* Preprocessor */
code span.sc { color: #4070a0; } /* SpecialChar */
code span.ss { color: #bb6688; } /* SpecialString */
code span.st { color: #4070a0; } /* String */
code span.va { color: #19177c; } /* Variable */
code span.vs { color: #4070a0; } /* VerbatimString */
code span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">Composable shell.nix</h1>
<p class="author">Yann Esposito</p>
<p class="date">[2023-02-10 Fri]</p>
</header>
<dl>
<dt>tags</dt>
<dd>
<a href="id:6e4c4d62-215d-4e0d-9361-0ff64af6f4a9">nix</a>
</dd>
</dl>
<p>So I work on a project for which we used Docker to locally run
integration tests. More precisely we used <code
class="verbatim">docker-compose</code> to launch different services,
most of them being databases. The project is big enough that we need
many different databases and other services.</p>
<p>It's been a while that I am following nix, and in particular I use
nix on macOS to create local development environments. But I never used
NixOS, even if I plan to do so on my remote server. In fact, I use nix
on a very old Linux distro to run recent softwares.</p>
<p>Anyway, after Docker started to change its licensing on macOS I
wanted to get rid of it. In fact, even before the licensing issue, I
wanted to get rid of docker for Mac.</p>
<p>So I tried many time to replace <code
class="verbatim">docker-compose</code> by <code
class="verbatim">nix</code>. And even if I am interested in nix I never
really dug into it. So my knowledge about it is incomplete and
imprecise. But I know just enough to be able to start write script with
nix taking care of dependencies, and similarly, I can write quick and
dirty <code class="verbatim">shell.nix</code> for all my personal
projects. Recently I started to add <code
class="verbatim">flake.nix</code> files around too.</p>
<p>So here is how to easily replace docker-compose with nix. Which
should also compose.</p>
<h1 id="nix-shell-fu-level-1-lesson"><code
class="verbatim">nix-shell-fu</code> level 1 lesson</h1>
<p>Let's start with a basic <code class="verbatim">shell.nix</code>
example:</p>
<div class="sourceCode" id="cb1"><pre
class="sourceCode nix"><code class="sourceCode nix"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a><span class="op">{</span> <span class="va">pkgs</span> <span class="op">?</span> <span class="bu">import</span> <span class="op">(</span><span class="bu">fetchTarball</span> <span class="va">https</span><span class="op">://</span><span class="ss">github.com/NixOS/nixpkgs/archive/22.11.tar.gz</span><span class="op">)</span> <span class="op">{}</span> <span class="op">}</span>:</span>
<span id="cb1-2"><a href="#cb1-2" aria-hidden="true" tabindex="-1"></a><span class="kw">with</span> <span class="va">pkgs</span><span class="op">:</span> mkShell</span>
<span id="cb1-3"><a href="#cb1-3" aria-hidden="true" tabindex="-1"></a> <span class="op">{</span> <span class="va">buildInputs</span> <span class="op">=</span> <span class="op">[</span> hello <span class="op">];</span></span>
<span id="cb1-4"><a href="#cb1-4" aria-hidden="true" tabindex="-1"></a> <span class="va">shellHook</span> <span class="op">=</span> <span class="st">&#39;&#39;</span></span>
<span id="cb1-5"><a href="#cb1-5" aria-hidden="true" tabindex="-1"></a><span class="st"> echo &quot;Using </span><span class="sc">${</span>hello.name<span class="sc">}</span><span class="st">.&quot;</span></span>
<span id="cb1-6"><a href="#cb1-6" aria-hidden="true" tabindex="-1"></a><span class="st"> &#39;&#39;</span><span class="op">;</span></span>
<span id="cb1-7"><a href="#cb1-7" aria-hidden="true" tabindex="-1"></a> <span class="op">}</span></span></code></pre></div>
<p>And this could be understood in plain English as:</p>
<blockquote>
<p>In the packages of nix version 22.11, create a new shell into which
the package <code class="verbatim">hello</code> will be installed. At
the end of the install, run a script that will print the package name.
(Cf <a href="#digression">4.1</a>)</p>
</blockquote>
<p>And indeed, if you copy/paste this nix block in a file and run
<code>nix-shell</code> here is the result:</p>
<pre><code>&gt; nix-shell
nix-shell shell.nix
these 53 paths will be fetched (84.69 MiB download, 524.77 MiB unpacked):
/nix/store/08pckaqznwh0s3822cjp5aji6y1lsm27-libcxx-11.1.0
...
/nix/store/zqcs5xahjxij0c8vfw60lnfb6d979rn2-zlib-1.2.13
copying path &#39;/nix/store/49wn01k9yikhjlxc1ym5b6civ29zz3gv-bash-5.1-p16&#39; from &#39;https://cache.nixos.org&#39;...
...
copying path &#39;/nix/store/4w2rv6s96fwsb4qyw8b9w394010gxriz-stdenv-darwin&#39; from &#39;https://cache.nixos.org&#39;...
Using hello-2.12.1.
[nix-shell:~/tmp/nixplayground]$
</code></pre>
<p>If you close the session and run it again, it will be much faster and
will only show this:</p>
<pre><code> nix-shell
Using hello-2.12.1.
[nix-shell:~/tmp/nixplayground]$
</code></pre>
<p>This is because all dependencies will be cached. OK so, this is level
1 of <em>nix-shell-fu</em>.</p>
<p>Now, let's start level 2.</p>
<h1 id="nix-shell-fu-level-2-lesson-scripting-and-configuring"><code
class="verbatim">nix-shell-fu</code> level 2 lesson; scripting and
configuring</h1>
<p>This time, we want to launch a full service, as a redis docker would
do. So here is a basic shell script which is similar to the previous one
but will request <code class="verbatim">redis</code> as a dependency
instead of <code class="verbatim">hello</code> and also as a launching
script. From there will add a little bit more features.</p>
<div class="sourceCode" id="cb4"><pre
class="sourceCode nix"><code class="sourceCode nix"><span id="cb4-1"><a href="#cb4-1" aria-hidden="true" tabindex="-1"></a><span class="op">{</span> <span class="va">pkgs</span> <span class="op">?</span> <span class="bu">import</span> <span class="op">(</span><span class="bu">fetchTarball</span> <span class="va">https</span><span class="op">://</span><span class="ss">github.com/NixOS/nixpkgs/archive/22.11.tar.gz</span><span class="op">)</span> <span class="op">{}</span> <span class="op">}</span>:</span>
<span id="cb4-2"><a href="#cb4-2" aria-hidden="true" tabindex="-1"></a> pkgs.mkShell <span class="op">{</span></span>
<span id="cb4-3"><a href="#cb4-3" aria-hidden="true" tabindex="-1"></a> <span class="co"># must contain buildInputs, nativeBuildInputs and shellHook</span></span>
<span id="cb4-4"><a href="#cb4-4" aria-hidden="true" tabindex="-1"></a> <span class="va">buildInputs</span> <span class="op">=</span> <span class="op">[</span> pkgs.redis <span class="op">];</span></span>
<span id="cb4-5"><a href="#cb4-5" aria-hidden="true" tabindex="-1"></a></span>
<span id="cb4-6"><a href="#cb4-6" aria-hidden="true" tabindex="-1"></a> <span class="co"># Post Shell Hook</span></span>
<span id="cb4-7"><a href="#cb4-7" aria-hidden="true" tabindex="-1"></a> <span class="va">shellHook</span> <span class="op">=</span> <span class="st">&#39;&#39;</span></span>
<span id="cb4-8"><a href="#cb4-8" aria-hidden="true" tabindex="-1"></a><span class="st"> echo &quot;Using </span><span class="sc">${</span>pkgs.redis.name<span class="sc">}</span><span class="st"> on port: </span><span class="sc">${</span>port<span class="sc">}</span><span class="st">&quot;</span></span>
<span id="cb4-9"><a href="#cb4-9" aria-hidden="true" tabindex="-1"></a><span class="st"> redis-server</span></span>
<span id="cb4-10"><a href="#cb4-10" aria-hidden="true" tabindex="-1"></a><span class="st"> &#39;&#39;</span><span class="op">;</span></span>
<span id="cb4-11"><a href="#cb4-11" aria-hidden="true" tabindex="-1"></a> <span class="op">}</span></span></code></pre></div>
<p>Again if you run <code>nix-shell</code> here is the result:</p>
<pre><code> nix-shell
these 2 paths will be fetched (2.08 MiB download, 6.99 MiB unpacked):
/nix/store/6w4vnaxdx12ccq172i8j5l830mlp8jlg-redis-7.0.5
/nix/store/b47gmsx9qx0c9vh75wsg8bqq9qd0ad6f-openssl-3.0.7
copying path &#39;/nix/store/b47gmsx9qx0c9vh75wsg8bqq9qd0ad6f-openssl-3.0.7&#39; from &#39;https://cache.nixos.org&#39;...
copying path &#39;/nix/store/6w4vnaxdx12ccq172i8j5l830mlp8jlg-redis-7.0.5&#39; from &#39;https://cache.nixos.org&#39;...
Using redis-7.0.5
97814:C 10 Feb 2023 20:44:36.960 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
97814:C 10 Feb 2023 20:44:36.960 # Redis version=7.0.5, bits=64, commit=00000000, modified=0, pid=97814, just started
97814:C 10 Feb 2023 20:44:36.960 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
97814:M 10 Feb 2023 20:44:36.961 * Increased maximum number of open files to 10032 (it was originally set to 256).
97814:M 10 Feb 2023 20:44:36.961 * monotonic clock: POSIX clock_gettime
_._
_.-``__ &#39;&#39;-._
_.-`` `. `_. &#39;&#39;-._ Redis 7.0.5 (00000000/0) 64 bit
.-`` .-```. ```\/ _.,_ &#39;&#39;-._
( &#39; , .-` | `, ) Running in standalone mode
|`-._`-...-` __...-.``-._|&#39;` _.-&#39;| Port: 6379
| `-._ `._ / _.-&#39; | PID: 97814
`-._ `-._ `-./ _.-&#39; _.-&#39;
|`-._`-._ `-.__.-&#39; _.-&#39;_.-&#39;|
| `-._`-._ _.-&#39;_.-&#39; | https://redis.io
`-._ `-._`-.__.-&#39;_.-&#39; _.-&#39;
|`-._`-._ `-.__.-&#39; _.-&#39;_.-&#39;|
| `-._`-._ _.-&#39;_.-&#39; |
`-._ `-._`-.__.-&#39;_.-&#39; _.-&#39;
`-._ `-.__.-&#39; _.-&#39;
`-._ _.-&#39;
`-.__.-&#39;
97814:M 10 Feb 2023 20:44:36.962 # WARNING: The TCP backlog setting of 511 cannot be enforced because kern.ipc.somaxconn is set to the lower value of 128.
97814:M 10 Feb 2023 20:44:36.962 # Server initialized
97814:M 10 Feb 2023 20:44:36.963 * Ready to accept connections
</code></pre>
<p>Woo! Redis is started and it works!</p>
<p>But if you have multiple projects you want to have more control. For
example, we will want to run redis on a specific port. Here is how you
do it:</p>
<div class="sourceCode" id="cb6"><pre
class="sourceCode nix"><code class="sourceCode nix"><span id="cb6-1"><a href="#cb6-1" aria-hidden="true" tabindex="-1"></a><span class="op">{</span> <span class="va">pkgs</span> <span class="op">?</span> <span class="bu">import</span> <span class="op">(</span><span class="bu">fetchTarball</span> <span class="va">https</span><span class="op">://</span><span class="ss">github.com/NixOS/nixpkgs/archive/21.05.tar.gz</span><span class="op">)</span> <span class="op">{}</span> <span class="op">}</span>:</span>
<span id="cb6-2"><a href="#cb6-2" aria-hidden="true" tabindex="-1"></a> <span class="kw">let</span> <span class="va">iport</span> <span class="op">=</span> <span class="dv">16380</span><span class="op">;</span></span>
<span id="cb6-3"><a href="#cb6-3" aria-hidden="true" tabindex="-1"></a> <span class="va">port</span> <span class="op">=</span> <span class="bu">toString</span> iport<span class="op">;</span></span>
<span id="cb6-4"><a href="#cb6-4" aria-hidden="true" tabindex="-1"></a> <span class="kw">in</span> pkgs.mkShell <span class="op">{</span></span>
<span id="cb6-5"><a href="#cb6-5" aria-hidden="true" tabindex="-1"></a> <span class="co"># must contain buildInputs, nativeBuildInputs and shellHook</span></span>
<span id="cb6-6"><a href="#cb6-6" aria-hidden="true" tabindex="-1"></a> <span class="va">buildInputs</span> <span class="op">=</span> <span class="op">[</span> pkgs.redis <span class="op">];</span></span>
<span id="cb6-7"><a href="#cb6-7" aria-hidden="true" tabindex="-1"></a></span>
<span id="cb6-8"><a href="#cb6-8" aria-hidden="true" tabindex="-1"></a> <span class="co"># Post Shell Hook</span></span>
<span id="cb6-9"><a href="#cb6-9" aria-hidden="true" tabindex="-1"></a> <span class="va">shellHook</span> <span class="op">=</span> <span class="st">&#39;&#39;</span></span>
<span id="cb6-10"><a href="#cb6-10" aria-hidden="true" tabindex="-1"></a><span class="st"> echo &quot;Using </span><span class="sc">${</span>pkgs.redis.name<span class="sc">}</span><span class="st"> on port </span><span class="sc">${</span>port<span class="sc">}</span><span class="st">&quot;</span></span>
<span id="cb6-11"><a href="#cb6-11" aria-hidden="true" tabindex="-1"></a><span class="st"> redis-server --port </span><span class="sc">${</span>port<span class="sc">}</span></span>
<span id="cb6-12"><a href="#cb6-12" aria-hidden="true" tabindex="-1"></a><span class="st"> &#39;&#39;</span><span class="op">;</span></span>
<span id="cb6-13"><a href="#cb6-13" aria-hidden="true" tabindex="-1"></a> <span class="op">}</span></span></code></pre></div>
<p>And here is the result:</p>
<pre><code>&gt; rm dump.rdb
&gt; nix-shell
Using redis-6.2.3 on port 16380
1785:C 10 Feb 2023 20:50:00.880 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
1785:C 10 Feb 2023 20:50:00.880 # Redis version=6.2.3, bits=64, commit=00000000, modified=0, pid=1785, just started
1785:C 10 Feb 2023 20:50:00.880 # Configuration loaded
1785:M 10 Feb 2023 20:50:00.880 * Increased maximum number of open files to 10032 (it was originally set to 256).
1785:M 10 Feb 2023 20:50:00.880 * monotonic clock: POSIX clock_gettime
_._
_.-``__ &#39;&#39;-._
_.-`` `. `_. &#39;&#39;-._ Redis 6.2.3 (00000000/0) 64 bit
.-`` .-```. ```\/ _.,_ &#39;&#39;-._
( &#39; , .-` | `, ) Running in standalone mode
|`-._`-...-` __...-.``-._|&#39;` _.-&#39;| Port: 16380
| `-._ `._ / _.-&#39; | PID: 1785
`-._ `-._ `-./ _.-&#39; _.-&#39;
|`-._`-._ `-.__.-&#39; _.-&#39;_.-&#39;|
| `-._`-._ _.-&#39;_.-&#39; | https://redis.io
`-._ `-._`-.__.-&#39;_.-&#39; _.-&#39;
|`-._`-._ `-.__.-&#39; _.-&#39;_.-&#39;|
| `-._`-._ _.-&#39;_.-&#39; |
`-._ `-._`-.__.-&#39;_.-&#39; _.-&#39;
`-._ `-.__.-&#39; _.-&#39;
`-._ _.-&#39;
`-.__.-&#39;
1785:M 10 Feb 2023 20:50:00.881 # Server initialized
1785:M 10 Feb 2023 20:50:00.881 * Ready to accept connections
</code></pre>
<p>Woo! Now we can control the port from the file. That's nice. But,
hmmm, has you might have noticed, when you quit the session it dumps the
DB as the file <code class="verbatim">dump.rdb</code>. What we would
like is to keep the state in a local file that would be easy to delete.
So here is how I did it, mainly, I just create a redis config file
locally, and run redis using this local config file. Also I do my best
to put all files created for running this local redis instance into a
local file into my project. The code is more complex this time, but I
just added a way to create a config file and declare a directory that
will contain all the state of the DB and of the nix configuration.</p>
<div class="sourceCode" id="cb8"><pre
class="sourceCode nix"><code class="sourceCode nix"><span id="cb8-1"><a href="#cb8-1" aria-hidden="true" tabindex="-1"></a><span class="op">{</span> <span class="va">pkgs</span> <span class="op">?</span> <span class="bu">import</span> <span class="op">(</span><span class="bu">fetchTarball</span> <span class="va">https</span><span class="op">://</span><span class="ss">github.com/NixOS/nixpkgs/archive/21.05.tar.gz</span><span class="op">)</span> <span class="op">{}</span> <span class="op">}</span>:</span>
<span id="cb8-2"><a href="#cb8-2" aria-hidden="true" tabindex="-1"></a><span class="kw">let</span> <span class="va">iport</span> <span class="op">=</span> <span class="dv">16380</span><span class="op">;</span></span>
<span id="cb8-3"><a href="#cb8-3" aria-hidden="true" tabindex="-1"></a> <span class="va">port</span> <span class="op">=</span> <span class="bu">toString</span> iport<span class="op">;</span></span>
<span id="cb8-4"><a href="#cb8-4" aria-hidden="true" tabindex="-1"></a><span class="kw">in</span> pkgs.mkShell <span class="op">(</span><span class="kw">rec</span> <span class="op">{</span></span>
<span id="cb8-5"><a href="#cb8-5" aria-hidden="true" tabindex="-1"></a> <span class="co"># ENV Variables the directory to put all the DATA</span></span>
<span id="cb8-6"><a href="#cb8-6" aria-hidden="true" tabindex="-1"></a> <span class="va">REDIS_DATA</span> <span class="op">=</span> <span class="st">&quot;</span><span class="sc">${</span><span class="bu">toString</span> <span class="ss">./.</span><span class="sc">}</span><span class="st">/.redis&quot;</span><span class="op">;</span></span>
<span id="cb8-7"><a href="#cb8-7" aria-hidden="true" tabindex="-1"></a> <span class="co"># the config file, as we use REDIS_DATA variable we just declared in the</span></span>
<span id="cb8-8"><a href="#cb8-8" aria-hidden="true" tabindex="-1"></a> <span class="co"># same nix set, we need to use rec</span></span>
<span id="cb8-9"><a href="#cb8-9" aria-hidden="true" tabindex="-1"></a> <span class="va">redisConf</span> <span class="op">=</span> pkgs.writeText <span class="st">&quot;redis.conf&quot;</span></span>
<span id="cb8-10"><a href="#cb8-10" aria-hidden="true" tabindex="-1"></a> <span class="st">&#39;&#39;</span></span>
<span id="cb8-11"><a href="#cb8-11" aria-hidden="true" tabindex="-1"></a><span class="st"> port </span><span class="sc">${</span>port<span class="sc">}</span></span>
<span id="cb8-12"><a href="#cb8-12" aria-hidden="true" tabindex="-1"></a><span class="st"> dbfilename redis.db</span></span>
<span id="cb8-13"><a href="#cb8-13" aria-hidden="true" tabindex="-1"></a><span class="st"> dir </span><span class="sc">${</span>REDIS_DATA<span class="sc">}</span></span>
<span id="cb8-14"><a href="#cb8-14" aria-hidden="true" tabindex="-1"></a><span class="st"> &#39;&#39;</span><span class="op">;</span></span>
<span id="cb8-15"><a href="#cb8-15" aria-hidden="true" tabindex="-1"></a></span>
<span id="cb8-16"><a href="#cb8-16" aria-hidden="true" tabindex="-1"></a> <span class="va">buildInputs</span> <span class="op">=</span> <span class="op">[</span> pkgs.redis <span class="op">];</span></span>
<span id="cb8-17"><a href="#cb8-17" aria-hidden="true" tabindex="-1"></a></span>
<span id="cb8-18"><a href="#cb8-18" aria-hidden="true" tabindex="-1"></a> <span class="co"># Post Shell Hook</span></span>
<span id="cb8-19"><a href="#cb8-19" aria-hidden="true" tabindex="-1"></a> <span class="va">shellHook</span> <span class="op">=</span> <span class="st">&#39;&#39;</span></span>
<span id="cb8-20"><a href="#cb8-20" aria-hidden="true" tabindex="-1"></a><span class="st"> echo &quot;Using </span><span class="sc">${</span>pkgs.redis.name<span class="sc">}</span><span class="st"> on port: </span><span class="sc">${</span>port<span class="sc">}</span><span class="st">&quot;</span></span>
<span id="cb8-21"><a href="#cb8-21" aria-hidden="true" tabindex="-1"></a></span>
<span id="cb8-22"><a href="#cb8-22" aria-hidden="true" tabindex="-1"></a><span class="st"> [ ! -d $REDIS_DATA ] \</span></span>
<span id="cb8-23"><a href="#cb8-23" aria-hidden="true" tabindex="-1"></a><span class="st"> &amp;&amp; mkdir -p $REDIS_DATA</span></span>
<span id="cb8-24"><a href="#cb8-24" aria-hidden="true" tabindex="-1"></a><span class="st"> cat &quot;$redisConf&quot; &gt; $REDIS_DATA/redis.conf</span></span>
<span id="cb8-25"><a href="#cb8-25" aria-hidden="true" tabindex="-1"></a><span class="st"> alias redisstop=&quot;echo &#39;Stopping Redis&#39;; redis-cli -p </span><span class="sc">${</span>port<span class="sc">}</span><span class="st"> shutdown; rm -rf $REDIS_DATA&quot;</span></span>
<span id="cb8-26"><a href="#cb8-26" aria-hidden="true" tabindex="-1"></a><span class="st"> nohup redis-server $REDIS_DATA/redis.conf &gt; /dev/null 2&gt;&amp;1 &amp;</span></span>
<span id="cb8-27"><a href="#cb8-27" aria-hidden="true" tabindex="-1"></a><span class="st"> echo &quot;When finished just run redisstop &amp;&amp; exit&quot;</span></span>
<span id="cb8-28"><a href="#cb8-28" aria-hidden="true" tabindex="-1"></a><span class="st"> &#39;&#39;</span><span class="op">;</span></span>
<span id="cb8-29"><a href="#cb8-29" aria-hidden="true" tabindex="-1"></a><span class="op">})</span></span></code></pre></div>
<p>And here is a full session using this <code
class="verbatim">shell.nix</code>:</p>
<pre><code> nix-shell
Using redis-6.2.3 on port: 16380
When finished just run redisstop &amp;&amp; exit
[nix-shell:~/tmp/nixplayground]$ redis-cli -p 16380
127.0.0.1:16380&gt; help
redis-cli 6.2.3
To get help about Redis commands type:
&quot;help @&lt;group&gt;&quot; to get a list of commands in &lt;group&gt;
&quot;help &lt;command&gt;&quot; for help on &lt;command&gt;
&quot;help &lt;tab&gt;&quot; to get a list of possible help topics
&quot;quit&quot; to exit
To set redis-cli preferences:
&quot;:set hints&quot; enable online hints
&quot;:set nohints&quot; disable online hints
Set your preferences in ~/.redisclirc
127.0.0.1:16380&gt;
[nix-shell:~/tmp/nixplayground]$ ls -a
. .. .redis shell.nix
[nix-shell:~/tmp/nixplayground]$ find .redis
.redis
.redis/redis.conf
[nix-shell:~/tmp/nixplayground]$ redis-cli -p 16380 shutdown
[1]+ Done nohup redis-server $REDIS_DATA/redis.conf &gt; /dev/null 2&gt;&amp;1
[nix-shell:~/tmp/nixplayground]$ find .redis
.redis
.redis/redis.db
.redis/redis.conf
[nix-shell:~/tmp/nixplayground]$ redisstop
Stopping Redis
Could not connect to Redis at 127.0.0.1:16380: Connection refused
[nix-shell:~/tmp/nixplayground]$ ls -a
. .. shell.nix
[nix-shell:~/tmp/nixplayground]$
</code></pre>
<p>So with this version all data related to redis is saved into the
local <code class="verbatim">.redis</code> directory. And in the nix
shell we provide a command <code class="verbatim">redisstop</code> that
once invoked, shutdown redis, then purge all redis related data (as you
would like in a development environment). Also, as compared to previous
version, redis is launched in background so you could run commands in
your nix shell.</p>
<h1 id="nix-shell-fu-level-3-lesson-composability"><code
class="verbatim">nix-shell-fu</code> level 3 lesson; composability</h1>
<p>So in order for this part to be easier to follow, we'll go back to
our first example with the shell.nix that just ran hello.</p>
<h1 id="appendice">Appendice</h1>
<h2 id="digression"><span id="digression"></span>Digression</h2>
<p>In fact, this is a bit more complex than "just that". The reality is
a bit more complex. The nix language is "pure", meaning, if you run the
nix evaluation multiple times, it will always evaluate to the exact same
value. But here, this block represent a function. The function takes as
input a "nix set" (which you can see as an associative array, or a
hash-map or also a javascript object depending on your preference), and
this set is expected to contain a field named <code
class="verbatim">pkgs</code>. If <code class="verbatim">pkgs</code> is
not provided, it will us the set from the stable version 22.11 of
nixpkgs by downloading them from github archive. The second part of the
function generate "something" that is returned by an internal function
of the standard library provided by <code class="verbatim">nix</code>
which is named <code class="verbatim">mkShell</code>. So mainly, <code
class="verbatim">mkShell</code> is a helper function that will generate
what nix calls a <em><a
href="https://blog.ielliott.io/nix-docs/derivation.html">derivation</a></em>.
Mainly, we don't really care about exactly what is a
<em>derivation</em>. This is an internal to nix representation that
could be finally used by different nix tools for different things.
Typically, installing a package, running a local development environment
with nix-shell or nix develop, etc…</p>
<p>So the important detail to remember is that we can manipulate the
parameter we pass to the functions <code
class="verbatim">derivation</code>, <code
class="verbatim">mkDerivation</code> and <code
class="verbatim">mkShell</code>, but we have no mechanism to manipulate
directly <code class="verbatim">derivation</code>. So in order to make
that composable, you need to call the <code
class="verbatim">derivation</code> internal function at the very end
only.</p>
<p>The argument of all these functions are <em>nix sets</em></p>
</body>
</html>

399
notes/create_long_running_dashboard.html
View file

@ -1,399 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2023-12-15 Fri 15:38 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Create Long Running Dashboard</title>
<meta name="author" content="Yann Esposito" />
<meta name="generator" content="Org Mode" />
<style>
#content { max-width: 60em; margin: auto; }
.title { text-align: center;
margin-bottom: .2em; }
.subtitle { text-align: center;
font-size: medium;
font-weight: bold;
margin-top:0; }
.todo { font-family: monospace; color: red; }
.done { font-family: monospace; color: green; }
.priority { font-family: monospace; color: orange; }
.tag { background-color: #eee; font-family: monospace;
padding: 2px; font-size: 80%; font-weight: normal; }
.timestamp { color: #bebebe; }
.timestamp-kwd { color: #5f9ea0; }
.org-right { margin-left: auto; margin-right: 0px; text-align: right; }
.org-left { margin-left: 0px; margin-right: auto; text-align: left; }
.org-center { margin-left: auto; margin-right: auto; text-align: center; }
.underline { text-decoration: underline; }
#postamble p, #preamble p { font-size: 90%; margin: .2em; }
p.verse { margin-left: 3%; }
pre {
border: 1px solid #e6e6e6;
border-radius: 3px;
background-color: #f2f2f2;
padding: 8pt;
font-family: monospace;
overflow: auto;
margin: 1.2em;
}
pre.src {
position: relative;
overflow: auto;
}
pre.src:before {
display: none;
position: absolute;
top: -8px;
right: 12px;
padding: 3px;
color: #555;
background-color: #f2f2f299;
}
pre.src:hover:before { display: inline; margin-top: 14px;}
/* Languages per Org manual */
pre.src-asymptote:before { content: 'Asymptote'; }
pre.src-awk:before { content: 'Awk'; }
pre.src-authinfo::before { content: 'Authinfo'; }
pre.src-C:before { content: 'C'; }
/* pre.src-C++ doesn't work in CSS */
pre.src-clojure:before { content: 'Clojure'; }
pre.src-css:before { content: 'CSS'; }
pre.src-D:before { content: 'D'; }
pre.src-ditaa:before { content: 'ditaa'; }
pre.src-dot:before { content: 'Graphviz'; }
pre.src-calc:before { content: 'Emacs Calc'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-hledger:before { content: 'hledger'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
pre.src-ledger:before { content: 'Ledger'; }
pre.src-lisp:before { content: 'Lisp'; }
pre.src-lilypond:before { content: 'Lilypond'; }
pre.src-lua:before { content: 'Lua'; }
pre.src-matlab:before { content: 'MATLAB'; }
pre.src-mscgen:before { content: 'Mscgen'; }
pre.src-ocaml:before { content: 'Objective Caml'; }
pre.src-octave:before { content: 'Octave'; }
pre.src-org:before { content: 'Org mode'; }
pre.src-oz:before { content: 'OZ'; }
pre.src-plantuml:before { content: 'Plantuml'; }
pre.src-processing:before { content: 'Processing.js'; }
pre.src-python:before { content: 'Python'; }
pre.src-R:before { content: 'R'; }
pre.src-ruby:before { content: 'Ruby'; }
pre.src-sass:before { content: 'Sass'; }
pre.src-scheme:before { content: 'Scheme'; }
pre.src-screen:before { content: 'Gnu Screen'; }
pre.src-sed:before { content: 'Sed'; }
pre.src-sh:before { content: 'shell'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-sqlite:before { content: 'SQLite'; }
/* additional languages in org.el's org-babel-load-languages alist */
pre.src-forth:before { content: 'Forth'; }
pre.src-io:before { content: 'IO'; }
pre.src-J:before { content: 'J'; }
pre.src-makefile:before { content: 'Makefile'; }
pre.src-maxima:before { content: 'Maxima'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-picolisp:before { content: 'Pico Lisp'; }
pre.src-scala:before { content: 'Scala'; }
pre.src-shell:before { content: 'Shell Script'; }
pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
/* additional language identifiers per "defun org-babel-execute"
in ob-*.el */
pre.src-cpp:before { content: 'C++'; }
pre.src-abc:before { content: 'ABC'; }
pre.src-coq:before { content: 'Coq'; }
pre.src-groovy:before { content: 'Groovy'; }
/* additional language identifiers from org-babel-shell-names in
ob-shell.el: ob-shell is the only babel language using a lambda to put
the execution function name together. */
pre.src-bash:before { content: 'bash'; }
pre.src-csh:before { content: 'csh'; }
pre.src-ash:before { content: 'ash'; }
pre.src-dash:before { content: 'dash'; }
pre.src-ksh:before { content: 'ksh'; }
pre.src-mksh:before { content: 'mksh'; }
pre.src-posh:before { content: 'posh'; }
/* Additional Emacs modes also supported by the LaTeX listings package */
pre.src-ada:before { content: 'Ada'; }
pre.src-asm:before { content: 'Assembler'; }
pre.src-caml:before { content: 'Caml'; }
pre.src-delphi:before { content: 'Delphi'; }
pre.src-html:before { content: 'HTML'; }
pre.src-idl:before { content: 'IDL'; }
pre.src-mercury:before { content: 'Mercury'; }
pre.src-metapost:before { content: 'MetaPost'; }
pre.src-modula-2:before { content: 'Modula-2'; }
pre.src-pascal:before { content: 'Pascal'; }
pre.src-ps:before { content: 'PostScript'; }
pre.src-prolog:before { content: 'Prolog'; }
pre.src-simula:before { content: 'Simula'; }
pre.src-tcl:before { content: 'tcl'; }
pre.src-tex:before { content: 'TeX'; }
pre.src-plain-tex:before { content: 'Plain TeX'; }
pre.src-verilog:before { content: 'Verilog'; }
pre.src-vhdl:before { content: 'VHDL'; }
pre.src-xml:before { content: 'XML'; }
pre.src-nxml:before { content: 'XML'; }
/* add a generic configuration mode; LaTeX export needs an additional
(add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
pre.src-conf:before { content: 'Configuration File'; }
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
caption.t-bottom { caption-side: bottom; }
td, th { vertical-align:top; }
th.org-right { text-align: center; }
th.org-left { text-align: center; }
th.org-center { text-align: center; }
td.org-right { text-align: right; }
td.org-left { text-align: left; }
td.org-center { text-align: center; }
dt { font-weight: bold; }
.footpara { display: inline; }
.footdef { margin-bottom: 1em; }
.figure { padding: 1em; }
.figure p { text-align: center; }
.equation-container {
display: table;
text-align: center;
width: 100%;
}
.equation {
vertical-align: middle;
}
.equation-label {
display: table-cell;
text-align: right;
vertical-align: middle;
}
.inlinetask {
padding: 10px;
border: 2px solid gray;
margin: 10px;
background: #ffffcc;
}
#org-div-home-and-up
{ text-align: right; font-size: 70%; white-space: nowrap; }
textarea { overflow-x: auto; }
.linenr { font-size: smaller }
.code-highlighted { background-color: #ffff00; }
.org-info-js_info-navigation { border-style: none; }
#org-info-js_console-label
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
.org-svg { }
</style>
</head>
<body>
<div id="content" class="content">
<h1 class="title">Create Long Running Dashboard</h1>
<div id="table-of-contents" role="doc-toc">
<h2>Table of Contents</h2>
<div id="text-table-of-contents" role="doc-toc">
<ul>
<li><a href="#orgb4b5d9e">1. Summary</a></li>
<li><a href="#orga23c1ac">2. Working Example on INT</a></li>
</ul>
</div>
</div>
<div id="outline-container-orgb4b5d9e" class="outline-2">
<h2 id="orgb4b5d9e"><span class="section-number-2">1.</span> Summary</h2>
<div class="outline-text-2" id="text-1">
<ol class="org-ol">
<li>Once the user is logged, use his session token to make the first call to <code>/oauth2/custom/tokens</code>.</li>
<li>You should get an access and refresh token. That refresh token expiration
date will be far away (a lot later than in 24h)</li>
<li>Use this new access token to display the dashboard.</li>
<li>When the access token expires, request a new one by using the refresh token
and calling <code>/oauth/token</code>.</li>
</ol>
</div>
</div>
<div id="outline-container-orga23c1ac" class="outline-2">
<h2 id="orga23c1ac"><span class="section-number-2">2.</span> Working Example on INT</h2>
<div class="outline-text-2" id="text-2">
<div class="org-src-container">
<pre class="src src-elisp" id="org674c6e5"><span style="color: #50a14f;">"https://visibility.int.iroh.site"</span>
</pre>
</div>
<div class="org-src-container">
<pre class="src src-elisp" id="org7848209"><span style="color: #50a14f;">"cisco-internal-71c1b24be4210aac731cef41664f15e3"</span>
</pre>
</div>
<div class="org-src-container">
<pre class="src src-elisp" id="orgd68d7b1"><span style="color: #50a14f;">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWRwL2lkIjoic3hzbyIsImVtYWlsIjoieWFlc3Bvc2lAY2lzY28uY29tIiwiYXVkIjpbImlyb2gtdWkiLCJsb2dpbiJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwic3ViIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9yZWZyZXNoLXRva2VuLWp0aSI6InJlZnJlc2gtMjVlYjI1YTYtYzZjYS00ODdkLWI4M2YtMjA2ZWRjNjRjZTgwIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiaXJvaC1hZG1pbiIsImV2ZW50OnJlYWQiLCJpbnNpZ2h0cyIsInZhdWx0L2NvbmZpZ3M6cmVhZCIsImludGVncmF0aW9uIiwicHJpdmF0ZS1pbnRlbCIsImFkbWluIiwicHJvZmlsZSIsImluc3BlY3QiLCJhc3NldCIsImZlZWRiYWNrIiwiaXJvaC1tYXN0ZXIiLCJzc2UiLCJyZWdpc3RyeSIsInVzZXJzIiwiaW52ZXN0aWdhdGlvbiIsImNpc2NvIiwiaW52aXRlIiwicGxheWJvb2siLCJjYXNlYm9vayIsInZhdWx0L2NvbmZpZy9tZXRhZGF0YTpyZWFkIiwib3JiaXRhbCIsImVucmljaCIsIm9hdXRoIiwiY29sbGVjdCIsInJlc3BvbnNlIiwidWktc2V0dGluZ3MiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJvcGVuaWQiLCJub3RpZmljYXRpb24iLCJnbG9iYWwtaW50ZWw6cmVhZCIsIndlYmhvb2siLCJ2YXVsdC9jb25maWcvcG9zdHVyZTpyZWFkIiwiYW8iXSwiZXhwIjoxNzAyNzM1MjM0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9uYW1lIjoiVGhyZWF0IFJlc3BvbnNlIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC91c2VyL2lkIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvaWQiOiIwNDdhODliZi01ZDJlLTQzOTItYjc3MC1hZDQ4MjFhODJhY2YiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2dyYW50IjoibG9naW4iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29yZy9uYW1lIjoiWWFubiBBRE1JTiBPUkciLCJqdGkiOiJ0b2tlbi0xMGVjYjk4NC1jMjk5LTRkNzItYjVlMC01ODA0Mjg4Njc4YmUiLCJuYmYiOjE3MDI2NDg3NzQsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9uYW1lIjoiWWFubiAtIE1hc3RlciIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvY2xpZW50L2lkIjoiaXJvaC11aSIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdmVyc2lvbiI6InYyLjEwLWM2ZDljZmM4NTU3OTg2NTA1YjkxIiwiaWF0IjoxNzAyNjQ4ODM0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJzZXNzaW9uLXRva2VuIn0.aUM6fPSkcEh7wlD5se328l6GGeaqLFuNZTR5XjP5dA79RXSwXxDuPHQbr5VveLUQRd7cl-5yAMlcEumjv5AuozafcBzLRdc2OBPtXBFzSxOinZKmbk4mNZ2FVHLdSRqEBzGfWpcw5ZoG2DbYy0Ygqh9s5kMvF789zrNz0DYituUMM7Wf37AQAJ1oFWfDHBGAND22FkhsHd7QrnJDQhtPkCTTWiMjHSfAXnrUuJ6kNZCPdAwa4HlTTmmlTBqI4TA6GGbwUDmBGeSEed9N01MLrOgbtJK3M8mdchxGb9lA2ZnkI8QfdXPEa_ppJ5CUUnYw1sOqFq-PeLoDEDDtkDPHg6115SPdfckbLYsOsxnBRcm2FwxP2hHunPXDEkJrT0osjU6t8MMi3FoDV-9ISdDdD6Ldhe9NM7WPNFofVp9XwYMyuqcejHX6V5AW8eb5GK6Xk_nwzLBTUxThvFi1FJSlDj5bdj7jnjMWv7wHtvUU1bMwSMOPkA0xSlM0pmD0CdfrSk3Os-RYHpcYLqrdXVvjau40beSCCoFlgjdebidux8RC6Ln4l6cauNepnyKxyLWqr-UfdAhiFe3U-F0gGPVwhUvqTfbpeujCd3go0037akaSOtUIXid08HPSCRHhEXANeR8GO1zT86XCz3h74uLyfqRSWEkR_tbvMAik942bQWY"</span>
</pre>
</div>
<div class="org-src-container">
<pre class="src src-http" id="org4e6b316"><span style="color: #b751b6;">POST</span> <span style="color: #a626a4;">${envorigin}/iroh/oauth2/custom/tokens</span>
<span style="color: #6a1868;">Accept</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">application/json</span>
<span style="color: #6a1868;">Content-Type</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">application/json</span>
<span style="color: #6a1868;">User-Agent</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">ob-http</span>
<span style="color: #6a1868;">Authorization</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">Bearer ${userjwt}</span>
<span style="color: #9ca0a4;">{</span><span style="color: #50a14f;">"client_id"</span><span style="color: #9ca0a4;">:</span><span style="color: #50a14f;">"${clientid}"</span><span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"client_secret"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"dashboard"</span><span style="color: #9ca0a4;">}</span>
</pre>
</div>
<div class="org-src-container">
<pre class="src src-http"><span style="color: #9ca0a4;">{</span>
<span style="color: #50a14f;">"access_token"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWRwL2lkIjoic3hzbyIsImVtYWlsIjoieWFlc3Bvc2lAY2lzY28uY29tIiwiYXVkIjpbImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIl0sImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9yb2xlIjoiYWRtaW4iLCJzdWIiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJpc3MiOiJJUk9IIEF1dGgiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL3JlZnJlc2gtdG9rZW4tanRpIjoicmVmcmVzaC1kYTAwZjQ4ZC1iZWRiLTQ1MWEtYjg2Yi05YjM1N2JmMzc0OWEiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3Njb3BlcyI6WyJldmVudDpyZWFkIiwicHJpdmF0ZS1pbnRlbDpyZWFkIiwiZmVlZGJhY2s6cmVhZCIsIm9yYml0YWw6cmVhZCIsInZhdWx0L2NvbmZpZ3M6cmVhZCIsImNvbGxlY3Q6cmVhZCIsInVzZXJzOnJlYWQiLCJlbnJpY2g6cmVhZCIsImluc2lnaHRzOnJlYWQiLCJpbnZlc3RpZ2F0aW9uOnJlYWQiLCJpbnRlZ3JhdGlvbjpyZWFkIiwicmVnaXN0cnkiLCJhbzpyZWFkIiwidWktc2V0dGluZ3M6cmVhZCIsInZhdWx0L2NvbmZpZy9tZXRhZGF0YTpyZWFkIiwic3NlOnJlYWQiLCJhZG1pbjpyZWFkIiwiaW5zcGVjdDpyZWFkIiwiY2FzZWJvb2s6cmVhZCIsInRlbGVtZXRyeTp3cml0ZSIsImdsb2JhbC1pbnRlbDpyZWFkIiwicHJvZmlsZTpyZWFkIiwid2ViaG9vazpyZWFkIiwidmF1bHQvY29uZmlnL3Bvc3R1cmU6cmVhZCIsIm5vdGlmaWNhdGlvbjpyZWFkIiwiYXNzZXQ6cmVhZCIsInJlc3BvbnNlOnJlYWQiLCJwbGF5Ym9vazpyZWFkIl0sImV4cCI6MTcwMjY1MzM3NCwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvbmFtZSI6IjEgTW9udGggRGFzaGJvYXJkIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC91c2VyL2lkIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvaWQiOiIwNDdhODliZi01ZDJlLTQzOTItYjc3MC1hZDQ4MjFhODJhY2YiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2dyYW50IjoiYXV0aC1jb2RlIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvb3duZXIvaWQiOiJjaXNjby1pbnRlcm5hbC11aS1kYXNoYm9hcmRzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvbmFtZSI6Illhbm4gQURNSU4gT1JHIiwianRpIjoidG9rZW4tMzI3Njk3ZjUtMWRkYi00MjhiLTg3ODQtMjAzNGQ0ODJlNGYwIiwibmJmIjoxNzAyNjQ5NzE0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy92ZXJzaW9uIjoidjIuMTAtYzZkOWNmYzg1NTc5ODY1MDViOTEiLCJpYXQiOjE3MDI2NDk3NzQsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgva2luZCI6ImFjY2Vzcy10b2tlbiJ9.qw0hHP73wExZLvzlzv60Y7eAOCsO4TGASvCkEtmXogQ1LgReyh8YSqPQVZX5wP0OBfhjQ4-smEu54EcMC9Lf_wC9-vRrtRjq-NwoEL6wNsoruvWEtPoeHYWjrpGdV14Z_AOrlLwPANiN8boOFq452rBNgWj2RdfyDfR2uhT_fvJmrOyVJ8QL4ZLOMZZx2N3-Bh2ZLWJSCIa8Rxmvld5uI_ZDwAQ2XNC5Bs5BCZLAaROPZ-xq8Hslc4ZMgINYruSSQ6l7DVIklCZmyyRoLfKROej-tBYRrbRosfckd7o72LQLV1h7Jf-jDNVtujb5vjfxB9yWClt-gmgCPO7mb3xSbh_bzrsY-CWMg5C_XfLjmiE2Jm9asuZWX6nZkBmLSIXz5tIT0NyyZeW4PByjOxO9OPcYYHI2PjxYy36kxQqnViYSbaK6zAZGPkqOLcmJmK5G00MSZL23jw52au_rpH1vkKJHYcb61CH3Uzat6yplxpYQm6pW-8eKMnXUa21LHCkoOzdPx_SQ9_Z4bMsyAy7h7A1cjCBiiUU1X34te544zUH88s5Nr-j_vR8A1CqI3iTGVaqMg1mMui9H2gIycfLFNzCMgjE6RI9f7EvWxAvIbDZiHj7I4_NKhsjP96YIoXISQmxOXaPCgbL5EbItgcADf-dGQOYk2MeadfNq8mlj-Gs"</span><span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"scope"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"admin:read ao:read asset:read casebook:read collect:read enrich:read event:read feedback:read global-intel:read insights:read inspect:read integration:read investigation:read notification:read orbital:read playbook:read private-intel:read profile:read registry response:read sse:read telemetry:write ui-settings:read users:read vault/config/metadata:read vault/config/posture:read vault/configs:read webhook:read"</span><span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"token_type"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"bearer"</span><span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"expires_in"</span><span style="color: #9ca0a4;">:</span> 3600<span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"refresh_token"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJlbWFpbCI6InlhZXNwb3NpQGNpc2NvLmNvbSIsImF1ZCI6WyJjaXNjby1pbnRlcm5hbC03MWMxYjI0YmU0MjEwYWFjNzMxY2VmNDE2NjRmMTVlMyJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiZXZlbnQ6cmVhZCIsInByaXZhdGUtaW50ZWw6cmVhZCIsImZlZWRiYWNrOnJlYWQiLCJvcmJpdGFsOnJlYWQiLCJ2YXVsdC9jb25maWdzOnJlYWQiLCJjb2xsZWN0OnJlYWQiLCJ1c2VyczpyZWFkIiwiZW5yaWNoOnJlYWQiLCJpbnNpZ2h0czpyZWFkIiwiaW52ZXN0aWdhdGlvbjpyZWFkIiwiaW50ZWdyYXRpb246cmVhZCIsInJlZ2lzdHJ5IiwiYW86cmVhZCIsInVpLXNldHRpbmdzOnJlYWQiLCJ2YXVsdC9jb25maWcvbWV0YWRhdGE6cmVhZCIsInNzZTpyZWFkIiwiYWRtaW46cmVhZCIsImluc3BlY3Q6cmVhZCIsImNhc2Vib29rOnJlYWQiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJnbG9iYWwtaW50ZWw6cmVhZCIsInByb2ZpbGU6cmVhZCIsIndlYmhvb2s6cmVhZCIsInZhdWx0L2NvbmZpZy9wb3N0dXJlOnJlYWQiLCJub3RpZmljYXRpb246cmVhZCIsImFzc2V0OnJlYWQiLCJyZXNwb25zZTpyZWFkIiwicGxheWJvb2s6cmVhZCJdLCJleHAiOjE3MDUzMjgxNzMsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb3JnL2lkIjoiMDQ3YTg5YmYtNWQyZS00MzkyLWI3NzAtYWQ0ODIxYTgyYWNmIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9ncmFudCI6ImF1dGgtY29kZSIsImp0aSI6InJlZnJlc2gtZGEwMGY0OGQtYmVkYi00NTFhLWI4NmItOWIzNTdiZjM3NDlhIiwibmJmIjoxNzAyNjQ5NzEzLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaWF0IjoxNzAyNjQ5NzczLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJyZWZyZXNoLXRva2VuIn0.SpwTOO_Ze2dLY1EVpq86RefnHz5OKL2HQS8pjK32Ei2nELAZdSoJaMhtUriXF05Y5G-s1wtBItR0kRXDrDDSFyon6wVxaqwtTBd6vUWgKLJOzM6tLBrdQDd3-XnOuH3v2Zvsd4h7ritTlkCj5cA6aiuvBrhkyEpZE4OhJ-YRTXvMsiepZnAAiRHMaB9gRAMovMuXrCHYN_-hdVXh0uOrDF5ARTwmh9GC9fhQpgzOSL2YbTyj0u0uF9tBOsmc8JmfdR_BxwBk6A7QiygUhzT5w23VkzPZ1W842UyPWVeOprHgWjpb_eUZKAnmL5s3-uT58bv_llHg1JVNPTUtp1yXaWPUGeKe83qlUf3ySdOPD04BLcjG1J1RZ4vMzVW0MboyqairgoCRl5fnA9aUVBM-28E2qDR6zjzAG6XLz3tYFgb2ltKYHi9sOgzdRxhn_879R3W09jjNRh_n-_vEouL1QUWTLDX5ZwPyvIEbaZMvDKocjTQ1VIsQeRhKNvqsoy019Y7aixfm4XvEWrfjArbB-i3O7iLwdJEDRsYpFvif2kltTApKgdIUt6_1JS3oqzInJc7G8itd_T_IE2UQo6zf6J2OuL-Y4nuUlAhtMfS2pHgIfWXbCRJL2xDD3Zu2ukUL7WzdKA974zc0qB30ZuSaN3QxsNu2m_pDRX4KjFXftuo"</span>
<span style="color: #9ca0a4;">}</span>
</pre>
</div>
<p>
decoded refresh token
</p>
<div class="org-src-container">
<pre class="src src-nil">Token header
------------
{
"typ": "JWT",
"alg": "RS256",
"kid": "2lrcbtLUyB7hTUCBFMZoYOUy6SY8HybU70WVI6g7Zbk"
}
Token claims
------------
{
"aud": [
"cisco-internal-71c1b24be4210aac731cef41664f15e3"
],
"email": "yaesposi@cisco.com",
"exp": 1705328173,
"https://schemas.cisco.com/iroh/identity/claims/oauth/client/id": "cisco-internal-71c1b24be4210aac731cef41664f15e3",
"https://schemas.cisco.com/iroh/identity/claims/oauth/grant": "auth-code",
"https://schemas.cisco.com/iroh/identity/claims/oauth/kind": "refresh-token",
"https://schemas.cisco.com/iroh/identity/claims/oauth/user/id": "00010924-e1bc-4b03-b600-89c6cf52757c",
"https://schemas.cisco.com/iroh/identity/claims/org/id": "047a89bf-5d2e-4392-b770-ad4821a82acf",
"https://schemas.cisco.com/iroh/identity/claims/scopes": [
"event:read",
"private-intel:read",
"feedback:read",
"orbital:read",
"vault/configs:read",
"collect:read",
"users:read",
"enrich:read",
"insights:read",
"investigation:read",
"integration:read",
"registry",
"ao:read",
"ui-settings:read",
"vault/config/metadata:read",
"sse:read",
"admin:read",
"inspect:read",
"casebook:read",
"telemetry:write",
"global-intel:read",
"profile:read",
"webhook:read",
"vault/config/posture:read",
"notification:read",
"asset:read",
"response:read",
"playbook:read"
],
"https://schemas.cisco.com/iroh/identity/claims/user/email": "yaesposi@cisco.com",
"https://schemas.cisco.com/iroh/identity/claims/user/id": "00010924-e1bc-4b03-b600-89c6cf52757c",
"https://schemas.cisco.com/iroh/identity/claims/user/name": "Yann - Master",
"https://schemas.cisco.com/iroh/identity/claims/user/role": "admin",
"iat": 1702649773,
"iss": "IROH Auth",
"jti": "refresh-da00f48d-bedb-451a-b86b-9b357bf3749a",
"nbf": 1702649713
}
</pre>
</div>
<p>
Where we can see that <code>exp - iat</code> claims is
</p>
<div class="org-src-container">
<pre class="src src-elisp"><span style="color: #4078f2;">(</span><span style="color: #b751b6;">-</span> <span style="color: #da8548; font-weight: bold;">1705328173</span> <span style="color: #da8548; font-weight: bold;">1702649773</span><span style="color: #4078f2;">)</span>
</pre>
</div>
<p>
Which is
</p>
<div class="org-src-container">
<pre class="src src-elisp"><span style="color: #4078f2;">(</span><span style="color: #b751b6;">/</span> <span style="color: #da8548; font-weight: bold;">2678400</span> <span style="color: #a626a4;">(</span><span style="color: #b751b6;">*</span> <span style="color: #da8548; font-weight: bold;">60</span> <span style="color: #da8548; font-weight: bold;">60</span> <span style="color: #da8548; font-weight: bold;">24</span><span style="color: #a626a4;">)</span><span style="color: #4078f2;">)</span>
</pre>
</div>
<p>
31 days.
</p>
<p>
Note also the access token lifetime is 3600 seconds (instead of the default 300s).
After 1 hour, the access token will fail, from now on you could request another
access token with:
</p>
<div class="org-src-container">
<pre class="src src-elisp" id="orgaa6539d"><span style="color: #50a14f;">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJlbWFpbCI6InlhZXNwb3NpQGNpc2NvLmNvbSIsImF1ZCI6WyJjaXNjby1pbnRlcm5hbC03MWMxYjI0YmU0MjEwYWFjNzMxY2VmNDE2NjRmMTVlMyJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiZXZlbnQ6cmVhZCIsInByaXZhdGUtaW50ZWw6cmVhZCIsImZlZWRiYWNrOnJlYWQiLCJvcmJpdGFsOnJlYWQiLCJ2YXVsdC9jb25maWdzOnJlYWQiLCJjb2xsZWN0OnJlYWQiLCJ1c2VyczpyZWFkIiwiZW5yaWNoOnJlYWQiLCJpbnNpZ2h0czpyZWFkIiwiaW52ZXN0aWdhdGlvbjpyZWFkIiwiaW50ZWdyYXRpb246cmVhZCIsInJlZ2lzdHJ5IiwiYW86cmVhZCIsInVpLXNldHRpbmdzOnJlYWQiLCJ2YXVsdC9jb25maWcvbWV0YWRhdGE6cmVhZCIsInNzZTpyZWFkIiwiYWRtaW46cmVhZCIsImluc3BlY3Q6cmVhZCIsImNhc2Vib29rOnJlYWQiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJnbG9iYWwtaW50ZWw6cmVhZCIsInByb2ZpbGU6cmVhZCIsIndlYmhvb2s6cmVhZCIsInZhdWx0L2NvbmZpZy9wb3N0dXJlOnJlYWQiLCJub3RpZmljYXRpb246cmVhZCIsImFzc2V0OnJlYWQiLCJyZXNwb25zZTpyZWFkIiwicGxheWJvb2s6cmVhZCJdLCJleHAiOjE3MDUzMjgxNzMsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb3JnL2lkIjoiMDQ3YTg5YmYtNWQyZS00MzkyLWI3NzAtYWQ0ODIxYTgyYWNmIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9ncmFudCI6ImF1dGgtY29kZSIsImp0aSI6InJlZnJlc2gtZGEwMGY0OGQtYmVkYi00NTFhLWI4NmItOWIzNTdiZjM3NDlhIiwibmJmIjoxNzAyNjQ5NzEzLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaWF0IjoxNzAyNjQ5NzczLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJyZWZyZXNoLXRva2VuIn0.SpwTOO_Ze2dLY1EVpq86RefnHz5OKL2HQS8pjK32Ei2nELAZdSoJaMhtUriXF05Y5G-s1wtBItR0kRXDrDDSFyon6wVxaqwtTBd6vUWgKLJOzM6tLBrdQDd3-XnOuH3v2Zvsd4h7ritTlkCj5cA6aiuvBrhkyEpZE4OhJ-YRTXvMsiepZnAAiRHMaB9gRAMovMuXrCHYN_-hdVXh0uOrDF5ARTwmh9GC9fhQpgzOSL2YbTyj0u0uF9tBOsmc8JmfdR_BxwBk6A7QiygUhzT5w23VkzPZ1W842UyPWVeOprHgWjpb_eUZKAnmL5s3-uT58bv_llHg1JVNPTUtp1yXaWPUGeKe83qlUf3ySdOPD04BLcjG1J1RZ4vMzVW0MboyqairgoCRl5fnA9aUVBM-28E2qDR6zjzAG6XLz3tYFgb2ltKYHi9sOgzdRxhn_879R3W09jjNRh_n-_vEouL1QUWTLDX5ZwPyvIEbaZMvDKocjTQ1VIsQeRhKNvqsoy019Y7aixfm4XvEWrfjArbB-i3O7iLwdJEDRsYpFvif2kltTApKgdIUt6_1JS3oqzInJc7G8itd_T_IE2UQo6zf6J2OuL-Y4nuUlAhtMfS2pHgIfWXbCRJL2xDD3Zu2ukUL7WzdKA974zc0qB30ZuSaN3QxsNu2m_pDRX4KjFXftuo"</span>
</pre>
</div>
<div class="org-src-container">
<pre class="src src-http" id="orgb6309b2"><span style="color: #b751b6;">POST</span> <span style="color: #a626a4;">${envorigin}/iroh/oauth2/token</span>
<span style="color: #6a1868;">Accept</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">application/json</span>
<span style="color: #6a1868;">Content-Type</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">application/x-www-form-urlencoded</span>
<span style="color: #6a1868;">User-Agent</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">ob-http</span>
<span style="color: #6a1868;">client_id</span><span style="color: #9ca0a4;">=</span><span style="color: #50a14f;">${clientid}</span><span style="color: #9ca0a4;">&amp;</span><span style="color: #6a1868;">client_secret</span><span style="color: #9ca0a4;">=</span><span style="color: #50a14f;">dashboard</span><span style="color: #9ca0a4;">&amp;</span><span style="color: #6a1868;">grant_type</span><span style="color: #9ca0a4;">=</span><span style="color: #50a14f;">refresh_token</span><span style="color: #9ca0a4;">&amp;</span><span style="color: #6a1868;">refresh_token</span><span style="color: #9ca0a4;">=</span><span style="color: #50a14f;">${refreshtoken}</span>
</pre>
</div>
<div class="org-src-container">
<pre class="src src-http"><span style="color: #9ca0a4;">{</span>
<span style="color: #50a14f;">"access_token"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWRwL2lkIjoic3hzbyIsImVtYWlsIjoieWFlc3Bvc2lAY2lzY28uY29tIiwiYXVkIjpbImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIl0sImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9yb2xlIjoiYWRtaW4iLCJzdWIiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJpc3MiOiJJUk9IIEF1dGgiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL3JlZnJlc2gtdG9rZW4tanRpIjoicmVmcmVzaC1kYTAwZjQ4ZC1iZWRiLTQ1MWEtYjg2Yi05YjM1N2JmMzc0OWEiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3Njb3BlcyI6WyJldmVudDpyZWFkIiwicHJpdmF0ZS1pbnRlbDpyZWFkIiwiZmVlZGJhY2s6cmVhZCIsIm9yYml0YWw6cmVhZCIsInZhdWx0L2NvbmZpZ3M6cmVhZCIsImNvbGxlY3Q6cmVhZCIsInVzZXJzOnJlYWQiLCJlbnJpY2g6cmVhZCIsImluc2lnaHRzOnJlYWQiLCJpbnZlc3RpZ2F0aW9uOnJlYWQiLCJpbnRlZ3JhdGlvbjpyZWFkIiwicmVnaXN0cnkiLCJhbzpyZWFkIiwidWktc2V0dGluZ3M6cmVhZCIsInZhdWx0L2NvbmZpZy9tZXRhZGF0YTpyZWFkIiwic3NlOnJlYWQiLCJhZG1pbjpyZWFkIiwiaW5zcGVjdDpyZWFkIiwiY2FzZWJvb2s6cmVhZCIsInRlbGVtZXRyeTp3cml0ZSIsImdsb2JhbC1pbnRlbDpyZWFkIiwicHJvZmlsZTpyZWFkIiwid2ViaG9vazpyZWFkIiwidmF1bHQvY29uZmlnL3Bvc3R1cmU6cmVhZCIsIm5vdGlmaWNhdGlvbjpyZWFkIiwiYXNzZXQ6cmVhZCIsInJlc3BvbnNlOnJlYWQiLCJwbGF5Ym9vazpyZWFkIl0sImV4cCI6MTcwMjY1NDQ2NiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvbmFtZSI6IjEgTW9udGggRGFzaGJvYXJkIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC91c2VyL2lkIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvaWQiOiIwNDdhODliZi01ZDJlLTQzOTItYjc3MC1hZDQ4MjFhODJhY2YiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2dyYW50IjoiYXV0aC1jb2RlIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvb3duZXIvaWQiOiJjaXNjby1pbnRlcm5hbC11aS1kYXNoYm9hcmRzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvbmFtZSI6Illhbm4gQURNSU4gT1JHIiwianRpIjoidG9rZW4tYzYwZjYzZmMtZWRiYi00YThjLTlkMDQtODE2ZjBjN2I4NzdmIiwibmJmIjoxNzAyNjUwODA2LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy92ZXJzaW9uIjoidjIuMTAtYzZkOWNmYzg1NTc5ODY1MDViOTEiLCJpYXQiOjE3MDI2NTA4NjYsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgva2luZCI6ImFjY2Vzcy10b2tlbiJ9.cem4Kt5uwVFv11YhlpOCesPxlo-AfeOcIl8agwe7RP8bBrWI0O7L2coETjZb8a8axXwbWTpsBe2fgut7TjE8byAfRJwhW9jiAD31svw8RMRdRy07d54dVSiCoCfiaFBf79gKSgx0QjMsE1SCd1VJ7vaicp9k-q6a63BDMvp-7hsC1sIXmrsHhHX1wDkOQCrX7EWnOU8LDNhmcjIAgQqCk3TCZK_B-tM_1VNYEpZ6kYQHO1qhwTB6rHE1gh_Vxz0EUTt2H_7f1lj8Rp2ov5LFFi1VIBj7AIOwuTZeifUhJzNmZeeJNzWO3Ejd-Mh4saOGGuJxQqAQ5koxiD6IWZ25K810ojDt0AO-uSadZdbFpfjyox5v0ii-BWs303QQcHpjIzPQXnSq0jDLP6HnOauofHEs2LFimb2omkkUvhppRjpdewbFV6IV7F2lpw4XsiYBfwHLSWLa34PJqgVZ09Oiy7opVQo-tu9jho17RdJkNQYbyv5xCfwV8NKKSjXSFLv3TItmGENvnD_iWBxwFK9kRvCE1n0JoStnRqdpTWf-pkbU70TV71C7DsTlkmaJtporaBhAvF4rgJEWYrxPhEVTRt-ZpQ_hNFDkTWJxPOkSmmEWBjUiXwDWlu2kw0OXXSnndzsa3xIVYvOCNMDClj5gMFASS7DbvHvBAqe8au_bE4I"</span><span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"scope"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"admin:read ao:read asset:read casebook:read collect:read enrich:read event:read feedback:read global-intel:read insights:read inspect:read integration:read investigation:read notification:read orbital:read playbook:read private-intel:read profile:read registry response:read sse:read telemetry:write ui-settings:read users:read vault/config/metadata:read vault/config/posture:read vault/configs:read webhook:read"</span><span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"token_type"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"bearer"</span><span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"expires_in"</span><span style="color: #9ca0a4;">:</span> 3600
<span style="color: #9ca0a4;">}</span>
</pre>
</div>
<p>
Yipie! A new access token that only has read-only authorizations (exceptipon for
registry).
</p>
</div>
</div>
</div>
<div id="postamble" class="status">
<p class="date">Date: 2023-12-15 Fri 00:00</p>
<p class="author">Author: Yann Esposito</p>
<p class="date">Created: 2023-12-15 Fri 15:38</p>
</div>
</body>
</html>

257
notes/dossier_mdph_anna_2023.html
View file

@ -1,257 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2023-11-13 Mon 23:01 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>dossier MDPH Anna 2023</title>
<meta name="author" content="Yann Esposito" />
<meta name="generator" content="Org Mode" />
<style>
#content { max-width: 60em; margin: auto; }
.title { text-align: center;
margin-bottom: .2em; }
.subtitle { text-align: center;
font-size: medium;
font-weight: bold;
margin-top:0; }
.todo { font-family: monospace; color: red; }
.done { font-family: monospace; color: green; }
.priority { font-family: monospace; color: orange; }
.tag { background-color: #eee; font-family: monospace;
padding: 2px; font-size: 80%; font-weight: normal; }
.timestamp { color: #bebebe; }
.timestamp-kwd { color: #5f9ea0; }
.org-right { margin-left: auto; margin-right: 0px; text-align: right; }
.org-left { margin-left: 0px; margin-right: auto; text-align: left; }
.org-center { margin-left: auto; margin-right: auto; text-align: center; }
.underline { text-decoration: underline; }
#postamble p, #preamble p { font-size: 90%; margin: .2em; }
p.verse { margin-left: 3%; }
pre {
border: 1px solid #e6e6e6;
border-radius: 3px;
background-color: #f2f2f2;
padding: 8pt;
font-family: monospace;
overflow: auto;
margin: 1.2em;
}
pre.src {
position: relative;
overflow: auto;
}
pre.src:before {
display: none;
position: absolute;
top: -8px;
right: 12px;
padding: 3px;
color: #555;
background-color: #f2f2f299;
}
pre.src:hover:before { display: inline; margin-top: 14px;}
/* Languages per Org manual */
pre.src-asymptote:before { content: 'Asymptote'; }
pre.src-awk:before { content: 'Awk'; }
pre.src-authinfo::before { content: 'Authinfo'; }
pre.src-C:before { content: 'C'; }
/* pre.src-C++ doesn't work in CSS */
pre.src-clojure:before { content: 'Clojure'; }
pre.src-css:before { content: 'CSS'; }
pre.src-D:before { content: 'D'; }
pre.src-ditaa:before { content: 'ditaa'; }
pre.src-dot:before { content: 'Graphviz'; }
pre.src-calc:before { content: 'Emacs Calc'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-hledger:before { content: 'hledger'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
pre.src-ledger:before { content: 'Ledger'; }
pre.src-lisp:before { content: 'Lisp'; }
pre.src-lilypond:before { content: 'Lilypond'; }
pre.src-lua:before { content: 'Lua'; }
pre.src-matlab:before { content: 'MATLAB'; }
pre.src-mscgen:before { content: 'Mscgen'; }
pre.src-ocaml:before { content: 'Objective Caml'; }
pre.src-octave:before { content: 'Octave'; }
pre.src-org:before { content: 'Org mode'; }
pre.src-oz:before { content: 'OZ'; }
pre.src-plantuml:before { content: 'Plantuml'; }
pre.src-processing:before { content: 'Processing.js'; }
pre.src-python:before { content: 'Python'; }
pre.src-R:before { content: 'R'; }
pre.src-ruby:before { content: 'Ruby'; }
pre.src-sass:before { content: 'Sass'; }
pre.src-scheme:before { content: 'Scheme'; }
pre.src-screen:before { content: 'Gnu Screen'; }
pre.src-sed:before { content: 'Sed'; }
pre.src-sh:before { content: 'shell'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-sqlite:before { content: 'SQLite'; }
/* additional languages in org.el's org-babel-load-languages alist */
pre.src-forth:before { content: 'Forth'; }
pre.src-io:before { content: 'IO'; }
pre.src-J:before { content: 'J'; }
pre.src-makefile:before { content: 'Makefile'; }
pre.src-maxima:before { content: 'Maxima'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-picolisp:before { content: 'Pico Lisp'; }
pre.src-scala:before { content: 'Scala'; }
pre.src-shell:before { content: 'Shell Script'; }
pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
/* additional language identifiers per "defun org-babel-execute"
in ob-*.el */
pre.src-cpp:before { content: 'C++'; }
pre.src-abc:before { content: 'ABC'; }
pre.src-coq:before { content: 'Coq'; }
pre.src-groovy:before { content: 'Groovy'; }
/* additional language identifiers from org-babel-shell-names in
ob-shell.el: ob-shell is the only babel language using a lambda to put
the execution function name together. */
pre.src-bash:before { content: 'bash'; }
pre.src-csh:before { content: 'csh'; }
pre.src-ash:before { content: 'ash'; }
pre.src-dash:before { content: 'dash'; }
pre.src-ksh:before { content: 'ksh'; }
pre.src-mksh:before { content: 'mksh'; }
pre.src-posh:before { content: 'posh'; }
/* Additional Emacs modes also supported by the LaTeX listings package */
pre.src-ada:before { content: 'Ada'; }
pre.src-asm:before { content: 'Assembler'; }
pre.src-caml:before { content: 'Caml'; }
pre.src-delphi:before { content: 'Delphi'; }
pre.src-html:before { content: 'HTML'; }
pre.src-idl:before { content: 'IDL'; }
pre.src-mercury:before { content: 'Mercury'; }
pre.src-metapost:before { content: 'MetaPost'; }
pre.src-modula-2:before { content: 'Modula-2'; }
pre.src-pascal:before { content: 'Pascal'; }
pre.src-ps:before { content: 'PostScript'; }
pre.src-prolog:before { content: 'Prolog'; }
pre.src-simula:before { content: 'Simula'; }
pre.src-tcl:before { content: 'tcl'; }
pre.src-tex:before { content: 'TeX'; }
pre.src-plain-tex:before { content: 'Plain TeX'; }
pre.src-verilog:before { content: 'Verilog'; }
pre.src-vhdl:before { content: 'VHDL'; }
pre.src-xml:before { content: 'XML'; }
pre.src-nxml:before { content: 'XML'; }
/* add a generic configuration mode; LaTeX export needs an additional
(add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
pre.src-conf:before { content: 'Configuration File'; }
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
caption.t-bottom { caption-side: bottom; }
td, th { vertical-align:top; }
th.org-right { text-align: center; }
th.org-left { text-align: center; }
th.org-center { text-align: center; }
td.org-right { text-align: right; }
td.org-left { text-align: left; }
td.org-center { text-align: center; }
dt { font-weight: bold; }
.footpara { display: inline; }
.footdef { margin-bottom: 1em; }
.figure { padding: 1em; }
.figure p { text-align: center; }
.equation-container {
display: table;
text-align: center;
width: 100%;
}
.equation {
vertical-align: middle;
}
.equation-label {
display: table-cell;
text-align: right;
vertical-align: middle;
}
.inlinetask {
padding: 10px;
border: 2px solid gray;
margin: 10px;
background: #ffffcc;
}
#org-div-home-and-up
{ text-align: right; font-size: 70%; white-space: nowrap; }
textarea { overflow-x: auto; }
.linenr { font-size: smaller }
.code-highlighted { background-color: #ffff00; }
.org-info-js_info-navigation { border-style: none; }
#org-info-js_console-label
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
.org-svg { }
</style>
</head>
<body>
<div id="content" class="content">
<h1 class="title">dossier MDPH Anna 2023</h1>
<div id="table-of-contents" role="doc-toc">
<h2>Table of Contents</h2>
<div id="text-table-of-contents" role="doc-toc">
<ul>
<li><a href="#org6e4afd7">1. Documents</a></li>
</ul>
</div>
</div>
<div id="outline-container-org6e4afd7" class="outline-2">
<h2 id="org6e4afd7"><span class="section-number-2">1.</span> Documents</h2>
<div class="outline-text-2" id="text-1">
<p>
Madame, Monsieur,
</p>
<p>
Veuillez trouver ci-joint le dossier de demande à la MDPH de notre fille Anna Esposito&#x2013;Basso.
Celui-ci comprend les documents suivants :
</p>
<ul class="org-ul">
<li class="off"><code>[&#xa0;]</code> Dossier MDPH rempli (20 pages)</li>
<li class="off"><code>[&#xa0;]</code> Certificat médical de moins de 6 mois pour demandes MDPH (8 pages)</li>
<li class="off"><code>[&#xa0;]</code> Bilan Auditif (3 pages)</li>
<li class="off"><code>[&#xa0;]</code> Certificat médical auditif - Dr Oddon (1 page)</li>
<li class="off"><code>[&#xa0;]</code> Photocopie de la Carte d&rsquo;identité d&rsquo;Anna Esposito&#x2013;Basso (1 page)</li>
<li class="off"><code>[&#xa0;]</code> Justificatif de domicile; Photocopie de facture d&rsquo;électricité EDF (1 page) ainsi
qu&rsquo;une attestation sur l&rsquo;honneur d&rsquo;hébergement. (1 page)</li>
<li class="off"><code>[&#xa0;]</code> Justificatif aide animalière ; certificat chien d&rsquo;assistance (1 page)</li>
<li class="off"><code>[&#xa0;]</code> Contrat de travail de l&rsquo;aidant familial (9 pages) + Fiche de salaire de
l&rsquo;aidant familial prouvant un temps partiel (80%)</li>
<li class="off"><code>[&#xa0;]</code> Devis Ergothérapeute - Mme Pradura (1 page)</li>
<li class="off"><code>[&#xa0;]</code> Factures et devis Coach de vie - Mme Arboucalot (3 pages)</li>
<li class="off"><code>[&#xa0;]</code> Feuille remboursement Mutuelle Audio prothèses (reste à charge 740€, 380€
par prothèse)</li>
<li class="off"><code>[&#xa0;]</code> Projet de vie (2 pages)</li>
<li class="off"><code>[&#xa0;]</code> Bilan Neuropsychologique</li>
<li class="off"><code>[&#xa0;]</code> Comptes rendu bilan Ergothérapeute</li>
<li class="off"><code>[&#xa0;]</code> Bilan du CRA des Alpes Maritimes</li>
<li class="off"><code>[&#xa0;]</code> Facture Psychiatre - Dr Guidi (1 page)</li>
</ul>
<p>
En vous en souhaitant bonne réception.
</p>
<p>
Krystelle &amp; Yann Esposito</p>
</div>
</div>
</div>
<div id="postamble" class="status">
<p class="date">Date: 2023-06-19 Mon 00:00</p>
<p class="author">Author: Yann Esposito</p>
<p class="date">Created: 2023-11-13 Mon 23:01</p>
</div>
</body>
</html>

BIN
notes/impots2023/fiche-fiscale-cisco-2023.pdf Normal file
View file

Binary file not shown.

BIN
notes/impots2023/morgan-stanley-statement.pdf Normal file
View file

Binary file not shown.

2
notes/impots_2022.org
View file

@ -4,8 +4,10 @@
#+Title: Impots 2022
#+Author: Yann Esposito
#+Date: [2023-05-20]
- tags :: [[id:7051b4a2-b42b-4d6f-abf6-2396b68dc5ed][impots]]
- source ::
* PERO (6QS)
- Case 6RS versements volontaires

255
notes/impots_2023.org Normal file
View file

@ -0,0 +1,255 @@
:PROPERTIES:
:ID: 9952b8ac-59df-442c-b3aa-64e78e47d9b1
:END:
#+title: Impots 2023
#+Author: Yann Esposito
#+Date: [2024-05-18]
- tags ::
- source ::
* PERO (6QS)
- Case 6RS versements volontaires
- Case 6QS versements obligatoire Pero + jours CET
Cf Fiche Fiscale Cisco: 7611
* Revenus Fonciers (2044?)
- 3060€ dans la case 7FK (investissement Duflot 2014)
* Actions (RSU/ESPP) (Form. 2074)
| | Plus Values |
|-------+-------------|
| 03/01 | -37.86 |
| 17/02 | 274.94 |
| 05/04 | 201.11 |
| 16/06 | 775.31 |
| 04/07 | -107.53 |
| 26/07 | -24.10 |
| 10/08 | 3.0 |
| 19/09 | -57.35 |
| 15/10 | 156.69 |
|-------+-------------|
| TOTAL | 1184.21 |
#+TBLFM: @>$2=vsum(@I..@II)
Par lignes:
** 3 janvier 2023 (vente 162 ESPP => -37,86€) 1 vente
| Actions à vendre | 162 |
| Prix du marché par unité | × 47,89 $US |
| Produit | 7758,18 $US |
| Frais de VEF/CCA | - 7,50 $US |
| Processing Fee | - 5,00 $US |
| Frais de transaction supplémentaires | - 0,18 $US |
| Produit net | 7745,50 $US |
| Conversion de la devise | × 0,934951 |
| Produit net converti | 7241,66 € |
| Revenu ordinaire | 1851,66 $US |
| Gain ou perte de capital | 40,50 $US |
#+CONSTANTS: eu_03_01=0.934951
| Date dacquisition | Prix achat | Prix vente | Actions | Frais | Gain |
|---------------------+------------+------------+---------+-------+--------|
| 3 janvier 2023 en $ | 48.03085 | 47.89 | 162 | 17.68 | -40.50 |
| #ERROR | 44.91 | 44.77 | 151.46 | 16.53 | -37.87 |
#+TBLFM: @2$6=(((@2$3-@2$2)*@2$4) - @2$5);%.2f
#+TBLFM: @3=@2*$eu_03_01;%.2f
** 17 fevrier 2023 (vente 59 RSU => 274,94€) 1 vente
| Actions à vendre | 59 |
| Prix du marché par unité | × 51,36 $US |
| Produit | 3030,24 $US |
| Frais de VEF/CCA | - 7,50 $US |
| Processing Fee | - 5,00 $US |
| Frais de transaction supplémentaires | - 0,07 $US |
| Produit net | 3017,67 $US |
| Conversion de la devise | × 0,926536 |
| Produit net converti | 2795,98 € |
#+CONSTANTS: eu_17_02=0.926536
| Date dacquisition | Prix achat | Prix vente | Actions | Frais | Gain |
|---------------------+------------+------------+---------+-------+--------|
| 3 janvier 2023 en $ | 46.70 | 51.36 | 59 | 12.57 | 262.37 |
| #ERROR | 43.27 | 47.59 | 54.67 | 11.65 | 243.10 |
#+TBLFM: @2$6=(((@2$3-@2$2)*@2$4) - @2$5);%.2f
#+TBLFM: @3=@2*$eu_17_02;%.2f
** 5 avril 2023 (vente 76 RSU => 201€) 1 vente
| Actions à vendre | 76 |
| Prix du marché par unité | × 51,965 $US |
| Produit | 3949,34 $US |
| Frais de VEF/CCA | - 7,50 $US |
| Processing Fee | - 5,00 $US |
| Frais de transaction supplémentaires | - 0,04 $US |
| Produit net | 3936,34 $US |
| Conversion de la devise | × 0,907801 |
| Produit net converti | 3573,83 € |
| Gain ou perte de capital | 233,70 $US |
#+CONSTANTS: eu_05_04=0.907801
| Date dacquisition | Prix achat | Prix vente | Actions | Frais | Gain |
|--------------------+------------+------------+---------+-------+--------|
| 10 mars 2023 en $ | 48.89 | 51.97 | 76 | 12.54 | 221.54 |
| #ERROR | 44.38 | 47.18 | 68.99 | 11.38 | 201.11 |
#+TBLFM: @2$6=(((@2$3-@2$2)*@2$4) - @2$5);%.2f
#+TBLFM: @3=@2*$eu_05_04;%.2f
** 16 juin 2023 (vente 236 RSU => 775.31€) 2 vente
| Actions à vendre | 236 |
| Prix du marché par unité | × 48,82 $US |
| Produit | 12349,88 $US |
| Frais de VEF/CCA | - 7,50 $US |
| Processing Fee | - 5,00 $US |
| Frais de transaction supplémentaires | - 0,10 $US |
| Produit net | 12337,28 $US |
| Conversion de la devise | × 0,898033 |
| Produit net converti | 11079,29 € |
| Gain ou perte de capital | 827,42 $US |
#+CONSTANTS: eu_16_06=0.898033
| Date dacquisition | Prix achat | Prix vente | Actions | Frais | Gain |
|--------------------+------------+------------+---------+-------+--------|
| 10 mai 2023 en $ | 46.70 | 52.33 | 59 | 12.57 | 319.60 |
| #ERROR | 41.94 | 46.99 | 52.98 | 11.29 | 287.01 |
| 10 juin 2023 en $ | 49.53 | 52.33 | 177 | | 495.60 |
| #ERROR | 44.48 | 46.99 | 158.95 | 0.00 | 445.07 |
|--------------------+------------+------------+---------+-------+--------|
| Total | | | | | 732.08 |
#+TBLFM: $6=((($3-$2)*$4) - $5);%.2f
#+TBLFM: @3=@2*$eu_16_06;%.2f
#+TBLFM: @5=@4*$eu_16_06;%.2f
#+TBLFM: @>$6=vsum(@3$6,@5$6);%.2f
** 4 juillet 2023 (vente 149 ESPP => -107.53€) 1 vente
| Actions à vendre | 149 |
| Prix du marché par unité | × 50,93 $US |
| Produit | 7588,57 $US |
| Frais de VEF/CCA | - 7,50 $US |
| Processing Fee | - 5,00 $US |
| Frais de transaction supplémentaires | - 0,07 $US |
| Produit net | 7576,00 $US |
| Conversion de la devise | × 0,897208 |
| Produit net converti | 6797,25 € |
| Revenu ordinaire | 2313,97 $US |
| Gain ou perte de capital | 120,69 $US |
#+CONSTANTS: eu_04_07=0.897208
| Date dacquisition | Prix achat | Prix vente | Actions | Frais | Gain $ | Gain |
|---------------------+------------+------------+---------+-------+---------+---------|
| 4 juillet 2023 en $ | 51.65 | 50.93 | 149 | 12.57 | -119.85 | -107.53 |
| #ERROR | 46.34 | 45.69 | 133.68 | 11.28 | -107.53 | -96.48 |
#+TBLFM: @2$6=(((@2$3-@2$2)*@2$4) - @2$5);%.2f
#+TBLFM: @3=@2*$eu_04_07;%.2f
** 26 juillet 2023 (vente 19 ESPP => -24€) 1 vente
| Actions à vendre | 19 |
| Prix du marché par unité | × 53,1649 $US |
| Produit | 1010,13 $US |
| Frais de VEF/CCA | - 7,50 $US |
| Processing Fee | - 5,00 $US |
| Frais de transaction supplémentaires | - 0,01 $US |
| Produit net | 997,62 $US |
| Conversion de la devise | × 0,891041 |
| Produit net converti | 888,92 € |
| Revenu ordinaire | 295,07 $US |
| Gain ou perte de capital | 27,07 $US |
#+CONSTANTS: eu_26_07=0.891041
| Date dacquisition | Prix achat | Prix vente | Actions | Frais | Gain $ | Gain |
|---------------------+------------+------------+---------+-------+--------+--------|
| 3 janvier 2023 en $ | 53.93 | 53.1649 | 19 | 12.51 | -27.05 | -24.10 |
| #ERROR | 48.05 | 47.37 | 16.93 | 11.15 | -24.10 | -21.47 |
#+TBLFM: @2$6=(((@2$3-@2$2)*@2$4) - @2$5);%.2f
#+TBLFM: @3=@2*$eu_26_07;%.2f
** 15 aout 2023 (vente 61 RSU => 3€) 1 vente
| actions à vendre | 61 |
| Prix du marché par unité | × 53,67 $US |
| Produit | 3273,87 $US |
| Frais de VEF/CCA | - 7,50 $US |
| Processing Fee | - 5,00 $US |
| Frais de transaction supplémentaires | - 0,03 $US |
| Produit net | 3261,34 $US |
| Conversion de la devise | × 0,905048 |
| Produit net converti | 2951,67 € |
#+CONSTANTS: eu_15_08=0.905048
| Date dacquisition | Prix achat | Prix vente | Actions | Frais | Gain |
|--------------------+------------+------------+---------+-------+------|
| 10 aout 2023 en $ | 53.41 | 53.67 | 61 | 12.53 | 3.33 |
| #ERROR | 48.34 | 48.57 | 55.21 | 11.34 | 3.01 |
#+TBLFM: @2$6=(((@2$3-@2$2)*@2$4) - @2$5);%.2f
#+TBLFM: @3=@2*$eu_15_08;%.2f
** 19 septembre 2023 (vente 87 RSU => -57.35€) 1 vente
| Actions à vendre | 87 |
| Prix du marché par unité | × 56,19 $US |
| Produit | 4888,53 $US |
| Frais de VEF/CCA | - 7,50 $US |
| Processing Fee | - 5,00 $US |
| Frais de transaction supplémentaires | - 0,04 $US |
| Produit net | 4875,99 $US |
| Conversion de la devise | × 0,923115 |
| Produit net converti | 4501,10 |
#+CONSTANTS: eu_19_09=0.923115
| Date dacquisition | Prix achat | Prix vente | Actions | Frais | Gain |
|------------------------+------------+------------+---------+-------+--------|
| 10 septembre 2023 en $ | 56.76 | 56.19 | 87 | 12.54 | -62.13 |
| #ERROR | 52.40 | 51.87 | 80.31 | 11.58 | -57.35 |
#+TBLFM: $6=((($3-$2)*$4) - $5);%.2f
#+TBLFM: @3=@2*$eu_19_09;%.2f
** 15 novembre 2023 (vente 182 RSU => 156.69€) 1 vente
| Actions à vendre | 182 |
| Prix du marché par unité | × 53,27 $US |
| Produit | 9695,14 $US |
| Frais de VEF/CCA | - 7,50 $US |
| Processing Fee | - 5,00 $US |
| Frais de transaction supplémentaires | - 0,08 $US |
| Produit net | 9682,56 $US |
| Conversion de la devise | × 0,905196 |
| Produit net converti | 8764,61 € |
#+CONSTANTS: eu_15_10=0.905196
| Date dacquisition | Prix achat | Prix vente | Actions | Frais | Gain |
|-----------------------+------------+------------+---------+-------+--------|
| 10 novembre 2023 en $ | 52.25 | 53.27 | 182 | 12.54 | 173.10 |
| #ERROR | 47.30 | 48.22 | 164.75 | 11.35 | 156.69 |
#+TBLFM: $6=((($3-$2)*$4) - $5);%.2f
#+TBLFM: @3=@2*$eu_15_10;%.2f
* Dons (7UD)
| assoc | don |
|-------------------------+-----|
| Unicef | 276 |
| Medecins Sans Frontiere | 120 |
|-------------------------+-----|
| | 396 |

201
notes/mdph_recours.html
View file

@ -1,201 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="author" content="Yann &amp; Krystelle Esposito" />
<title>MDPH recours</title>
<style>
html {
line-height: 1.5;
font-family: Georgia, serif;
font-size: 20px;
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
word-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 1em;
}
}
@media print {
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
font-size: 85%;
margin: 0;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">MDPH recours</h1>
<p class="author">Yann &amp; Krystelle Esposito</p>
<p class="date">[2021-12-22 Wed]</p>
</header>
<p>Nous demandons une réévaluation du dossier de notre fille, soit:</p>
<ul>
<li><strong>une reconnaissance d'handicap supérieure à 80%</strong> (avec réévaluation à la hausse de l'AEEH complémentaire)</li>
<li>la <strong>CMI Invalidité/Priorité</strong> indispensable à la réalisation de son projet de vie (en accord avec les soignants)</li>
<li>la <strong>CMI Stationnement</strong></li>
</ul>
<h1 id="demande-reconnaissance-dau-moins-80-de-handicap">Demande reconnaissance d'au moins 80% de handicap</h1>
<p>Depuis avril 2021, date de la demande de création de dossier MDPH, l'<strong>anxiété</strong> et l'<strong>autonomie</strong> de notre fille Anna se sont <strong>dégradées</strong>.</p>
<p>Une <strong>ALD à 100%</strong> vient de lui être octroyée (cf attestation). Compte tenu de la majoration de ses angoisses et en s'appuyant sur le guide d'appui aux pratiques des maisons départementales des personnes handicapées de la Caisse Nationale de Solidarité pour l'Autonomie (CNSA, cf document en annexe) Anna est dans l'<u>incapacité absolue</u> de réaliser des actes et activités simples de la vie courante comme :</p>
<ul>
<li>faire des courses seule à cause de ses hypersensibilités ;</li>
<li>se diriger et agir seule en ville ;</li>
<li>prendre les transports en commun ; incapacité de programmer un trajet et surtout de répondre à un évènement inattendu comme adapter son itinéraire en cas de dysfonctionnement.</li>
<li>suivre un enseignement dans un établissement classique</li>
<li>initier une sortie en extérieur</li>
</ul>
<p>C'est pourquoi nous vous demandons de réévaluer son taux de handicap à au moins 80%. Et aussi par conséquent de réévaluer l'AEEH complémentaire à la hausse.</p>
<h2 id="description-des-crises">Description des crises</h2>
<p>L'intensité des crises d'angoisses autistiques de notre fille sont invalidantes. Ses dernières vont jusqu'à provoquer une incapacité à se mouvoir, hyperventilation, cécité et surdité temporaires, pertes de sensations. Lors des crises les risques de chutes sont présents car elle n'arrive pas à tenir la station debout. Afin d'assurer sa sécurité il est pratiquement impossible de la laisser seule, sauf chez elle.</p>
<p>Les crises sont provoquées par :</p>
<ul>
<li><strong>un contact, même léger</strong> : une personne qui la frôle suffit à provoquer une crise. Par exemple, récemment une enfant à voulu toucher sa peluche lestée en se précipitant sur elle. Anna n'a pas su comment se "mettre en sécurité" ce qui à provoquer une crise que nous avons eu du mal à apaiser.</li>
<li><strong>trop de monde</strong></li>
<li><strong>les hyperstimulations sensorielles</strong>, par exemple, bruit de moteur inattendu, un feu clignotant, lumière trop vive, etc…</li>
</ul>
<p>Elle n'arrive à gérer les hyperstimulations que pendant une courte période. Attendre à une caisse peut, pour elle, être elle un calvaire. Si cela dure un peu trop longtemps, ou qu'une personne la touche par inadvertance, il n'y a pas d'autre solution que de sortir du magasin, en laissant le caddie pour retourner dans la voiture. Je vous laisse imaginer la difficulté pour traverser un parking avec une personne en crise que l'on ne peut pas toucher, qui ne voit et n'entend pratiquement rien !</p>
<p>C'est pour cela que nous vous demandons la CMI Invalidité/Priorité et Stationnement.</p>
<h2 id="scolarité">Scolarité</h2>
<p>La phobie scolaire de notre fille l'empêche d'avoir un enseignement dans un établissement ordinaire. Nous avons essayé le CNED à domicile, cela fut un échec, car son anxiété de performance et son isolement social ont été à leurs apogées.</p>
<p>Pour l'aider, depuis septembre, nous avons orienté Anna vers un établissement privé à très petit effectif. Cela est toujours difficile pour elle (incapacité à assister à tous les cours à cause de son anxiété et de sa fatiguabilité), mais nous avons constaté avec les équipes médicales et pédagogiques de réels progrès d'autant plus qu'Anna est douée, motivée et intéressée par les études.</p>
<p>Cependant cela à un coût élevé.</p>
<h1 id="chien-dassistance">Chien d'assistance</h1>
<p>Pour la soutenir dans ses efforts et avec l'appui de sa psychiatre et de son psychologue (cf certificats médicaux joins) nous avons pour projet d'adopter un chien d'assistance qui pourrait :</p>
<ul>
<li>agir sur son état anxieux et maîtriser ses crises d'angoisses ;</li>
<li>être un moteur déterminant pour son autonomie future ;</li>
<li>rendre son handicap visible en rendant les inconnus plus conscient des difficultés d'Anna ;</li>
<li>initier des sorties en extérieur et sociabiliser grâce à l'animal ;</li>
<li>faciliter son autonomie en lui permettant d'accéder aux lieux publics.</li>
</ul>
<p>Anna est très motivée par ce projet, c'est pourquoi il est indispensable qu'elle puisse bénéficier de la carte CMI ainsi que d'un taux de handicap reconnu à au moins 50% sans lesquels un chien d'assistance ne pourrait pas lui être attribué.</p>
<h1 id="conclusion">Conclusion</h1>
<p>Bien que le TSA ne sera jamais soigné, avec les bons soins et les bons outils, elle peut arriver à vivre avec ses phobies et devenir un membre actif, responsable et épanouie de notre société. C'est pourquoi nous avons besoin de la reconnaissance de handicap d'au moins 80% et de la carte CMI Invalidité/Priorité pour qu'on puisse lui attribuer un chien d'assistance qui est essentiel à la réalisation de son projet de vie.</p>
</body>
</html>

110
notes/on_software_programming_evolution.org Normal file
View file

@ -0,0 +1,110 @@
:PROPERTIES:
:ID: 3acde895-6fb6-433a-a46c-3ebd0dedcdbe
:END:
#+title: On software programming evolution
#+Author: Yann Esposito
#+Date: [2024-02-10]
- tags ::
- source ::
* Software Programming
My first contact with programming occurred when I was about 10 years old.
I was confronted with BASIC on a local computer.
BASIC was the UI you need to use to do anything interesting with your computer.
The hardware interface was, a keyboard, two joysticks with a single button and
an electronic pen.
You could push your pen on the screen and the computer could detect the position
of your pen.
So as a child, to play any game I needed to put a magnetic tape in a recorder
and wait for prompt to show and write something like:
#+begin_src basic
RUN ""
#+end_src
And after a while I saw that you could play with this computer by writing
commands to draw things on the screen.
And quickly I copied from a book a few commands to make a loop that drawed
lines.
And I felt it was incredible. Just drawing a few lines on the computer because,
I could control how these lines were drawn.
It wasn't easy to grasp what and how I could change things. But after a while I
did my first computer program that was really useful.
Of course, if I wanted to draw the same thing again, I needed to write the
program from scratch all over again.
I was lucky enough to also have to play with LOGO, and other programming
languages.
Year passed and I familiarized myself with Pascal.
Then I really started my studies and really learned how to program.
And a program was always something you mostly controlled.
The mysterious part for a long time was the driver interface.
I could write program that did various complex things.
But I wouldn't be able to explain how my program could really write on the
screen, or print something on a printer, etc…
The layer provided by the OS was long a mystery to me.
But mainly you had to accept the "Standard Library" that comes with your compiler.
That can makes commands like `println` to really print a string into your
terminal on your screen.
And I quickly understood that if I wanted to create games or any kind of
graphics you need to adopt an external component. A Graphic Library which
exposed function that, if you used them, somehow, magically did things on the
screen. Or generate some sounds.
But mainly, that was it.
A program has always been, for a very long time something starting with the
standard library provided with the compiler of your programming language (C,
Pascal, Java, etc…), and perhaps, you need to install *ONE* big dependency. Like
QT, or something else. And that was it.
You started mostly from scratch every time.
Then, years passed, and I started to earn money for programming.
And slowly, I witnessed the evolution of programs.
From a single man, a small team work from scratch.
To... a kind of social construction.
In particular, I saw how Silicon Valley startups could use the power of many
open source projects, use many libraries to build more complex programs.
And it really changed the pace of the production of the end product.
But, more and more, people started to forget about this initial art of writing
something from scratch without the help of an external library or framework.
Now, I feel, the situation appear to be a bit ridiculous.
We are not even talking about library but people consider to use paying services
instead of libs to provide and publish an application.
And what is left to software engineer is about how to put these external, paying
tools together.
Of course, there is always a bit of code you need to write, but the objects you
manipulate are already pretty abstract things coming from external libraries.
And somehow, this is so much ingrained in people minds now, that people are
afraid to build something themselves. They prefer the comfort of using a bloated
external code that provide a feature they need. Generally, you introduce a new
dependency that could be quite big just for a small part of the proposed features.
This is not only code, but also, publication of your application that is done
that way.
Instead of executing a binary on your own machine, or a machine you lend.
You kind of package all this in many layers of complex things.
Part of the complexity is justified, but probably a big part is not for most
applications.
This has simply became "best practices" to deploy and publish an application.
You add tons of dependencies, which are pretty huge comparatively to the feature
your app will provide, you deploy them in "the Cloud", or a pretty expensive
lent computers, generally inside a containers with a complex topology of
machines and services.
To me it looks like an incredible waste of resources for most use case.
But as this is "cheap" nobody really cares.
But, doing things this way kind of removed the magic of feeling in control and
feeling that you really built something you understand top to bottom.

78
notes/protection_juridique.org Normal file
View file

@ -0,0 +1,78 @@
:PROPERTIES:
:ID: a6cd5474-53e9-465e-8f49-f544199ccb40
:END:
#+Title: Protection Juridique
#+Author: Yann Esposito
#+Date: [2024-05-29]
#+Lang: fr
- tags ::
- source ::
* Contacts
Le CSE n'intervient à aucun moment dans les échanges et procédures avec Solucia
Protection Juridique.
Pour avoir recours à leurs services, vous devez les contactez directement par
téléphone, en indiquant le numéro du contrat.
Pour contacter Solucia Protection Juridique :
Tel: 09 69 39 94 88 (du lundi au samedi, de 9 h à 20 h)
Code partenaire : 1000 63 99
* Toyota
Envoyer courrier recommander.
Juridique.
Pour la preuve, de la réception de la partie adverse.
Courrier avec délais recommandé de 15j a partir de la date de réception.
** 1er courrier
Objet: Erreur de carte grise - Changement de propriétaire
Bonjour,
Le 7 février 2024, nous avons contacté le service administratif pour faire par d'une
erreur de votre part lors de la création de la carte grise de la Aygo que j'ai
achetée le 26 février 2021.
Bien qu'ayant acheté ce véhicule neuf, le propriétaire est Toyota Kredibank GMBH
et non pas Krystelle Esposito.
Depuis mon déménagement je ne peux pas faire une procédure de changement
d'adresse car nous n'en sommes pas le propriétaire.
Nous avons bien reçu deux courriels en février de la part du service administratif nous
demandant de fournir les documents nécessaires au changement de propriétaire de
la carte grise.
Nous avons pu joindre un peu après avoir envoyer ces documents une personne de vos
services qui nous a confirmer s'en occuper dans un délai proche.
Malgré nos tentatives pour obtenir un retour de vos services - plusieurs
messages téléphoniques et des courriels avec mes coordonnées - nous n'avons depuis
reçu aucune nouvelle.
C'est pourquoi je vous envoie ce courrier avec accusé de réception pour
m'enquérir de l'avancement du changement de propriétaire de la carte grise de notre
Toyota Aygo.
Je joins à nouveau les documents demandés, à savoir :
- Une photocopie de la carte d'immatriculation de la Toyota Aygo
- Un mandat signé pour effectuer les formalités d'immatriculation auprès du ministère de l'Intérieur
- Une photocopie de la carte d'identité de Krystelle Esposito
- Une attestation de domicile
Si je n'ai pas reçu une réponse de votre part dans les 15 jours suivant la date
de réception de cette lettre, j'aurai été contraint de lancer une procédure
judiciaire.
Je vous prie d'accueillir favorablement ma requête et de prendre en compte mon
cas avec urgence. Je serai reconnaissant si vous pouviez me contacter pour
discuter plus avant de cette affaire.
Cordialement,
Krystelle & Yann Esposito.

21
notes/retrieve_tokens_for_ai_assistant.org Normal file
View file

@ -0,0 +1,21 @@
:PROPERTIES:
:ID: 7d934841-a145-4833-8389-18ba449a6de7
:END:
#+title: Retrieve Tokens for AI Assistant
#+Author: Yann Esposito
#+Date: [2024-02-09]
- tags ::
- source ::
* TL;DR
1. Call =/iroh/oauth2/custom/tokens= with body =client_id=client-ai-assistant= and
the user JWT as bearer token in the Authorization header.
2. From there you could use the access token to call the AI Assistant API.
* Working Example
<s

546
notes/scc_integration_piam_option_1.org Normal file
View file

@ -0,0 +1,546 @@
:PROPERTIES:
:ID: e32045d1-4f6b-491d-b83a-6fa1511e2229
:END:
#+title: SCC Integration
#+Author: Yann Esposito
#+Date: [2024-03-06]
- tags :: [[id:ce893df9-32a4-44e0-9eb5-b9817141ee6a][cisco]]
- source ::
* [[https://github.com/advthreat/iroh/issues/9060][EPIC]]
⚠️ **DRAFT**
- ⚠: during the JIT user provisioning we will only have the user-email. As such
common fields such as the user name, user nick, will be empty. Some product
and in particular some UI rely on these user field to exists.
** SCC Integration
identified tasks
<https://airtable.com/appZKQe0zXhVMepC8/shrdGCDFRzqZoIIFc/tblP6J2lMHF942Emq>
*** Functional Requirements
We plan on using part of the XDR UI inside another Web application SCC.
SCC is in charge of centralizing customer products and users. The SCC UI
session will be handled via a /PIAM token/[^1].
*** Specification
**** PIAM Terminology and concepts
An Enterprise can access to different regions.
Into each region, we can have "Platform Group".
Within each Platform Group, you can have at most 1 IROH headless org.
Or if the org upgrade to XDR 1 IROH and 1 XDR with the exact same tenant-id.
Example from PIAM doc; PIAM Enterprise Structure
#+NAME: Enterprise_0
#+begin_src mermaid :file scc_integration_piam_enterprise_structure_0.png
flowchart TB;
Enterprise_3443 --> NAM
Enterprise_3443 --> APJC
NAM --> PlatformGroup_1
APJC --> PlatformGroup_2
NAM --> SecureAccess_49b9
PlatformGroup_1 --> IROH_f122b
PlatformGroup_1 --> SSX_358e
APJC --> CDO_193a
PlatformGroup_2 --> IROH_57db
PlatformGroup_2 --> SSX_9dc5
#+end_src
Then the customer buy XDR in NAM in =PlatformGroup_1=
#+NAME: Enterprise_1
#+begin_src mermaid :file scc_integration_piam_enterprise_structure_1.png
flowchart TB;
Enterprise_3443 --> NAM
Enterprise_3443 --> APJC
NAM --> PlatformGroup_1
APJC --> PlatformGroup_2
NAM --> SecureAccess_49b9
PlatformGroup_1 --> IROH_f122b
PlatformGroup_1 --> XDR_f122b
PlatformGroup_1 --> SSX_358e
APJC --> CDO_193a
PlatformGroup_2 --> IROH_57db
PlatformGroup_2 --> SSX_9dc5
#+end_src
Then the customer buy a new XDR in NAM, they need to create a new Platform Group:
#+NAME: Enterprise_2
#+begin_src mermaid :file scc_integration_piam_enterprise_structure_2.png
flowchart TB;
Enterprise_3443 --> NAM
Enterprise_3443 --> APJC
NAM --> PlatformGroup_1
APJC --> PlatformGroup_2
NAM --> PlatformGroup_3
NAM --> SecureAccess_49b9
PlatformGroup_1 --> IROH_f122b
PlatformGroup_1 --> XDR_f122b
PlatformGroup_1 --> SSX_358e
PlatformGroup_3 --> IROH_1234
PlatformGroup_3 --> XDR_1234
APJC --> CDO_193a
PlatformGroup_2 --> IROH_57db
PlatformGroup_2 --> SSX_9dc5
#+end_src
***** PIAM Tokens
A PIAM Token is a JWT signed and issued by PIAM.
A client can request PIAM to issue a token. Depending on the requested scopes
and the identity of the client and parameter of the request different PIAM Token
could be generated.
For this specific work we are interested in two different kind of tokens.
- Tokens for SCC audience.
- Tokens for some Application (for example DI)
In both cases, for this feature we are interested in the following claims:
- ~sub~: the PIAM identity which is an *email* and not an unique identifier, AN EMAIL!
- ~security-cloud~ claim which contain a list of strings. Each of this string is
intended to be parsed to represent a "Product Access".
For example the string
="security:iroh:integration-admin:e0b9859c-3bdd-4e6c-87de-c7fb8caf122b"=
represent the fact that this token can give access to the product /iroh/ with
the role /integration-admin/ for the /tenant id/ =e0b9859c-3bdd-4e6c-87de-c7fb8caf122b=.
:warning:
IT IS NOT FIXED WHAT /tenant id/ WILL BE, FOR NOW, THIS IS THE IROH ORG-ID.
BUT IT IS PLANNED TO BE A /product tenant id/ GENERATED BY PIAM AND SAVED IN PIAM.
For the three different states shown for <<Enterprise_0>>, <<Enterprise_1>> and
<<Enterprise_2>>, the ~security-cloud~ , for a token dedicated to use the SCC UI will contain:
For <<Enterprise_0>>
#+begin_src
"security-cloud": [
"security:enterprise:member:2a715451-c4c2-4d46-b3e3-69d8b53b3443",
"security:iroh:integrations-admin:e0b9859c-3bdd-4e6c-87de-c7fb8caf122b",
"security:iroh:integrations-admin:61ad26da-bf66-44f3-9648-738704b957db"
]
#+end_src
For <<Enterprise_1>>
#+begin_src
"security-cloud": [
"security:enterprise:member:2a715451-c4c2-4d46-b3e3-69d8b53b3443",
"security:iroh:integrations-admin:e0b9859c-3bdd-4e6c-87de-c7fb8caf122b",
"security:iroh:integrations-admin:61ad26da-bf66-44f3-9648-738704b957db"
]
#+end_src
For <<Enterprise_2>>
#+begin_src
"security-cloud": [
"security:enterprise:member:2a715451-c4c2-4d46-b3e3-69d8b53b3443",
"security:iroh:integrations-admin:e0b9859c-3bdd-4e6c-87de-c7fb8caf122b",
"security:iroh:integrations-admin:61ad26da-bf66-44f3-9648-738704b957db"
"security:iroh:integrations-admin:12345678-ae36-1afb-3633-acf7147db123"
]
#+end_src
** Tasks
- Create Token Exchange API (still working on gathering technical details)
- JIT user sync between PIAM and IROH (still need a few details)
- New module auth in IROH to support PIAM Auth (cc @msprunck)
- Create new role for PIAM Administrators within XDR (to be defined by PM)
- Role mapping with SCSO (to be defined by PM)
- SecureX Orgs migration to Common Orgs @yogsototh: should be handled via
Brownfield attach API effort, otherwise there is no known way to send the IROH
tenant ID to PIAM/SCC. As such this should be customer driven, and the related
work has not yet started for Q3.
- Licence Restriction in XDR based on module capability (cc @msprunck)
- Disable XDR functionality from IROH when XDR license expires (see another
comment expect about 1 to 2 releases of dev work, 1 to 2 releases of team
sync, perhaps more depending on the other team)
*[Update 2024-03-14]: new tasks discovered after PIAM sync*:
- Universal PIAM API with different onboard rules:
- creating an headless IROH Org
- creating an XDR Org
- upgrading an headless IROH Org to an XDR Org
- downgrading an XDR Org to an headless IROH Org
- Add a new Middleware to support PIAM token, we should also look for a header
containing a ~product-tenant-id~ in order to be able to transform this request
with a valid IROH user request-identity.
- Update the Universal PIAM API to keep track of the ~product-tenant-id~.
- Create a migration script to attach the PIAM ~product-tenant-id~ to existing IROH ~org-id~.
*[Update 2024-03-18]: need to support Secure Client UI*
- secure-client flag in the Org
- init flag of Orgs using Secure Access team to set
- Add secure-client flag during the provisioning
- Handle Invite flow target URL
- Show the Org flags (labels, applications) in the Registration UI
#+begin_quote
Org Flags:
- scc
- xdr
- secure-client
- sx
#+end_quote
[^1]: [PIAM Token Doc (+ tenant, user, rbac)](https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/access-control/index.md)
** Detailled Tasks
#+begin_quote
Unfixed Vocabulary:
- headless org, common org
#+end_quote
*** PIAM ⇒ IROH token
From [[https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/access-control/index.md#example][PIAM Access Control Doc]]
The PIAM token will look like:
#+begin_src js
{
"ver": 1,
"jti": "AT.zWFQnc9MVJQ9wtjFgzzCK88lqTNS3OshQJdQCOeCTHs",
"iss": "https://sso-staging.test.security.cisco.com/oauth2/aus3uzfwpumAvDegH357",
"aud": "api://preprod-mercury",
"iat": 1701291945,
"exp": 1701295545,
"cid": "0oa9sca662IshmWh1357",
"uid": "00udtubj15dIiqKti357",
"scp": [
"email",
"openid",
"profile",
"security-cloud",
"security:xdr",
"security:cdo",
"security:ssx"
],
"auth_time": 1701291942,
"sub": "rhofschn@cisco.com",
"security-cloud": [
"security:enterprise:member:2a715451-c4c2-4d46-b3e3-69d8b53b3443",
"security:xdr:admin:e0b9859c-3bdd-4e6c-87de-c7fb8caf122b",
"security:cdo:read-only:5dbd3bb4-0e67-4379-a231-068c930a6e41",
"security:ssx:create-device:4ed0c951-4027-43e0-846f-b1b12789358e",
],
"client-product": "xdr"
}
#+end_src
Expectations:
1. The PIAM token `security-cloud` claim will contain one and only one value
starting with `security:xdr:`.
2. PIAM will know the target region to call the correct XDR region URL.
We will expose an endpoint:
- ~POST /iroh/cisco-piam/token~ that given a PIAM token in the ~Authorization~
header as Bearer token will:
1. Look up for:
- user-email = sub claim of PIAM token
- org-id = TENANT_ID part of the ~security:xdr~ block
2. If no org is found ⇒ return a 400 error
If the org is found ⇒ tag that org as an headless-compatible org
3. If no user found; Create the new User and return a couple (IROH Session
Token/Session Refresh Token)
If user if found; optionally update the user (role) if necessary and return
a couple IROH Session Token/Session Refresh Token).
4. Notes;
- User created via this JIT should have a specific flag to mark they were created via PIAM
- The token will have a specific audience
*** Just In Time User sync
We will only synchronize user on user login. No service to service
synchronization mechanism. For example, if a user is deleted from PIAM server
this user will never be deleted from IROH server.
*Expectations*:
a. the role specified in the value for XDR product in the ~security-cloud~ claim
will always be ~admin~.
OR
b. the role specified in the value for XDR product in the ~security-cloud~ claim
will always be a valid, known XDR role id (~admin~, ~user~ or ~sat~ , for now).
User will created or updated upon calls to retrieve an IROH token from a PIAM
Token only.
Invitations as well as Organization Access Requests will still be handled by IROH.
This mean that a user login into SCC could create a user in an XDR tenant.
BUT, a user having access to this XDR tenant will not necessarily have an SCC account.
In order to improve any future decision, we need to flag Users object to
determine if they only access XDR via SCC portal or if they login directly in
XDR or both.
**** Subtasks
- [ ] Add a flag when a user login into XDR so we will be able to know if user
logged in only via SCC, only via XDR or both. I suggest adding a field
~{:login-product #{(s/enum :scc :xdr :sx :ctr :orbital :internal)}}~ and using
the ~allowed-login-origins~ to add a tag of the login product.
Ideally we could then support adding the login origin in the ~aud~ of the JWT.
*** DELEGATED New module Auth in IROH to support PIAM token (cc @msprunck)
*** DELEGATED Role mapping with SCSO (to be defined by PM probably all admin)
*** SX Org migration (Brownfield attach mechanism enough?) YES
*** DELEGATED License Restriction in XDR based on module capability (cc @msprunck)
*** Disable XDR Functionalities when XDR license expires
**** Change the org mode back to ~common~ (1 to 2 releases)
Expectations:
- The common org should already be tagged as ~common~.
- Every common org should have an ~enterprise-id~.
Changes:
Currently we have a single /scopes matrix/ with a "fake role" to simulate
admin user from inactive Orgs.
This need to be changed by a function that given an Org and its Entitlements
returns a /scopes matrix/. (Ideally sharing the same lines).
More precisely we will only need 3 scopes matrix in total:
- a scopes matrix for XDR orgs
- a scopes matrix for inactive XDR orgs
- a scopes matrix for inactive XDR Org which are also a common Org
Sub tasks:
1. Make a decision about the list of scopes for the two new matrix, perhaps
there will be a need to have different matrices before and after SX EOL.
a. after SX EOL, unactivated and non common org are fully disabled (I don't
think that's the case to continue to support SE / Orbital for example)
b. after SX EOL, there will be an UI that should work for all possible
"scopes set". We are talking about 1 scopes-set per role per matrix.
Currently 6 scopes set (admin, user, sat).
I would expect the scopes choice to be done in a few days, and about 1 to 2 releases
(2 to 4 weeks for the code change).
**** Disabling Products
***** SXO (0 release, should already be supported)
We could immediately remove the ~ao~ scope and it should be enough to prevent
Automation usage.
SXO is already consuming Entitlement changes events and thus could detect and
Org becomes inactive and could therefore do the necessary tasks inside SXO.
***** DAP / SCA (1 to 2 releases about team syncing, close to 0 dev effort)
We need to configure a new hook on ~EntitlementSummary~ changes so this could
trigger a decommission.
It should be a matter of adding a webhook with some configuration. So here we
mostly need time to sync with the dev teams to configure the webhooks.
Creating a new webhook should be easy but we will probably need a few days to
gather all necessary data to create this configuration.
*** Org Schema change
IROH will be an API that will be used for two different Applications.
SCC and XDR.
Notice IROH is already used as API for many different applications;
- CTR,
- SecureX,
- XDR,
- Orbital,
- Registration UI,
- Tactical Portal.
- IROH-Admin,
- SecureX UI Dev Env
So SCC will be one more to add, but this time the login method will be different.
Also while all other existing cases are mostly synchronous, we should start to
enforce a lot better the application accessible or not.
Regarding the functionality I suggest not to be too precise and only mention
SCC, XDR and SecureX.
#+begin_src clojure
(s/defschema AllowedApplications
(s/enum :scc :xdr :sx))
#+end_src
This should probably not be used to enforce anything from the backend yet, but
should be useful for the UI and will help have a better data structure internally.
Currently we create a view with ~xdr-enabled?~, ~sx-enabled?~ etc…
It will be nice to transform this set to add many flags, the new one will be ~scc-enabled?~.
With the current plan, every XDR org will be ~scc-enabled~, but some might not be
~xdr-enabled~, and all will have ~sx-enabled~ set to false. And we need to planify a
time where ~sx~ app will be removed.
*** User Schema change
When we receive a token exchange to generate an IROH token with a PIAM token
containing in the ~security-cloud~ claim a value starting with ~security:iroh:~ then
we should mark that user to be an scc user.
When we receive a token exchange or when a user login as usual, we should mark
that user to be an xdr user.
*** Update Universal Provisioning
Add a query parameter to the Universal Provisioning API (typically ~&headless=true~).
If the provisioning occurs with this parameter then: only onboard DI and SCC.
Keep track of the onboarding state somewhere (perhaps just looking for existing
module instances)
If a provisioning occurs without this parameter then onboard DI, SCC, SXO & SCA.
If we receive an update:
onboard the missing product (looking at module instances) SXO & SCA.
*** PIAM token support middleware
We need a middleware that provide the ability to translate a PIAM token to an
IROH identity.
We already have a mechanism that depending on the JWT issuer returns a different user-identity.
We should have a mechanism so that an API could accept PIAM token for both cases:
- we just have the PIAM token, this API is not IROH tenant scoped.
- we have the PIAM token as well as a tenant-id (either PIAM product-tenant-id
or IROH org-id) and the API will be tenant scoped
*** Update Universal Provisioning to track PIAM product-tenant-id
*** Create a migration script to attach the PIAM product-tenant-id to existing IROH org-id
For every org provisioned before we keep track of the product-tenant-id we
should attach a product-tenant-id to the org.
* Official Tasks
[[https://airtable.com/appZKQe0zXhVMepC8/shrdGCDFRzqZoIIFc/tblP6J2lMHF942Emq][Airtable list]]
- create a token exchange API
- JIT user sync between PIAM and IROH
- New module auth in IROH to support PIAM Auth
- Create new role for PIAM Administrators within XDR
- Role Mapping with Security Cloud Sign-on
- SX Orgs migration to Common Orgs
- License Restriction in XDR based on module capability
- Disable XDR functionality from IROH when XDR license expires
Unknown:
- PM how to handle SCC user vs XDR invited users
* Questions to [[webexteams://im?space=f4791010-c534-11ee-a02f-8b2b472f9d7c][channel]]
** User Session
Hello All!
I have a few technical questions for which I would like some clarifications.
The plan as I understood would be to integrate some external UI to the SCC UI.
And this external UI will need to "exchange" the session of the user logged into
SCC into a user in IROH.
As such, I would like to understand how is the session saved in the SCC UI.
Is it a cookie session? If it is, does the session contain a JWT?
If it is a JWT, is it a PIAM token?
If we want to create a valid token in IROH out of such session we will need at least:
A ~user-email~, an ~enterprise-id~ and an SCC user role (from my understanding there
are only two SCC roles, which should roughly be admin and user).
More straight to the point, what would be a secure way to expose an API in IROH
that the integrated UI in SCC could use to exchange an SCC session to an IROH
user token?
If this is a JWT signed by PIAM which contain just an ~user-email~ and an
~enterprise-id~ then this should be fine as I will be able to search for the
single IROH tenant with this ~enterprise-id~ (as I understood we decided to keep
this constraint of preventing multi-XDR tenancy relatively to SCC tenancy).
Also, let me know if my understanding that we will need to manage different type
of token is true?
I think what we call a _PIAM Token_ is an *access token* which is also a *JWT* that
will contain a list from which we could deduce the user-id and its role for
every product. Like: `<PRODUCT>:<USER_ROLE>:<USER-ID-IN-PRODUCT>`.
I don't think the session in SCC is maintained using such token, could you
confirm this?
I also have another question related to the PIAM tokens.
Should we support multiple entries for the same product in the list in the JWT
containing the user-id and role in the external products?
Thanks!
* Sizing
** [[webexteams://im?space=b62bf8f0-6062-11ed-9564-a57f2c094899&message=c82ce020-db43-11ee-8e37-799ed57689d0][Jyoti question]]
#+begin_quote
2. Disable XDR functionality when XDR license expires (Yann)
a. Change the org mode back to `common`
b. Disable SXO, DAP, SAC tenants
#+end_quote
*** Disable XDR Functionalities when XDR license expires
**** Change the org mode back to ~common~ (1 to 2 releases)
Expectations:
- The common org should already be tagged as ~common~.
- Every common org should have an ~enterprise-id~.
Changes:
Currently we have a single /scopes matrix/ with a "fake role" to simulate
admin user from unactivated Orgs.
This need to be changed by a function that given an Org and its Entitlements
returns a /scopes matrix/. (Ideally sharing the same lines).
More precisely we will only need 3 scopes matrix in total:
- a scopes matrix for XDR orgs
- a scopes matrix for unactivated XDR orgs
- a scopes matrix for unactivated XDR Org which are also a common Org
Sub tasks:
1. Make a decision about the list of scopes for the two new matrix, perhaps
there will be a need to have different matrices before and after SX EOL.
a. after SX EOL, unactivated and non common org are fully disabled (I don't
think that's the case to continue to support SE / Orbital for example)
b. after SX EOL, there will be an UI that should work for all possible
"scopes set". We are talking about 1 scopes-set per role per matrix.
Currently 6 scopes set (admin, user, sat).
I would expect the scopes choice to be done in a few days, and about 1 to 2 releases
(2 to 4 weeks for the code change).
**** Disabling Products
***** SXO (0 release, should already be supported)
We could immediately remove the ~ao~ scope and it should be enough to prevent
Automation usage.
SXO is already consuming Entitlement changes events and thus could detect and
Org becomes inactive and could therefore do the necessary tasks inside SXO.
***** DAP / SCA (1 to 2 releases about team syncing, close to 0 dev effort)
We need to configure a new hook on EntitlementSummary changes so this could
trigger a decomission.
It should be a matter of adding a webhook with some configuration. So here we
mostly need time to sync with the dev teams to configure the webhooks.
Creating a new webhook should be easy but we will probably need a few days to
gather all necessary data to create this configuration.

106
notes/secure_client_and_orbital_sx_eol.org Normal file
View file

@ -0,0 +1,106 @@
:PROPERTIES:
:ID: 26867184-57cf-472d-b5db-d6349665184e
:END:
#+title: Secure Client And Orbital SX EOL
#+Author: Yann Esposito
#+Date: [2024-06-26]
- tags ::
- source ::
* Orbital Modules Types
- NAM: ~b7f21c6b-701a-4b45-8a3d-449001844efe~
- EU: ~2c55baf0-5fa4-4ffc-a263-954920ddd8c6~
- APJC: ~9b801b44-310d-432a-8668-8611c74415e9~
- TEST: ~59bbd2bb-b2e9-4fa0-935d-61eafc663a07~
- INT: ~59bbd2bb-b2e9-4fa0-935d-61eafc663a07~
#+BEGIN_SRC js
{
"description": "Orbital is an advanced capability in Cisco Secure Endpoint that is designed to make security investigation and threat hunting simple by providing an implementation of powerful Osquery technology on each of your Secure Endpoint-enabled endpoints. Orbital allows you to create custom queries to look across your network for anything of interest, but also comes with over a hundred pre-canned queries, allowing you to quickly run complex queries on any or all endpoints. This capability enables you to gain deeper visibility on what happened to any endpoint at any given time by taking a snapshot of its current state. Whether you are doing an investigation as part of incident response, threat hunting, IT operations, or vulnerability and compliance, we get you the answers you need about your endpoints fast. Orbital can enrich information presented in the relations graph by pivoting into Orbital to query and gather additional intelligence about your host, IP, IP4, IP6, MAC, and OS, etc. The Orbital app is available on the ribbon and it allows you to run a live query. You can view metrics and your recent queries in the right panel.\n\nThis integration also creates a target automatically in Automation for out-of-box workflows.",
"properties": "mPBDSYPMOUhPHmeNfjsPusJFa5qSvyxqkl2bRzDMUcPgWt5NUthziK/hfaBIEnPnAqyml0m8Epl7p4+2LGwJ2ESBCKpUKjzuv0+0RG4xbIxLf+gFRiERjjFwqexQsaexmQPgWflkoMhUar4fj2Crn9M6uh1Wz95FrCt618A2CFyPZaDmsbCBuqvdwMb+SpOuy4Fb9kS7ss5D1qZDzKpDuCwmFYWVwEMFoZUht1Lz0mNEc9DykFdLQFNgdejmSO+gGJRYbTq200+y0aikGc1IIaKStHJ3BB4MOuA3Bn4MO5NqQyRIRilU3JrXrV/m9/tmls2pkDzx0om7ca6VWYhwQtYkSvmGUFZwpzFiOloq76gVVEyIdKS+FOPxD3EPCyaA",
"capabilities": [
{
"id": "health",
"description": "Healthcheck"
},
{
"id": "refer",
"description": "Reference links"
},
{
"id": "device_insights",
"description": "Device Insights"
}
],
"app_link_meta": {
"url": "https://visibility.amp.cisco.com/iroh/iroh-auth/login?redirect_after_login=https%3A%2F%2Forbital.amp.cisco.com%2Firoh%3Fnext%3DaHR0cHM6Ly9vcmJpdGFsLmFtcC5jaXNjby5jb20v",
"title": "launch"
},
"tips": "**Prerequisite:** Secure Endpoint Advantage license for North America and European Union.\n\n1. Complete the **Add Integration** form:\n \n * **Integration Name** - Leave the default name or enter a name that is meaningful to you. \n * **Integration with Device Insights** - The Devices feature consolidates your device inventory from multiple device managers into a unified view. \n By default, the check box is checked, which enables Orbital integration with the Devices feature and it allows you to view data from Orbital in Devices. \n Unchecking the check box disables Orbital integration with the Devices feature. Orbital will still integrate with the current platform, you just wont be able to view data from Orbital in Devices.\n \n2. Click **Add** or **Save** to complete the Orbital integration configuration.",
"logo_dark": "https://brand-assets.security.cisco.com/secure-monochrome/orbital-dark.svg",
"logo": "https://brand-assets.security.cisco.com/secure-monochrome/orbital-light.svg",
"org_id": "964a8c3b-9aef-4e1d-aadf-e2754004d230",
"configuration_spec": [
{
"key": "custom_enable_device_insight",
"type": "boolean",
"label": "Integration with Device Insights",
"default_value": true
}
],
"short_description": "Cisco Orbital is a service that uses Osquery to provide you and your applications with detailed information about your hosts.",
"title": "Orbital",
"external_references": [
{
"link": "https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/amp-endpoints-faq.pdf",
"label": "FAQ"
},
{
"link": "https://orbital.amp.cisco.com/help/",
"label": "Help"
},
{
"link": "https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/cisco-orbital-advanced-search-privacy-data-sheet.pdf",
"label": "Privacy"
},
{
"class": "securex:di:asset_source",
"external_id": "securex:di:orbital"
},
{
"class": "securex:ao:target",
"external_id": "securex:ao:orbital"
}
],
"updated_at": "2024-03-27T14:30:16.763Z",
"id": "b7f21c6b-701a-4b45-8a3d-449001844efe",
"record": "relay-module.module/RelayModule+Orbital",
"user_id": "7b02b2d4-9961-4167-90ff-328df51f5b65",
"client_id": "iroh-ui",
"default_name": "Orbital",
"flags": [
"default",
"cisco",
"managed"
],
"enabled": true,
"visibility": "global",
"created_at": "2020-06-03T17:46:07.479Z"
}
#+END_SRC
* Request to create a new module-instance
#+BEGIN_SRC
POST ${IROH_API}/iroh/iroh-int/module-instance
Authorization: Bearer ${JWT}
Content-Type: application/json
{"name": "Orbital",
"module_type_id": "${MODULE_TYPE_ID}",
"settings": {"custom_enable_device_insight":true}}
#+END_SRC

180
notes/sx_eol_phase_1.org Normal file
View file

@ -0,0 +1,180 @@
:PROPERTIES:
:ID: c60e01f9-9513-46f7-85f8-994f90989b2f
:END:
#+title: SX EOL Phase 1
#+Author: Yann Esposito
#+Date: [2024-04-02]
- tags :: [[id:91f33b35-6e4e-4213-b214-972ee20722df][Cisco]]
- aha :: https://ciscosecurity.aha.io/epics/XDR-E-164?active_tab=related
- jira :: https://cisco-sbg.atlassian.net/browse/XDR-1523
* Epic SecureX EOL Phase 1
** Functional Specification
- Org Flag
+ XDR Orgs (as usual)
+ SC Orgs:
- only two roles (admin and user)
- authorizations:
- manage clients
- manage users (remove allow non-admin user section, should be checked by default)
- manage devices
- audit logs
- profile
- integrations (module-instances)
- no incident activity
- no incident investigation
- no Automation workflow nor response action
+ SX-only Orgs (after EOL disabled)
- script to init Org flags
- create a new matrix Org-flags => role->scopes matrix
- reduce module-type
- provision script for SC-only orgs
- Check the org-view provided to Registration-UI to provide the applications flags
- Org switching
+ SC Interim UI shows only SC orgs
+ XDR UI only show XDR orgs
- Rebrand HTML Error pages (invitation, org join, account disabled, org disabled)
- SE should be able to provision new IROH Org for SC and Orbital
** Technical Specification
*** Org Applications
Add the following field to the ~Org~:
#+begin_src clojure
:apps #{Application}
#+end_src
Where
#+begin_src clojure
(s/defschema Application
;; use comment here because the name will change but the keywords will not
;; and it will be useful to remember why we used `sc` if Secure Client is renamed to something
;; else for example
(s/enum :xdr ;; XDR
:sx ;; SecureX to disappear after 31th of July
:sc ;; Secure Client
))
#+end_src
Make this field visible. With the following rules:
- org is enabled and has ~cisco/feature-flag/xdr~ in the ~additional-flags~ => provide ~:xdr~ app
- org is enabled and does not have the XDR flag => gives ~:sx~ app
- org is disabled => apps is the empty set
Note there is no way to have the ~sc~ flag without admin intervention
*** Org View update
Add a field ~sc-enabled?~ similar to ~sx-enabled?~ and ~xdr-enabled?~
to the OrgView visible from the Profile API.
*** Expose an API to manage app flags
Along the feature-flag API, add a new route that can add/remove App flags.
Decide who can use this API and how (script?).
*** Write a script to update (by batch) the app flag of an Org
This would probably be run once before SX EOL date to init the Orgs.
*** Org Application => Scopes Matrix
With the introduction of these flags, we will now have 4 specific orgs kind:
1. xdr org (contains :xdr, we do not care about :sc nor :sx)
2. sc org (does not contain :xdr, but contain :sc, we do not care about :sx presence)
3. sx-only org (does not contain :xdr nor sc, but contain :sx)
4. disabled org; when apps is empty, then we should disable the org (can use
~get-org~ in the Org service for that, and we might update the DB accordingly)
#+begin_src clojure
(defn org-scopes-matrix
[org]
(condp contains? (:apps org)
#{:xdr} xdr-scopes-matrix
#{:sc} sc-scopes-matrix
#{:sx} sx-scopes-matrix
empty-scopes-matrix))
#+end_src
And then the user scopes will be provided with:
#+begin_src clojure
(defn user-scopes
[org user]
(let [scopes-matrix (org-scopes-matrix org)]
(scopula/scopes-union
(scopes-from-role (:role user) scopes-matrix)
(:additional-scopes org)
(:additional-scopes user))))
#+end_src
*NOTE*:
- Have a test checking the XDR scopes matrix is a superset of the SC scopes matrix.
- SC scopes matrix is XDR without the scopes ~private-intel~ and ~ao~ and ~response~:
*** Depending on XDR apps reduce the visible and allowed list of module-types
Change the list of available module-types for SC-only Orgs.
The Org service will contain a method named ~org-main-app~ and the logic should be:
#+begin_src clojure
(defn available-modules
[org entitlement-tier]
(case (org-main-app org)
:xdr (xdr-available-module-types entitlement-tier)
:sc sc-available-module-types
:sx sx-available-module-types
nil))
#+end_src
*** Secure Endpoint Provisioning
Secure Endpoint already use the provisioning routes.
But we need some work to:
1. Add the ~sc~ flag to these org
2. Support async onboarding as well
3. When ~sc~ only provision CSC and DI
*** Add value in whoami to state we reached SX EOL
#+begin_src clojure
:before-sx-eol? (describe s/Bool "true before sx-eol false after.")
#+end_src
* Tasks
- [X] https://github.com/advthreat/iroh/pull/9175 Org Application
- [X] [[https://github.com/advthreat/iroh/pull/9192]] Org View with Apps
- [X] https://github.com/advthreat/iroh/pull/9195 API to manage app flags
- [ ] Write a script to batch update apps of orgs
- [ ] https://github.com/advthreat/iroh/pull/9247 Add a scopes-matrix per org apps
- [ ] PR that will change SX orgs to SC orgs after SX EOL date.
- [ ] Create a service that manage deadlines dates (from the backend)
- [ ] Exposes the dates managed by this service to the ~/whoami~ endpoint
- [ ] Have an Admin API able to change the list of timers
- [ ] Have SX orgs become SC orgs after ~sx-eol?~ deadline.
- [ ] Org Applications change visibility of modules
- [ ] Provisioning
- [ ] Support adding the ~sc~ app
- [ ] Support async onboarding (or keep non async endpoints conf)
- [ ] When ~sc~ app, only provision CSC and DI
* Questions
- What about downgrade?
XDR orgs have more 3 roles
SC orgs have 2 roles
1. customer start with SC
2. customer then buy XDR, set some user to SAT role (security analyst neither admin nor user)
3. customer leave XDR, so get back to XDR
Should the TAC role user be back to user?
What if a new role has fewer scopes than SC user? changing their role will
mean escalation of authorization, should we disable them?

58
notes/sx_eol_phase_1_presentation.org Normal file
View file

@ -0,0 +1,58 @@
:PROPERTIES:
:ID: 7ddbbc9f-a3a9-4ef3-b751-3f12be315482
:END:
#+title: SX EOL Phase 1 Presentation
#+Author: Yann Esposito
#+Date: [2024-04-23]
- tags ::
- source ::
* SecureX EOL Cases
- What occurs during downgrade
- What occurs for an XDR admin
- What occurs for an SX admin when they go XDR after 31th July
- What occurs to Sat user in XDR if they downgrade to SC?
- What should be the roles
** Existing SecureX Orgs
*** IdP
- SXSO => easy
- CSA => should have been migrated to SXSO ?
- TG => some beta Org with the XDR flag but no solution to migrate to PIAM
*** SX to XDR?
- XDR feature flag;
- manually added; give access to SX and XDR
- PIAM Provisioning =>
- add a PIAM enterprise-id to the Org
- remove access to SX, only XDR becomes available
*** Downgrading?
- PIAM Provisioning => remove entitlements ;
undefined behavior
currently no code taking care of this case.
Now:
- the XDR feature-flag stays
- the PIAM enterprise-id is still kept
- remove data retention policy, all data is here forever and never deleted.
So, for example, expired XDR cost more than paying customer.
- Manual downgrade; remove the XDR feature-flag
- XDR UI becomes inaccessible
- XDR roles becomes inaccessible
- if a user with an XDR-role only exists, IROH API, SX UI (or even SC UI) will probably break
*** Example
1. today SX
2. mark it as SC org
3. SX EOL comes => SC org
4. Upgrade to XDR
5. XDR expires
6. ??? should it become back an SC org? I would say yes.
- Same issue with roles

122
notes/the_new_web_and_how_to_achieve_it.org Normal file
View file

@ -0,0 +1,122 @@
:PROPERTIES:
:ID: d8304f8a-8db3-4b57-b87a-1d31230fbe93
:END:
#+title: The new web and how to achieve it
#+Author: Yann Esposito
#+Date: [2024-06-27]
- tags :: [[id:a5be1daf-1010-428f-a30f-8faf95c1a42f][blog]]
- source ::
* The new web and how to achieve it
I was born before the web, and discovered Internet via the web first as most
people.
Clearly now, the web is polluted to the point where it is almost unbearable for
me.
I don't want to start the analysis about exactly went wrong about it. A lot as
already been written about it.
But let just say, people now forgot about the Internet and focus on the Web.
So the spirit about consuming the Internet changed a lot.
As I remember the Internet, it was first focused on protocols.
People would create a new protocol to provide a feature.
Typically, chat, voice, file sharing, etc…
Let's take for example, chatting.
The IRC protocol is provide.
The IRC need two applications, an IRC server and an IRC client.
We saw many different IRC servers be built, in different programming languages.
And we saw, also many different IRC clients.
Of course, there was always some tension between some server not respecting
exactly the same conventions than others, but mostly. This was entirely
interoperable.
As a consumer you choose the application you preferred to use IRC.
And the same occurred for, the Web (even if it has changed a lot; [[org:web-engines][see footnote]]),
file sharing (FTP, sFTP, then so many P2P protocols), discussion/forum (BBS,
Usenet).
In fact, I would argue that, the "real Internet" consumption, I mean, in the
spirit of the founders was the P2P networks.
The net was supposed to make direct communication between people.
Not everything was perfect, very far from it. But it had the property of being
really free, as consumer we had a lot more choices.
So now, we mostly consume the Internet only via the Web and emails.
And, as the Web becomes crap, we see a resurgence from the geekiest between us
of a will to go back to the old direction. Mainly, decentralization to prevent
a single player (generally a big corp) to "enshitify" the experience for
everyone of us.
I feel the crappy web will be here to stay for a long time.
But, we can do something about it.
First, there is the recent [[https://www.w3.org/TR/activitypub/][ActivityPub]] protocol.
This protocol is recently used to build a [[https://en.wikipedia.org/wiki/Fediverse][Fediverse]].
I feel this protocol has its flaw, but so far, we have not reached [[https://en.wikipedia.org/wiki/Eternal_September][Eternal
September]] yet and I enjoy [[https://joinmastodon.org][Mastodon]] (a twitter clone) and [[https://join-lemmy.org][Lemmy]] (a reddit
clone) for example.
But I wouldn't write this blog post if I didn't believe that we can do better.
I feel we reached a point where the web is screwed for good.
It is now time to create another protocol that does not need a "Web Browser".
Here is my doleances:
- The client of this new protocol should be EASY to write from scratch.
- The client should NEVER allow client-side scripting.
- The language into which we express a rendering should be expressive enough but
NOT Turing Complete, we must have a language that can be proven to stop.
- The user should be in control of the rendering of the content. Disabled people
deserve the right to access the content they way they see fit.
No equivalent of CSS which should naturally provide a more "article" or
"content" type of things.
- Bonuses:
- the client is mostly retro compatible with small-websites.
Can parse basic HTML, will not load js, will not load CSS, will take care of
checking some properties before redirect the user. Ideally we should ask use
HTTP to ask a HEAD on the resource, and check a specific header that tell
us, that yes, this website is compatible with the "small-web"
- the client should also be compatible with gopher and gemini.
* Footnotes
** <<web-engines>> The Web is entirely controlled by Big corps now
As a reminder, the Web is just one way to consume the Internet.
Internet is about protocols so different computers can communicate across the
globe and beyond.
And I would like to remind a time were attached to every new protocol there were
a set of applications tied to it.
So the Web turns around the HTTP/HTTPs protocols whose content is HTML+CSS+JS.
The Applications to consume the Web are Web browsers.
For web browser to render a website correctly should have a lot of features, so
much that for that you need a /Browser Engine/.
The complexity of these Browser Engine is so huge that it would be very
difficult if not impossible for just a small group of people to be able to
create a new one from scratch.
As of today, there are very few choices, looking at this [[https://en.wikipedia.org/wiki/Comparison_of_browser_engines][Wikipedia page]] there
are only 4 active browser engine.
Most controlled by tech Giants (Apple, Google and Microsoft) and the last one
Gecko is controlled, mostly, by Mozilla but is currently very dependent
financially from Google.
Does it matter? I think so yes. It is now, very easy, for these big players to
enforce policies that are against consumers best interests.
I guess you can imagine a few of them.
Through the browser engine you could alter the rendering of any website.
** The new web became an open application download platform.
What really changed recently, is that, we added, layer after layer.
The new web mix content website with applications.
A website that is in fact an application, or contain an application.
As long as you use the application in the "virtual machine" that is the browser
engine, you're good to go.
The system will download the application without any warning, and it will launch
the application without any warning. And you are slightly protected from most
nefarious use case but not all. Typically, I could easily put an js that run
crypto-money mining and there is not really anything you could do about it.
I am even very surprised most website are not already doing something like this.
This might be an even better mechanism to earn money than ads... Anyway, it
would waste so much resources, I'm glad this is not the norm... yet.

543
notes/xdr_monetization.html
View file

@ -1,543 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8"/>
<title>XDR Monetization</title>
<meta name="author" content="Yann Esposito"/>
<style type="text/css">
.underline { text-decoration: underline; }
</style>
<link rel="stylesheet" href="/Users/esposito/.emacs.d/.local/straight/build-29.0.60/revealjs/dist/reveal.css"/>
<link rel="stylesheet" href="/Users/esposito/.emacs.d/.local/straight/build-29.0.60/revealjs/dist/theme/black.css" id="theme"/>
</head>
<body>
<div class="reveal">
<div class="slides">
<section id="sec-title-slide">
<h1 class="title">XDR Monetization</h1><h2 class="author">Yann Esposito</h2><h2 class="date">2023-07-12 Wed 00:00</h2><p class="date">Created: 2023-07-12 Wed 17:38</p>
</section>
<section id="table-of-contents-section">
<div id="table-of-contents" role="doc-toc">
<h2>Table of Contents</h2>
<div id="text-table-of-contents" role="doc-toc">
<ul>
<li><a href="#/slide-1">1. Intro</a>
<ul>
<li><a href="#/slide-1-1">1.1. What?</a></li>
<li><a href="#/slide-1-2">1.2. Example</a>
<ul>
<li><a href="#/slide-1-2-1">1.2.1. Entitlements:</a></li>
<li><a href="#/slide-1-2-2">1.2.2. Access Rule example:</a></li>
</ul>
</li>
<li><a href="#/slide-1-3">1.3. How?</a></li>
<li><a href="#/slide-1-4">1.4. Also Entitlement Summary</a></li>
</ul>
</li>
<li><a href="#/slide-2">2. Entitlements (technically)</a>
<ul>
<li><a href="#/slide-2-1">2.1. Just the Tier, no add-on:</a></li>
<li><a href="#/slide-2-2">2.2. Tier with add-ons</a></li>
<li><a href="#/slide-2-3">2.3. PIAM Doc</a>
<ul>
<li><a href="#/slide-2-3-1">2.3.1. Entitlements</a></li>
<li><a href="#/slide-2-3-2">2.3.2. name</a></li>
<li><a href="#/slide-2-3-3">2.3.3. value</a></li>
<li><a href="#/slide-2-3-4">2.3.4. quantity</a></li>
<li><a href="#/slide-2-3-5">2.3.5. quantity<sub>enforced</sub></a></li>
</ul>
</li>
</ul>
</li>
<li><a href="#/slide-3">3. Entitlement Summary</a>
<ul>
<li><a href="#/slide-3-1">3.1. Structure</a></li>
<li><a href="#/slide-3-2">3.2. Tier-only Entitlement</a></li>
<li><a href="#/slide-3-3">3.3. The <code>EntitlementSummary</code> will look like this:</a></li>
<li><a href="#/slide-3-4">3.4. With Add-ons</a></li>
<li><a href="#/slide-3-5">3.5. The <code>EntitlementSummary</code> will be:</a></li>
<li><a href="#/slide-3-6">3.6. <code>Entitlements</code> consumption in js</a></li>
<li><a href="#/slide-3-7">3.7. EntitlementSummary consumption in js</a></li>
<li><a href="#/slide-3-8">3.8. More to come</a>
<ul>
<li><a href="#/slide-3-8-1">3.8.1. IROH Internal</a></li>
<li><a href="#/slide-3-8-2">3.8.2. XDR global values</a></li>
<li><a href="#/slide-3-8-3">3.8.3. Example</a></li>
<li><a href="#/slide-3-8-4">3.8.4. Summary</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="#/slide-4">4. Conclusion</a></li>
</ul>
</div>
</div>
</section>
<section>
<section id="slide-1">
<h2 id="1"><span class="section-number-2">1.</span> Intro</h2>
<div class="outline-text-2" id="text-1">
</div>
</section>
<section id="slide-1-1">
<h3 id="1-1"><span class="section-number-3">1.1.</span> What?</h3>
<ul>
<li><b>Entitlements</b>: What the customer is paying for.</li>
<li><b>Access Rules</b>: What services should allow, restrict.</li>
</ul>
</section>
<section id="slide-1-2">
<h3 id="1-2"><span class="section-number-3">1.2.</span> Example</h3>
<div class="outline-text-3" id="text-1-2">
</div>
</section>
<section id="slide-1-2-1">
<h4 id="1-2-1"><span class="section-number-4">1.2.1.</span> Entitlements:</h4>
<ul>
<li>Tier: Essentials for 1000 <i>users</i> (number of <a href="https://cisco.sharepoint.com/sites/SecurityPersonas/SitePages/prime-employee.aspx?csf=1&amp;web=1&amp;e=LcTwTp">Lees</a>).</li>
<li>Extra Data Retention &ldquo;add-on&rdquo;: 180 <i>days</i></li>
<li>Extra Ingest &ldquo;add-on&rdquo;: 2 <i>GB</i></li>
</ul>
</section>
<section id="slide-1-2-2">
<h4 id="1-2-2"><span class="section-number-4">1.2.2.</span> Access Rule example:</h4>
<ul>
<li><b>Total Ingest</b>: 4000GB (1000 user × (2GB + 2GB))</li>
<li><b>Time to Keep Data</b>: 180 days (yes, <b>extra</b> might not mean what we could expect)</li>
</ul>
<p>
ref: <a href="https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/xdr/xdr-ga.md#entitlements">https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/xdr/xdr-ga.md#entitlements</a>
</p>
</section>
<section id="slide-1-3">
<h3 id="1-3"><span class="section-number-3">1.3.</span> How?</h3>
<p>
Entitlement represent what the customer pays for.
PIAM creates and updates them.
</p>
<div id="org8d3f723" class="figure">
<p><img src="xdr-monetization-piam-entitlements.png" alt="xdr-monetization-piam-entitlements.png" />
</p>
</div>
</section>
<section id="slide-1-4">
<h3 id="1-4"><span class="section-number-3">1.4.</span> Also Entitlement Summary</h3>
<p>
IROH exposes an API to retrieve an <code>EntitlementSummary</code>.
A data structure easier to consume than the list of entitlements.
</p>
<div id="org53caa80" class="figure">
<p><img src="xdr-monetization-piam-entitlement-summary.png" alt="xdr-monetization-piam-entitlement-summary.png" />
</p>
</div>
</section>
</section>
<section>
<section id="slide-2">
<h2 id="2"><span class="section-number-2">2.</span> Entitlements (technically)</h2>
<p>
Example of a list of <code>Entitlements</code> sent by PIAM to IROH:
</p>
</section>
<section id="slide-2-1">
<h3 id="2-1"><span class="section-number-3">2.1.</span> Just the Tier, no add-on:</h3>
<div class="org-src-container">
<pre class="src src-js">[{<span style="color: #79740e;">"name"</span> <span style="color: #79740e;">"tier"</span>,
<span style="color: #79740e;">"value"</span> <span style="color: #79740e;">"advantage"</span>,
<span style="color: #79740e;">"quantity"</span> {<span style="color: #79740e;">"value"</span> <span style="color: #8f3f71; font-weight: bold;">1000</span>, <span style="color: #79740e;">"unit"</span> <span style="color: #79740e;">"users"</span>},
<span style="color: #79740e;">"enforce-quantity"</span> <span style="color: #8f3f71;">true</span>}]
</pre>
</div>
</section>
<section id="slide-2-2">
<h3 id="2-2"><span class="section-number-3">2.2.</span> Tier with add-ons</h3>
<div class="org-src-container">
<pre class="src src-js">[{<span style="color: #79740e;">"name"</span>:<span style="color: #79740e;">"tier"</span>,
<span style="color: #79740e;">"value"</span>:<span style="color: #79740e;">"essentials"</span>,
<span style="color: #79740e;">"quantity"</span>:{<span style="color: #79740e;">"value"</span>:<span style="color: #8f3f71; font-weight: bold;">1000</span>, <span style="color: #79740e;">"unit"</span>:<span style="color: #79740e;">"users"</span>},
<span style="color: #79740e;">"enforce-quantity"</span>:<span style="color: #8f3f71;">true</span>},
{<span style="color: #79740e;">"name"</span>:<span style="color: #79740e;">"extra_ingest"</span>,
<span style="color: #79740e;">"value"</span>:<span style="color: #79740e;">""</span>,
<span style="color: #79740e;">"quantity"</span>:{<span style="color: #79740e;">"value"</span>:<span style="color: #8f3f71; font-weight: bold;">2</span>, <span style="color: #79740e;">"unit"</span>:<span style="color: #79740e;">"GB"</span>},
<span style="color: #79740e;">"enforce-quantity"</span>:<span style="color: #8f3f71;">true</span>},
{<span style="color: #79740e;">"name"</span>:<span style="color: #79740e;">"extra_data_retention"</span>,
<span style="color: #79740e;">"value"</span>:<span style="color: #79740e;">""</span>,
<span style="color: #79740e;">"quantity"</span>:{<span style="color: #79740e;">"value"</span>:<span style="color: #8f3f71; font-weight: bold;">180</span>, <span style="color: #79740e;">"unit"</span>:<span style="color: #79740e;">"days"</span>},
<span style="color: #79740e;">"enforce-quantity"</span>:<span style="color: #8f3f71;">true</span>}]
</pre>
</div>
</section>
<section id="slide-2-3">
<h3 id="2-3"><span class="section-number-3">2.3.</span> PIAM Doc</h3>
<p>
From <a href="https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/xdr/xdr-ga.md#entitlements">Paul Chichonski&rsquo;s doc</a>
</p>
<p>
<a href="https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/product-spec.md#multi-valued-attributes">https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/product-spec.md#multi-valued-attributes</a>
</p>
</section>
<section id="slide-2-3-1">
<h4 id="2-3-1"><span class="section-number-4">2.3.1.</span> Entitlements</h4>
<ul>
<li><code>entitlements</code> &#x2013; A list of entitlements the tenant is allowed to use. Each item in
the list is an object with the following fields:</li>
</ul>
<div class="org-src-container">
<pre class="src src-js">[{<span style="color: #79740e;">"name"</span>:<span style="color: #79740e;">"tier"</span>,
<span style="color: #79740e;">"value"</span>:<span style="color: #79740e;">"essentials"</span>,
<span style="color: #79740e;">"quantity"</span>:{<span style="color: #79740e;">"value"</span>:<span style="color: #8f3f71; font-weight: bold;">1000</span>, <span style="color: #79740e;">"unit"</span>:<span style="color: #79740e;">"users"</span>},
<span style="color: #79740e;">"enforce-quantity"</span>:<span style="color: #8f3f71;">true</span>},
{<span style="color: #79740e;">"name"</span>:<span style="color: #79740e;">"extra_ingest"</span>,
<span style="color: #79740e;">"value"</span>:<span style="color: #79740e;">""</span>,
<span style="color: #79740e;">"quantity"</span>:{<span style="color: #79740e;">"value"</span>:<span style="color: #8f3f71; font-weight: bold;">2</span>, <span style="color: #79740e;">"unit"</span>:<span style="color: #79740e;">"GB"</span>},
<span style="color: #79740e;">"enforce-quantity"</span>:<span style="color: #8f3f71;">true</span>}]
</pre>
</div>
</section>
<section id="slide-2-3-2">
<h4 id="2-3-2"><span class="section-number-4">2.3.2.</span> name</h4>
<ul>
<li><code>name</code> &#x2013; The name of the entitlement (defined as part of the entitlement
controlled vocabulary between PIAM and the product)</li>
</ul>
</section>
<section id="slide-2-3-3">
<h4 id="2-3-3"><span class="section-number-4">2.3.3.</span> value</h4>
<ul>
<li><code>value</code> &#x2013; Some entitlements will have a string value that serves to qualify the
entitlement. For example an entitlement with <code>name=tier</code> may have three
different manifestations if there are three different tiers (e.g., <code>{"name":
"tier", "value": "essentials"}</code>, <code>{"name": "tier", "value": "primary"}</code>,
<code>{"name": "tier", "value": "advantage"}</code>)</li>
</ul>
</section>
<section id="slide-2-3-4">
<h4 id="2-3-4"><span class="section-number-4">2.3.4.</span> quantity</h4>
<ul>
<li><code>quantity</code> &#x2013; Some entitlements will have numeric quantity associated with the
entitlement, this represents the amount of this entitlement the tenant is
permitted to consume. Each quantity field will contain an object with the
following values:
<ul>
<li><code>value</code> - The number holding the actual quantity.</li>
<li><code>unit</code> - A string representing what unit to use when interpreting the quantity.</li>
</ul></li>
</ul>
</section>
<section id="slide-2-3-5">
<h4 id="2-3-5"><span class="section-number-4">2.3.5.</span> quantity<sub>enforced</sub></h4>
<ul>
<li><code>quantity_enforced</code> &#x2013; A boolean field, if <code>true</code> it means that the product
should enforce the allocated quantity of the entitlement for this tenant. It
is up to the product to determine how to do this. Cases where this will be
<code>false</code> are if the customer purchased via a buying program that supports a
&ldquo;pay as you go&rdquo; pricing model.</li>
</ul>
</section>
</section>
<section>
<section id="slide-3">
<h2 id="3"><span class="section-number-2">3.</span> Entitlement Summary</h2>
<p>
The Entitlement Summary provides a data-structure easier to consume
than the entitlements list.
</p>
<ul>
<li>A JSON Object instead of list.</li>
<li>Additional technically useful entries.</li>
</ul>
</section>
<section id="slide-3-1">
<h3 id="3-1"><span class="section-number-3">3.1.</span> Structure</h3>
<p>
The main structure of the <code>EntitlementSummary</code> is:
</p>
<pre class="example">
{&lt;entitlement-name&gt;: &lt;entitlement-details&gt;}
</pre>
<p>
Where <code>&lt;entitlement-details&gt;</code> looks like:
</p>
<div class="org-src-container">
<pre class="src src-js">{<span style="color: #79740e;">"title"</span>: <span style="color: #79740e;">"something"</span>, <span style="color: #a89984;">// </span><span style="color: #a89984;">&lt;- optional instead of value:""</span>
<span style="color: #79740e;">"quantity"</span>: Integer,
<span style="color: #79740e;">"unit"</span>: <span style="color: #79740e;">"human-readable-unit"</span>,
<span style="color: #79740e;">"enforce?"</span>: Boolean}
</pre>
</div>
</section>
<section id="slide-3-2">
<h3 id="3-2"><span class="section-number-3">3.2.</span> Tier-only Entitlement</h3>
<p>
When PIAM send this list of <code>Entitlements</code>:
</p>
<div class="org-src-container">
<pre class="src src-js">[{<span style="color: #79740e;">"name"</span> : <span style="color: #79740e;">"tier"</span>,
<span style="color: #79740e;">"value"</span> : <span style="color: #79740e;">"advantage"</span>,
<span style="color: #79740e;">"quantity"</span> : {<span style="color: #79740e;">"value"</span> : <span style="color: #8f3f71; font-weight: bold;">32000</span>,
<span style="color: #79740e;">"unit"</span> : <span style="color: #79740e;">"users"</span>},
<span style="color: #79740e;">"enforce-quantity"</span> : <span style="color: #8f3f71;">true</span>}]
</pre>
</div>
</section>
<section id="slide-3-3">
<h3 id="3-3"><span class="section-number-3">3.3.</span> The <code>EntitlementSummary</code> will look like this:</h3>
<div class="org-src-container">
<pre class="src src-js">{<span style="color: #79740e;">"tier"</span> : {<span style="color: #79740e;">"title"</span> : <span style="color: #79740e;">"advantage"</span>,
<span style="color: #79740e;">"quantity"</span> : <span style="color: #8f3f71; font-weight: bold;">32000</span>,
<span style="color: #79740e;">"unit"</span> : <span style="color: #79740e;">"users"</span>,
<span style="color: #79740e;">"enforce?"</span> : <span style="color: #8f3f71;">true</span>}}
</pre>
</div>
</section>
<section id="slide-3-4">
<h3 id="3-4"><span class="section-number-3">3.4.</span> With Add-ons</h3>
<p>
If PIAM send a list of <code>Entitlements</code> with add-ons:
</p>
<div class="org-src-container">
<pre class="src src-js">[ {<span style="color: #79740e;">"name"</span> : <span style="color: #79740e;">"tier"</span>,
<span style="color: #79740e;">"value"</span> : <span style="color: #79740e;">"premier"</span>,
<span style="color: #79740e;">"quantity"</span> : {<span style="color: #79740e;">"value"</span> : <span style="color: #8f3f71; font-weight: bold;">1000</span>, <span style="color: #79740e;">"unit"</span> : <span style="color: #79740e;">"users"</span>},
<span style="color: #79740e;">"enforce-quantity"</span> : <span style="color: #8f3f71;">true</span>},
{<span style="color: #79740e;">"name"</span> : <span style="color: #79740e;">"extra_ingest"</span>,
<span style="color: #79740e;">"value"</span> : <span style="color: #79740e;">""</span>,
<span style="color: #79740e;">"quantity"</span> : {<span style="color: #79740e;">"value"</span> : <span style="color: #8f3f71; font-weight: bold;">2</span>, <span style="color: #79740e;">"unit"</span> : <span style="color: #79740e;">"GB"</span>},
<span style="color: #79740e;">"enforce-quantity"</span> : <span style="color: #8f3f71;">true</span>},
{<span style="color: #79740e;">"name"</span> : <span style="color: #79740e;">"extra_data_retention"</span>,
<span style="color: #79740e;">"value"</span> : <span style="color: #79740e;">""</span>,
<span style="color: #79740e;">"quantity"</span> : {<span style="color: #79740e;">"value"</span> : <span style="color: #8f3f71; font-weight: bold;">180</span>, <span style="color: #79740e;">"unit"</span> : <span style="color: #79740e;">"days"</span>},
<span style="color: #79740e;">"enforce-quantity"</span> : <span style="color: #8f3f71;">true</span>}]
</pre>
</div>
</section>
<section id="slide-3-5">
<h3 id="3-5"><span class="section-number-3">3.5.</span> The <code>EntitlementSummary</code> will be:</h3>
<div class="org-src-container">
<pre class="src src-js">{<span style="color: #79740e;">"tier"</span>: {<span style="color: #79740e;">"title"</span>: <span style="color: #79740e;">"premier"</span>,
<span style="color: #79740e;">"quantity"</span>: <span style="color: #8f3f71; font-weight: bold;">1000</span>,
<span style="color: #79740e;">"unit"</span>: <span style="color: #79740e;">"users"</span>,
<span style="color: #79740e;">"enforce?"</span>: <span style="color: #8f3f71;">true</span>},
<span style="color: #79740e;">"extra_data_retention"</span>: {<span style="color: #79740e;">"quantity"</span>: <span style="color: #8f3f71; font-weight: bold;">180</span>,
<span style="color: #79740e;">"unit"</span>: <span style="color: #79740e;">"days"</span>,
<span style="color: #79740e;">"enforce?"</span>: <span style="color: #8f3f71;">true</span>},
<span style="color: #79740e;">"extra_ingest"</span>: {<span style="color: #79740e;">"quantity"</span>: <span style="color: #8f3f71; font-weight: bold;">2</span>,
<span style="color: #79740e;">"unit"</span>: <span style="color: #79740e;">"GB"</span>,
<span style="color: #79740e;">"enforce?"</span>: <span style="color: #8f3f71;">true</span>}}
</pre>
</div>
</section>
<section id="slide-3-6">
<h3 id="3-6"><span class="section-number-3">3.6.</span> <code>Entitlements</code> consumption in js</h3>
<div class="org-src-container">
<pre class="src src-js"><span style="color: #9d0006;">function</span> <span style="color: #b57614;">get_entitlement_tier</span> (<span style="color: #076678;">entitlements</span>) {
<span style="color: #9d0006;">for</span> (entitlement <span style="color: #9d0006;">in</span> org.entitlements) {
<span style="color: #9d0006;">if</span> (entitlement.name == <span style="color: #79740e;">"tier"</span>) {
<span style="color: #9d0006;">return</span> entitlement.title;
}
}
}
<span style="color: #9d0006;">let</span> <span style="color: #076678;">tier</span> = get_entitlement_tier (entitlements);
</pre>
</div>
</section>
<section id="slide-3-7">
<h3 id="3-7"><span class="section-number-3">3.7.</span> EntitlementSummary consumption in js</h3>
<div class="org-src-container">
<pre class="src src-js"><span style="color: #9d0006;">let</span> <span style="color: #076678;">tier</span> = whoami.org[<span style="color: #79740e;">"entitlement-summary"</span>].tier.title;
</pre>
</div>
</section>
<section id="slide-3-8">
<h3 id="3-8"><span class="section-number-3">3.8.</span> More to come</h3>
<div class="outline-text-3" id="text-3-8">
</div>
</section>
<section id="slide-3-8-1">
<h4 id="3-8-1"><span class="section-number-4">3.8.1.</span> IROH Internal</h4>
<p>
But we plan to add more technical specific values so it helps every Entitlement consumer.
That way it would make possible to share between product specific technical values.
</p>
<p>
For example, we plan to add:
</p>
<ul>
<li>a list of allowed modules.</li>
<li>an optional list of additional scopes</li>
<li>rate limits</li>
</ul>
</section>
<section id="slide-3-8-2">
<h4 id="3-8-2"><span class="section-number-4">3.8.2.</span> XDR global values</h4>
<p>
If you want us to add some information, so we could centralize some logic
related to entitlement into IROH just ask us to add it.
Ideally, this should only contain data that could be shared between different modules.
For example:
</p>
<ul>
<li>allowed workflows, or allowed properties for workflows</li>
<li>specific limitations for a specific module (read-only, etc…)</li>
</ul>
</section>
<section id="slide-3-8-3">
<h4 id="3-8-3"><span class="section-number-4">3.8.3.</span> Example</h4>
<div class="org-src-container">
<pre class="src src-js">{<span style="color: #79740e;">"tier"</span>: {<span style="color: #79740e;">"title"</span>: <span style="color: #79740e;">"premier"</span>,
<span style="color: #79740e;">"quantity"</span>: <span style="color: #8f3f71; font-weight: bold;">1000</span>,
<span style="color: #79740e;">"unit"</span>: <span style="color: #79740e;">"users"</span>,
<span style="color: #79740e;">"enforce?"</span>: <span style="color: #8f3f71;">true</span>},
<span style="color: #79740e;">"extra_data_retention"</span>: {<span style="color: #79740e;">"quantity"</span>: <span style="color: #8f3f71; font-weight: bold;">180</span>,
<span style="color: #79740e;">"unit"</span>: <span style="color: #79740e;">"days"</span>,
<span style="color: #79740e;">"enforce?"</span>: <span style="color: #8f3f71;">true</span>},
<span style="color: #79740e;">"extra_ingest"</span>: {<span style="color: #79740e;">"quantity"</span>: <span style="color: #8f3f71; font-weight: bold;">2</span>,
<span style="color: #79740e;">"unit"</span>: <span style="color: #79740e;">"GB"</span>,
<span style="color: #79740e;">"enforce?"</span>: <span style="color: #8f3f71;">true</span>},
<span style="color: #a89984;">// </span><span style="color: #a89984;">---- SUMMARY OF TECHNICAL LIMITS</span>
<span style="color: #79740e;">"summary"</span> {...}}
</pre>
</div>
</section>
<section id="slide-3-8-4">
<h4 id="3-8-4"><span class="section-number-4">3.8.4.</span> Summary</h4>
<div class="org-src-container">
<pre class="src src-js">{<span style="color: #a89984;">// </span><span style="color: #a89984;">---- SUMMARY OF TECHNICAL LIMITS</span>
<span style="color: #79740e;">"summary"</span> {
<span style="color: #a89984;">// </span><span style="color: #a89984;">PIAM Logic</span>
<span style="color: #79740e;">"data-retention-in-days"</span>: <span style="color: #8f3f71; font-weight: bold;">180</span>, <span style="color: #a89984;">// </span><span style="color: #a89984;">use extra_data_retention + tier</span>
<span style="color: #79740e;">"data-maximal-size-in-GB"</span>: <span style="color: #8f3f71; font-weight: bold;">4000</span>, <span style="color: #a89984;">// </span><span style="color: #a89984;">use extra_ingest + tier quantity</span>
<span style="color: #a89984;">// </span><span style="color: #a89984;">IROH Internal</span>
<span style="color: #79740e;">"additional-scopes"</span>: [ ... ], <span style="color: #a89984;">// </span><span style="color: #a89984;">depends on the tier</span>
<span style="color: #79740e;">"allowed-modules"</span>: [ ... ], <span style="color: #a89984;">// </span><span style="color: #a89984;">depends on the tier</span>
<span style="color: #a89984;">// </span><span style="color: #a89984;">XDR Shared Global Rules</span>
<span style="color: #79740e;">"restricted-workflows"</span>: [...], <span style="color: #a89984;">// </span><span style="color: #a89984;">depends on the tier (or something else)</span>
<span style="color: #79740e;">"rate-limits"</span>: <span style="color: #a89984;">// </span><span style="color: #a89984;">can change depending on the tier</span>
{<span style="color: #79740e;">"sca"</span>: {<span style="color: #79740e;">"queries-per-minutes"</span>: <span style="color: #79740e;">"100"</span>},
<span style="color: #79740e;">"sxo"</span>: {<span style="color: #79740e;">"queries-per-minutes"</span>: <span style="color: #79740e;">"80"</span>},
<span style="color: #79740e;">"csc"</span>: ...},
...
}
}
</pre>
</div>
</section>
</section>
<section>
<section id="slide-4">
<h2 id="4"><span class="section-number-2">4.</span> Conclusion</h2>
<ul>
<li>tier? <code>GET /iroh/profile/whoami</code>
then <code>whoami.org["entitlement-summary"].tier.title</code></li>
<li>Summary only: <code>GET /iroh/profile/entitlement-summary</code></li>
<li>raw entitlements: <code>GET /iroh/profile/entitlements</code></li>
</ul>
</section>
</section>
</div>
</div>
<script src="/Users/esposito/.emacs.d/.local/straight/build-29.0.60/revealjs/dist/reveal.js"></script>
<script src="/Users/esposito/.emacs.d/.local/straight/build-29.0.60/revealjs/plugin/markdown/markdown.js"></script>
<script src="/Users/esposito/.emacs.d/.local/straight/build-29.0.60/revealjs/plugin/notes/notes.js"></script>
<script src="/Users/esposito/.emacs.d/.local/straight/build-29.0.60/revealjs/plugin/search/search.js"></script>
<script src="/Users/esposito/.emacs.d/.local/straight/build-29.0.60/revealjs/plugin/zoom/zoom.js"></script>
<script>
// Full list of configuration options available here:
// https://github.com/hakimel/reveal.js#configuration
Reveal.initialize({
controls: true,
progress: true,
history: false,
center: true,
slideNumber: 'c',
rollingLinks: false,
keyboard: true,
mouseWheel: false,
fragmentInURL: false,
hashOneBasedIndex: false,
pdfSeparateFragments: true,
overview: true,
transition: 'convex',
transitionSpeed: 'default',
// Plugins with reveal.js 4.x
plugins: [ RevealMarkdown, RevealNotes, RevealSearch, RevealZoom ],
// Optional libraries used to extend reveal.js
dependencies: [
]
});
</script>
</body>
</html>

376
notes/xdr_monetization.tex
View file

@ -1,376 +0,0 @@
% Created 2023-07-12 Wed 17:18
% Intended LaTeX compiler: pdflatex
\documentclass[11pt]{article}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage{graphicx}
\usepackage{longtable}
\usepackage{wrapfig}
\usepackage{rotating}
\usepackage[normalem]{ulem}
\usepackage{amsmath}
\usepackage{amssymb}
\usepackage{capt-of}
\usepackage{hyperref}
\author{Yann Esposito}
\date{\textit{[2023-07-12 Wed]}}
\title{XDR Monetization}
\hypersetup{
pdfauthor={Yann Esposito},
pdftitle={XDR Monetization},
pdfkeywords={},
pdfsubject={},
pdfcreator={Emacs 29.0.60 (Org mode 9.6.1)},
pdflang={English}}
\begin{document}
\maketitle
\tableofcontents
\section{Intro}
\label{sec:orgccd9c9c}
\subsection{What?}
\label{sec:org3c93695}
\begin{itemize}
\item \textbf{Entitlements}: What the customer is paying for.
\item \textbf{Access Rules}: What services should allow, restrict.
\end{itemize}
\subsection{Example}
\label{sec:org4004377}
\subsubsection{Entitlements:}
\label{sec:org4d9cf8d}
\begin{itemize}
\item Tier: Essentials for 1000 \emph{users} (number of \href{https://cisco.sharepoint.com/sites/SecurityPersonas/SitePages/prime-employee.aspx?csf=1\&web=1\&e=LcTwTp}{Lees}).
\item Extra Data Retention ``add-on'': 180 \emph{days}
\item Extra Ingest ``add-on'': 2 \emph{GB}
\end{itemize}
\subsubsection{Access Rule example:}
\label{sec:org0a71eba}
\begin{itemize}
\item \textbf{Total Ingest}: 4000GB (1000 user × (2GB + 2GB))
\item \textbf{Time to Keep Data}: 180 days (yes, \textbf{extra} might not mean what we could expect)
\end{itemize}
ref: \url{https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/xdr/xdr-ga.md\#entitlements}
\subsection{How?}
\label{sec:org102ca4d}
Entitlement represent what the customer pays for.
PIAM creates and updates them.
\begin{center}
\includegraphics[width=.9\linewidth]{xdr-monetization-piam-entitlements.png}
\end{center}
\subsection{Also Entitlement Summary}
\label{sec:org9a0848a}
IROH exposes an API to retrieve an \texttt{EntitlementSummary}.
A data structure easier to consume than the list of entitlements.
\begin{center}
\includegraphics[width=.9\linewidth]{xdr-monetization-piam-entitlement-summary.png}
\end{center}
\section{Entitlements (technically)}
\label{sec:org7404848}
Example of a list of \texttt{Entitlements} sent by PIAM to IROH:
\subsection{Just the Tier, no add-on:}
\label{sec:orgc760d26}
\begin{verbatim}
[{"name" "tier",
"value" "advantage",
"quantity" {"value" 1000, "unit" "users"},
"enforce-quantity" true}]
\end{verbatim}
\subsection{Tier with add-ons}
\label{sec:org39f5857}
\begin{verbatim}
[{"name":"tier",
"value":"essentials",
"quantity":{"value":1000, "unit":"users"},
"enforce-quantity":true},
{"name":"extra_ingest",
"value":"",
"quantity":{"value":2, "unit":"GB"},
"enforce-quantity":true},
{"name":"extra_data_retention",
"value":"",
"quantity":{"value":180, "unit":"days"},
"enforce-quantity":true}]
\end{verbatim}
\subsection{PIAM Doc}
\label{sec:orgeacc44a}
From \href{https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/xdr/xdr-ga.md\#entitlements}{Paul Chichonski's doc}
\url{https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/product-spec.md\#multi-valued-attributes}
\subsubsection{Entitlements}
\label{sec:org4517481}
\begin{itemize}
\item \texttt{entitlements} -- A list of entitlements the tenant is allowed to use. Each item in
the list is an object with the following fields:
\end{itemize}
\begin{verbatim}
[{"name":"tier",
"value":"essentials",
"quantity":{"value":1000, "unit":"users"},
"enforce-quantity":true},
{"name":"extra_ingest",
"value":"",
"quantity":{"value":2, "unit":"GB"},
"enforce-quantity":true}]
\end{verbatim}
\subsubsection{name}
\label{sec:org4fd025b}
\begin{itemize}
\item \texttt{name} -- The name of the entitlement (defined as part of the entitlement
controlled vocabulary between PIAM and the product)
\end{itemize}
\subsubsection{value}
\label{sec:org7d691e0}
\begin{itemize}
\item \texttt{value} -- Some entitlements will have a string value that serves to qualify the
entitlement. For example an entitlement with \texttt{name=tier} may have three
different manifestations if there are three different tiers (e.g., \texttt{\{"name":
"tier", "value": "essentials"\}}, \texttt{\{"name": "tier", "value": "primary"\}},
\texttt{\{"name": "tier", "value": "advantage"\}})
\end{itemize}
\subsubsection{quantity}
\label{sec:orgd8af516}
\begin{itemize}
\item \texttt{quantity} -- Some entitlements will have numeric quantity associated with the
entitlement, this represents the amount of this entitlement the tenant is
permitted to consume. Each quantity field will contain an object with the
following values:
\begin{itemize}
\item \texttt{value} - The number holding the actual quantity.
\item \texttt{unit} - A string representing what unit to use when interpreting the quantity.
\end{itemize}
\end{itemize}
\subsubsection{quantity\textsubscript{enforced}}
\label{sec:org70e8a50}
\begin{itemize}
\item \texttt{quantity\_enforced} -- A boolean field, if \texttt{true} it means that the product
should enforce the allocated quantity of the entitlement for this tenant. It
is up to the product to determine how to do this. Cases where this will be
\texttt{false} are if the customer purchased via a buying program that supports a
``pay as you go'' pricing model.
\end{itemize}
\section{Entitlement Summary}
\label{sec:orgd343c8e}
The Entitlement Summary provides a data-structure easier to consume
than the entitlements list.
\begin{itemize}
\item A JSON Object instead of list.
\item Additional technically useful entries.
\end{itemize}
\subsection{Structure}
\label{sec:orge20a61f}
The main structure of the \texttt{EntitlementSummary} is:
\begin{verbatim}
{<entitlement-name>: <entitlement-details>}
\end{verbatim}
Where \texttt{<entitlement-details>} looks like:
\begin{verbatim}
{"title": "something", // <- optional instead of value:""
"quantity": Integer,
"unit": "human-readable-unit",
"enforce?": Boolean}
\end{verbatim}
\subsection{Tier-only Entitlement}
\label{sec:orgd758f52}
When PIAM send this list of \texttt{Entitlements}:
\begin{verbatim}
[{"name" : "tier",
"value" : "advantage",
"quantity" : {"value" : 32000,
"unit" : "users"},
"enforce-quantity" : true}]
\end{verbatim}
\subsection{The \texttt{EntitlementSummary} will look like this:}
\label{sec:orgc8e6e94}
\begin{verbatim}
{"tier" : {"title" : "advantage",
"quantity" : 32000,
"unit" : "users",
"enforce?" : true}}
\end{verbatim}
\subsection{With Add-ons}
\label{sec:orgbb2ae87}
If PIAM send a list of \texttt{Entitlements} with add-ons:
\begin{verbatim}
[ {"name" : "tier",
"value" : "premier",
"quantity" : {"value" : 1000, "unit" : "users"},
"enforce-quantity" : true},
{"name" : "extra_ingest",
"value" : "",
"quantity" : {"value" : 2, "unit" : "GB"},
"enforce-quantity" : true},
{"name" : "extra_data_retention",
"value" : "",
"quantity" : {"value" : 180, "unit" : "days"},
"enforce-quantity" : true}]
\end{verbatim}
\subsection{The \texttt{EntitlementSummary} will be:}
\label{sec:orga1d4095}
\begin{verbatim}
{"tier": {"title": "premier",
"quantity": 1000,
"unit": "users",
"enforce?": true},
"extra_data_retention": {"quantity": 180,
"unit": "days",
"enforce?": true},
"extra_ingest": {"quantity": 2,
"unit": "GB",
"enforce?": true}}
\end{verbatim}
\subsection{\texttt{Entitlements} consumption in js}
\label{sec:orgab7d502}
\begin{verbatim}
function get_entitlement_tier (entitlements) {
for (entitlement in org.entitlements) {
if (entitlement.name == "tier") {
return entitlement.title;
}
}
}
let tier = get_entitlement_tier (entitlements);
\end{verbatim}
\subsection{EntitlementSummary consumption in js}
\label{sec:orgd3ca5ad}
\begin{verbatim}
let tier = whoami.org["entitlement-summary"].tier.title;
\end{verbatim}
\subsection{More to come}
\label{sec:org9a60163}
\subsubsection{IROH Internal}
\label{sec:org6a8035d}
But we plan to add more technical specific values so it helps every Entitlement consumer.
That way it would make possible to share between product specific technical values.
For example, we plan to add:
\begin{itemize}
\item a list of allowed modules.
\item an optional list of additional scopes
\item rate limits
\end{itemize}
\subsubsection{XDR global values}
\label{sec:org7090a59}
If you want us to add some information, so we could centralize some logic
related to entitlement into IROH just ask us to add it.
Ideally, this should only contain data that could be shared between different modules.
For example:
\begin{itemize}
\item allowed workflows, or allowed properties for workflows
\item specific limitations for a specific module (read-only, etc…)
\end{itemize}
\subsubsection{Example}
\label{sec:org83305cb}
\begin{verbatim}
{"tier": {"title": "premier",
"quantity": 1000,
"unit": "users",
"enforce?": true},
"extra_data_retention": {"quantity": 180,
"unit": "days",
"enforce?": true},
"extra_ingest": {"quantity": 2,
"unit": "GB",
"enforce?": true},
// ---- SUMMARY OF TECHNICAL LIMITS
"summary" {...}}
\end{verbatim}
\subsubsection{Summary}
\label{sec:org903d7c1}
\begin{verbatim}
{// ---- SUMMARY OF TECHNICAL LIMITS
"summary" {
// PIAM Logic
"data-retention-in-days": 180, // use extra_data_retention + tier
"data-maximal-size-in-GB": 4000, // use extra_ingest + tier quantity
// IROH Internal
"additional-scopes": [ ... ], // depends on the tier
"allowed-modules": [ ... ], // depends on the tier
// XDR Shared Global Rules
"restricted-workflows": [...], // depends on the tier (or something else)
"rate-limits": // can change depending on the tier
{"sca": {"queries-per-minutes": "100"},
"sxo": {"queries-per-minutes": "80"},
"csc": ...},
...
}
}
\end{verbatim}
\section{Conclusion}
\label{sec:org9d9f957}
\begin{itemize}
\item tier? \texttt{GET /iroh/profile/whoami}
then \texttt{whoami.org["entitlement-summary"].tier.title}
\item Summary only: \texttt{GET /iroh/profile/entitlement-summary}
\item raw entitlements: \texttt{GET /iroh/profile/entitlements}
\end{itemize}
\end{document}

244
notes/yann_s_personal_retrospective_2023_offsite.html
View file

@ -1,244 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8"/>
<title>Yann&rsquo;s Personal Retrospective 2023 Offsite</title>
<meta name="author" content="Yann Esposito"/>
<style type="text/css">
.underline { text-decoration: underline; }
</style>
<link rel="stylesheet" href="file:///Users/yaesposi/.emacs.d/.local/straight/build-28.2/revealjs/dist/reveal.css"/>
<link rel="stylesheet" href="file:///Users/yaesposi/.emacs.d/.local/straight/build-28.2/revealjs/dist/theme/black.css" id="theme"/>
</head>
<body>
<div class="reveal">
<div class="slides">
<section id="sec-title-slide">
<h1 class="title">Yann&rsquo;s Personal Retrospective 2023 Offsite</h1><h2 class="author">Yann Esposito</h2><h2 class="date">2023-09-25 Mon 00:00</h2><p class="date">Created: 2023-10-10 Tue 17:37</p>
</section>
<section id="table-of-contents-section">
<div id="table-of-contents" role="doc-toc">
<h2>Table of Contents</h2>
<div id="text-table-of-contents" role="doc-toc">
<ul>
<li><a href="#/slide-1">1. Yann&rsquo;s Personal Retrospective 2023 Offsite</a>
<ul>
<li><a href="#/slide-1-1">1.1. Short presentation</a>
<ul>
<li><a href="#/slide-1-1-1">1.1.1. Anecdotes</a></li>
</ul>
</li>
<li><a href="#/slide-1-2">1.2. Quick Recap about your main accomplishments these recent years</a>
<ul>
<li><a href="#/slide-1-2-1">1.2.1. XDR</a></li>
<li><a href="#/slide-1-2-2">1.2.2. Product</a></li>
<li><a href="#/slide-1-2-3">1.2.3. Administration</a></li>
<li><a href="#/slide-1-2-4">1.2.4. Devs</a></li>
</ul>
</li>
<li><a href="#/slide-1-3">1.3. Old Important things</a></li>
<li><a href="#/slide-1-4">1.4. Working in this Team</a></li>
<li><a href="#/slide-1-5">1.5. What we should NOT change (tailwind)</a></li>
<li><a href="#/slide-1-6">1.6. What we should improve (headwind)</a></li>
<li><a href="#/slide-1-7">1.7. Workstation (demo time optional)</a></li>
</ul>
</li>
</ul>
</div>
</div>
</section>
<section>
<section id="slide-1">
<h2 id="1"><span class="section-number-2">1.</span> Yann&rsquo;s Personal Retrospective 2023 Offsite</h2>
<div class="outline-text-2" id="text-1">
</div>
</section>
<section id="slide-1-1">
<h3 id="1-1"><span class="section-number-3">1.1.</span> Short presentation</h3>
<ul>
<li>years of Experience: 22 years (11 in Clojure)</li>
<li>years at Cisco: 7 years (7 in this team)</li>
<li>location: France (GMT+1)</li>
</ul>
</section>
<section id="slide-1-1-1">
<h4 id="1-1-1"><span class="section-number-4">1.1.1.</span> Anecdotes</h4>
<ul>
<li>Math &amp; Abstractions: ML, Probability Automata, indecidability proofs</li>
<li>bash + Perl + templates CMS with horror stories like HTML Perl template in DB</li>
<li>VG: nodejs, hyperloglog, then clojure, and real time data analysis on a single
dimentional object. SCRUM-hate, etc…</li>
</ul>
</section>
<section id="slide-1-2">
<h3 id="1-2"><span class="section-number-3">1.2.</span> Quick Recap about your main accomplishments these recent years</h3>
<div class="outline-text-3" id="text-1-2">
</div>
</section>
<section id="slide-1-2-1">
<h4 id="1-2-1"><span class="section-number-4">1.2.1.</span> XDR</h4>
<ul>
<li>RBAC (technical design)
<ul>
<li>role introspection endpoint to help UI</li>
</ul></li>
<li>Provisioning (with PIAM)
<ul>
<li>provided script handled to TAC team</li>
</ul></li>
<li>HTML templates for IROH-Auth</li>
<li>Feature-Flag script management</li>
<li>Rebrand SXSO to SCSO</li>
<li>Entitlement Summary (technical design)</li>
</ul>
</section>
<section id="slide-1-2-2">
<h4 id="1-2-2"><span class="section-number-4">1.2.2.</span> Product</h4>
<ul>
<li>Provisioning (with SE, Orbital)</li>
<li>Dynamic Session Token lifetime (Asked by Security/UI Chris Duane) started but cancelled by XDR</li>
<li>Delete duplicate accounts (was allowed first)</li>
<li>Fix Allow all role to login logic (UI bug)</li>
<li>TAC: expose change user role route</li>
<li>Replace some JWT by short random strings in IROH-Auth</li>
<li>UI Session Logout in IROH-Auth</li>
<li>Support displaying virtual users</li>
</ul>
</section>
<section id="slide-1-2-3">
<h4 id="1-2-3"><span class="section-number-4">1.2.3.</span> Administration</h4>
<ul>
<li>Fix Cross-Region UI bug</li>
<li>Links to kibana to see &ldquo;master-only&rdquo; events</li>
<li>Move some OAuth2 clients out of config to DB</li>
</ul>
</section>
<section id="slide-1-2-4">
<h4 id="1-2-4"><span class="section-number-4">1.2.4.</span> Devs</h4>
<ul>
<li>Matrix role representation</li>
<li>Eithers in Clojure</li>
<li>Improve logs; for SSE proxy, for impersonate</li>
<li>Expose open impersonate for UI devs on INT and TEST</li>
<li>composable <code>shell.nix</code> to replace docker compose</li>
<li>default-config.edn</li>
<li>config.edn as tree structure</li>
<li>scope aliases</li>
</ul>
</section>
<section id="slide-1-3">
<h3 id="1-3"><span class="section-number-3">1.3.</span> Old Important things</h3>
<ul>
<li>Structured Logs (riemann not used at its full power)</li>
<li>TK Store (abstraction learned from CTIA&rsquo;s limitation)</li>
<li>Admin UI (first)</li>
<li>Admin UI (second)</li>
<li>Admin scripts (now)</li>
</ul>
</section>
<section id="slide-1-4">
<h3 id="1-4"><span class="section-number-3">1.4.</span> Working in this Team</h3>
<ul>
<li>What I expected (7 years ago): Work on real time data streaming</li>
<li>What I am doing: Work on Authentication and Authorization</li>
<li>What my day to day looks like?
<ul>
<li>50 to 70%: lot of communication via; webex, email, meetings, issues
<ul>
<li>planning (design, checking timeline)</li>
<li>help people on webex, fix issues, look in kibana, create orgs, create
clients, link to documentation, etc….</li>
</ul></li>
<li>20% to 50%: lot of time thinking about design improvements;</li>
<li>10% to 20%: lot of time focused on product improvement (not code).</li>
<li>0% to 20%: code, code review, etc…</li>
</ul></li>
</ul>
</section>
<section id="slide-1-5">
<h3 id="1-5"><span class="section-number-3">1.5.</span> What we should NOT change (tailwind)</h3>
<ul>
<li>Not having daily standup</li>
</ul>
</section>
<section id="slide-1-6">
<h3 id="1-6"><span class="section-number-3">1.6.</span> What we should improve (headwind)</h3>
<ul>
<li>Not having more focus days.</li>
<li>Advertise that IROH (not XDR, not SecureX, not CTR)
<ul>
<li>IROH is a platform</li>
</ul></li>
</ul>
</section>
<section id="slide-1-7">
<h3 id="1-7"><span class="section-number-3">1.7.</span> Workstation (demo time optional)</h3>
</section>
</section>
</div>
</div>
<script src="file:///Users/yaesposi/.emacs.d/.local/straight/build-28.2/revealjs/dist/reveal.js"></script>
<script src="file:///Users/yaesposi/.emacs.d/.local/straight/build-28.2/revealjs/plugin/markdown/markdown.js"></script>
<script src="file:///Users/yaesposi/.emacs.d/.local/straight/build-28.2/revealjs/plugin/notes/notes.js"></script>
<script src="file:///Users/yaesposi/.emacs.d/.local/straight/build-28.2/revealjs/plugin/search/search.js"></script>
<script src="file:///Users/yaesposi/.emacs.d/.local/straight/build-28.2/revealjs/plugin/zoom/zoom.js"></script>
<script>
// Full list of configuration options available here:
// https://github.com/hakimel/reveal.js#configuration
Reveal.initialize({
controls: true,
progress: true,
history: false,
center: true,
slideNumber: 'c',
rollingLinks: false,
keyboard: true,
mouseWheel: false,
fragmentInURL: false,
hashOneBasedIndex: false,
pdfSeparateFragments: true,
overview: true,
transition: 'convex',
transitionSpeed: 'default',
// Plugins with reveal.js 4.x
plugins: [ RevealMarkdown, RevealNotes, RevealSearch, RevealZoom ],
// Optional libraries used to extend reveal.js
dependencies: [
]
});
</script>
</body>
</html>

1954
reports/FY24Q3-tmp-report.html Normal file
View file

File diff suppressed because it is too large Load diff

996
reports/FY24Q3-tmp-report.org Normal file
View file

@ -0,0 +1,996 @@
#+title: FY24Q3 Report
#+subtitle: logs goes 7 month back
#+date: 2024-05-13
#+options: H:6 ^:nil
* IROH
** lead
*** Guillaume Buisson [12]
**** ctia [2]
- Properly filter Relationships to assemble a Feed View [[https://github.com/threatgrid/ctia/pull/1421][#1421]]
- Filter out some infrastructure details from Error API Responses [[https://github.com/threatgrid/ctia/pull/1412][#1412]]
**** iroh [8]
- fix a flaky test in iroh-web [[https://github.com/advthreat/iroh/pull/9250][#9250]]
- Don't use pp-str to log the request in the rate limiter service [[https://github.com/advthreat/iroh/pull/9249][#9249]]
- Fix iroh-kafka* logs [[https://github.com/advthreat/iroh/pull/9240][#9240]]
- Update the json appender to rename the output level key [[https://github.com/advthreat/iroh/pull/9187][#9187]]
- update the logstash-v2 logging preset [[https://github.com/advthreat/iroh/pull/9178][#9178]]
- Don't fire disabled webhooks [[https://github.com/advthreat/iroh/pull/8741][#8741]]
- upgrade ctia-investigate to use transit+json instead of edn [[https://github.com/advthreat/iroh/pull/8623][#8623]]
_between 6 month and 7 month old_
- A new script to update a record :created in ES [[https://github.com/advthreat/iroh/pull/8574][#8574]]
**** tenzin-config [2]
- setup the IROH json logging appender
- Re-apply the default rate limit for the NGFW Incident promotion client [[https://github.com/advthreat/tenzin-config/pull/1063][#1063]]
** data
*** Mario Aquino [41]
**** iroh [33]
- Threat hunt integration tests [[https://github.com/advthreat/iroh/pull/9218][#9218]]
- Threat hunt module instance pagination [[https://github.com/advthreat/iroh/pull/9200][#9200]]
- iroh-async Telemetry Identity Data [[https://github.com/advthreat/iroh/pull/9166][#9166]]
- Xdr 1086/crud store fields filtering [[https://github.com/advthreat/iroh/pull/9147][#9147]]
- iroh-async task (metric) tag [[https://github.com/advthreat/iroh/pull/9123][#9123]]
- iroh-metrics in default bootstrap [[https://github.com/advthreat/iroh/pull/9118][#9118]]
- Metrics Service (micrometer) [[https://github.com/advthreat/iroh/pull/9029][#9029]]
- Disable color logging for test execution [[https://github.com/advthreat/iroh/pull/9097][#9097]]
- Carmine & Timbre upgrade v2 [[https://github.com/advthreat/iroh/pull/9005][#9005]]
- Loosen Risk Score Incident validation [[https://github.com/advthreat/iroh/pull/9013][#9013]]
- Apply risk score valid ranges to incident schemas [[https://github.com/advthreat/iroh/pull/8976][#8976]]
- Revert "Upgrade carmine version (#8888)" [[https://github.com/advthreat/iroh/pull/9003][#9003]]
- Log Tuning [[https://github.com/advthreat/iroh/pull/8978][#8978]]
- Upgrade carmine version [[https://github.com/advthreat/iroh/pull/8888][#8888]]
- Fix flaky test [[https://github.com/advthreat/iroh/pull/8956][#8956]]
- iroh-async high-traffic adjustments [[https://github.com/advthreat/iroh/pull/8835][#8835]]
- Fix disabled threat-hunt test [[https://github.com/advthreat/iroh/pull/8814][#8814]]
- Update incident_time when updating incident status [[https://github.com/advthreat/iroh/pull/8801][#8801]]
- incident enrichment activity diagram [[https://github.com/advthreat/iroh/pull/8712][#8712]]
- Separate Risk score & incident enrichment [[https://github.com/advthreat/iroh/pull/8751][#8751]]
- Improve safe-filtering [[https://github.com/advthreat/iroh/pull/8731][#8731]]
- iroh-async: Flatten Datadog context [[https://github.com/advthreat/iroh/pull/8706][#8706]]
- iroh-async logging & tracing context [[https://github.com/advthreat/iroh/pull/8705][#8705]]
- Socket timeout milliseconds (not seconds) [[https://github.com/advthreat/iroh/pull/8690][#8690]]
- Risk Score socket-timeout [[https://github.com/advthreat/iroh/pull/8687][#8687]]
- Threat Hunt Module Exclusion [[https://github.com/advthreat/iroh/pull/8646][#8646]]
- Remove dead code [[https://github.com/advthreat/iroh/pull/8626][#8626]]
- Incident Summary migration re-run [[https://github.com/advthreat/iroh/pull/8597][#8597]]
- Notification request uses paginated user search [[https://github.com/advthreat/iroh/pull/8606][#8606]]
_between 6 month and 7 month old_
- Add support for role-targetted notification [[https://github.com/advthreat/iroh/pull/8557][#8557]]
- Issue 8438/notification request phase 1 [[https://github.com/advthreat/iroh/pull/8470][#8470]]
- Fix flaky test [[https://github.com/advthreat/iroh/pull/8521][#8521]]
- Use int-req-ctx when calling post-bundle-import [[https://github.com/advthreat/iroh/pull/8500][#8500]]
**** tenzin-config [8]
- Exclude CTIA modules from threat hunt execution [[https://github.com/advthreat/tenzin-config/pull/1122][#1122]]
- Add iroh-async client-id to rate unlimited list [[https://github.com/advthreat/tenzin-config/pull/1053][#1053]]
- Increase conn-manager thread count after PROD performance monitoring [[https://github.com/advthreat/tenzin-config/pull/1042][#1042]]
- Increase thread pool size for EU private intel conn mgr [[https://github.com/advthreat/tenzin-config/pull/1039][#1039]]
- Increase connection mgr thread pool for NAM/EU/TEST [[https://github.com/advthreat/tenzin-config/pull/1030][#1030]]
- Increase thread pool size for engine connection manager [[https://github.com/advthreat/tenzin-config/pull/1012][#1012]]
- Config for skipping Private Intel during investigation threat hunt [[https://github.com/advthreat/tenzin-config/pull/1009][#1009]]
- Rerun incident summary migration and update ES index [[https://github.com/advthreat/tenzin-config/pull/1001][#1001]]
*** Guillaume Erétéo [55]
**** ctia [11]
- remove ES5 support [[https://github.com/threatgrid/ctia/pull/1419][#1419]]
- Optimize lucene searches [[https://github.com/threatgrid/ctia/pull/1420][#1420]]
- bump ctim / remove status disposition [[https://github.com/threatgrid/ctia/pull/1417][#1417]]
- ctim 1.3.15 [[https://github.com/threatgrid/ctia/pull/1415][#1415]]
- silent this too noisy log [[https://github.com/threatgrid/ctia/pull/1414][#1414]]
- ctim-1.3.14 [[https://github.com/threatgrid/ctia/pull/1413][#1413]]
- remove un-store [[https://github.com/threatgrid/ctia/pull/1410][#1410]]
- fix wait_for for delete search [[https://github.com/threatgrid/ctia/pull/1399][#1399]]
- incident meta [[https://github.com/threatgrid/ctia/pull/1391][#1391]]
- Incident status disposition [[https://github.com/threatgrid/ctia/pull/1389][#1389]]
_between 6 month and 7 month old_
- Update CODEOWNERS [[https://github.com/threatgrid/ctia/pull/1387][#1387]]
**** iroh [41]
- Dump events with dump metrics script [[https://github.com/advthreat/iroh/pull/9180][#9180]]
- Sca clean phase 2 [[https://github.com/advthreat/iroh/pull/9176][#9176]]
- add backup clusters for delete [[https://github.com/advthreat/iroh/pull/9173][#9173]]
- Scripts for SCA issue cleaning [[https://github.com/advthreat/iroh/pull/9161][#9161]]
- simplify sorting in telemetry reports [[https://github.com/advthreat/iroh/pull/9144][#9144]]
- Add logs to better monitor reports [[https://github.com/advthreat/iroh/pull/9142][#9142]]
- Report service: consider missing user/org ids [[https://github.com/advthreat/iroh/pull/9134][#9134]]
- filter ids on search [[https://github.com/advthreat/iroh/pull/9130][#9130]]
- Generate statistics about modules [[https://github.com/advthreat/iroh/pull/9108][#9108]]
- Refactor iops report generation [[https://github.com/advthreat/iroh/pull/9099][#9099]]
- bump ctim / remove status disposition [[https://github.com/advthreat/iroh/pull/9114][#9114]]
- fix flaky ES test: wait some more [[https://github.com/advthreat/iroh/pull/9089][#9089]]
- telemetry report: fix search iteration for batch size 10000 [[https://github.com/advthreat/iroh/pull/9082][#9082]]
- reduce logs by adding user-scopes [[https://github.com/advthreat/iroh/pull/9078][#9078]]
- tk store: update ES index state [[https://github.com/advthreat/iroh/pull/8664][#8664]]
- Add admin maintenance route to load MITRE stix [[https://github.com/advthreat/iroh/pull/8967][#8967]]
- ctim 1.3.15 [[https://github.com/advthreat/iroh/pull/9068][#9068]]
- limit walk entities to the necessary exports [[https://github.com/advthreat/iroh/pull/9039][#9039]]
- ctim 1.3.14 [[https://github.com/advthreat/iroh/pull/9016][#9016]]
- Dump ES metrics telemetry events [[https://github.com/advthreat/iroh/pull/8999][#8999]]
- script to clean SE false positive incidents and sightings [[https://github.com/advthreat/iroh/pull/8846][#8846]]
- MITRE Matrix: dynamic components design [[https://github.com/advthreat/iroh/pull/8973][#8973]]
- fix Talos threat hunt [[https://github.com/advthreat/iroh/pull/8969][#8969]]
- update the design of static MITRE matrix rendering [[https://github.com/advthreat/iroh/pull/8949][#8949]]
- replace lazyseq by iteration in reports [[https://github.com/advthreat/iroh/pull/8957][#8957]]
- For Jeetu by G2 [[https://github.com/advthreat/iroh/pull/8920][#8920]]
- Some more incident stats [[https://github.com/advthreat/iroh/pull/8861][#8861]]
- import mitre matrix backbone [[https://github.com/advthreat/iroh/pull/8899][#8899]]
- Mitre coverage static matrix [[https://github.com/advthreat/iroh/pull/8882][#8882]]
- add created and modified to IROH CTIM entities [[https://github.com/advthreat/iroh/pull/8810][#8810]]
- bundle import activity diagrams [[https://github.com/advthreat/iroh/pull/8708][#8708]]
- scoring at bundle import [[https://github.com/advthreat/iroh/pull/8694][#8694]]
- Meta incident field [[https://github.com/advthreat/iroh/pull/8617][#8617]]
- entitlement-enforcement-jobs-service in default [[https://github.com/advthreat/iroh/pull/8612][#8612]]
- incident status_disposition [[https://github.com/advthreat/iroh/pull/8587][#8587]]
_between 6 month and 7 month old_
- introduce admin common web service for cisco services [[https://github.com/advthreat/iroh/pull/8573][#8573]]
- speed up listing of entilements [[https://github.com/advthreat/iroh/pull/8516][#8516]]
- Update CODEOWNERS [[https://github.com/advthreat/iroh/pull/8524][#8524]]
- Add entitlement summaries endpoint for external policy enforcement jobs [[https://github.com/advthreat/iroh/pull/8508][#8508]]
- ductile 0.4.8 [[https://github.com/advthreat/iroh/pull/8453][#8453]]
- XDR intel retention design [[https://github.com/advthreat/iroh/pull/8153][#8153]]
**** tenzin-config [3]
- configure / tune private intel proxy cm [[https://github.com/advthreat/tenzin-config/pull/1074][#1074]]
- increase bundle-batch-size [[https://github.com/advthreat/tenzin-config/pull/1071][#1071]]
_between 6 month and 7 month old_
- fix config path in README.md [[https://github.com/advthreat/tenzin-config/pull/1000][#1000]]
*** Ambrose Bonnaire-Sergeant [43]
**** ctia [15]
- Bump ring-swagger with proof of memory leak fix [[https://github.com/threatgrid/ctia/pull/1423][#1423]]
- Clojure 1.11.1 -> 1.11.2 [[https://github.com/threatgrid/ctia/pull/1416][#1416]]
- Revert patch bundle commits [[https://github.com/threatgrid/ctia/pull/1411][#1411]]
- Fix 2XX response swagger/coercion, ban ~:return~ [[https://github.com/threatgrid/ctia/pull/1407][#1407]]
- Remove asset properties/mapping merging during bundle patch [[https://github.com/threatgrid/ctia/pull/1408][#1408]]
- Fix :body descriptions [[https://github.com/threatgrid/ctia/pull/1409][#1409]]
- Fix POST /bulk schema checking [[https://github.com/threatgrid/ctia/pull/1406][#1406]]
- Use prn instead of pprint for logs [[https://github.com/threatgrid/ctia/pull/1401][#1401]]
- Eval routes and options given to ~context~ at initialization time [[https://github.com/threatgrid/ctia/pull/1394][#1394]]
- Use ~st/merge~ to merge schemas instead of ~into~ [[https://github.com/threatgrid/ctia/pull/1398][#1398]]
- Never match existing asset-* entities when patch-existing=false [[https://github.com/threatgrid/ctia/pull/1395][#1395]]
- Re-enable incident tests [[https://github.com/threatgrid/ctia/pull/1393][#1393]]
- Add external_ids to investigation select fields [[https://github.com/threatgrid/ctia/pull/1392][#1392]]
_between 6 month and 7 month old_
- New bundle/import option: merge previous incident tactics/techniques [[https://github.com/threatgrid/ctia/pull/1388][#1388]]
- Patch existing entities in ~POST /bundle/import~ [[https://github.com/threatgrid/ctia/pull/1383][#1383]]
**** iroh [24]
- Bump ring-swagger and prove it fixes the memory leak [[https://github.com/advthreat/iroh/pull/9244][#9244]]
- Fix typo in debug log [[https://github.com/advthreat/iroh/pull/9228][#9228]]
- Debug logs to investigate person assets not being imported [[https://github.com/advthreat/iroh/pull/9227][#9227]]
- Update status endpoint to keep conure updated [[https://github.com/advthreat/iroh/pull/9209][#9209]]
- Update test for new carmine non-FIFO queues: ~queue-status-report-test~ [[https://github.com/advthreat/iroh/pull/9103][#9103]]
- Make generated tk meta easier to review using pprint [[https://github.com/advthreat/iroh/pull/8805][#8805]]
- Restrict possible values for updated asset properties [[https://github.com/advthreat/iroh/pull/9022][#9022]]
- Don't forward response headers from CTIA to IROH [[https://github.com/advthreat/iroh/pull/9014][#9014]]
- Only subscribe incidents with supported observables [[https://github.com/advthreat/iroh/pull/9000][#9000]]
- Fix flaky test [[https://github.com/advthreat/iroh/pull/9001][#9001]]
- Redis: Set NX / XX [[https://github.com/advthreat/iroh/pull/8970][#8970]]
- Bulk asset update + rescoring route [[https://github.com/advthreat/iroh/pull/8963][#8963]]
- Fix logf call [[https://github.com/advthreat/iroh/pull/8925][#8925]]
- Fix incident subscription args, and only subscribe incident if observables/identities are non-empty [[https://github.com/advthreat/iroh/pull/8921][#8921]]
- Fix DI subscription URL [[https://github.com/advthreat/iroh/pull/8914][#8914]]
- Revert patch bundle commits [[https://github.com/advthreat/iroh/pull/8903][#8903]]
- Fix swagger description [[https://github.com/advthreat/iroh/pull/8905][#8905]]
- Asset properties update and incident rescoring route [[https://github.com/advthreat/iroh/pull/8843][#8843]]
- Rescoring task [[https://github.com/advthreat/iroh/pull/8869][#8869]]
- Generate valid DI auth tokens for incident subscriptions [[https://github.com/advthreat/iroh/pull/8804][#8804]]
- Fix ~(reset)~ [[https://github.com/advthreat/iroh/pull/8799][#8799]]
- Subscribe to incident asset rescoring via DI [[https://github.com/advthreat/iroh/pull/8699][#8699]]
- Only pass default patch-existing query params in bundle/import proxy if patch-existing=true [[https://github.com/advthreat/iroh/pull/8725][#8725]]
_between 6 month and 7 month old_
- Enable entity patching in POST /private-intel/bundle/import [[https://github.com/advthreat/iroh/pull/8492][#8492]]
**** tenzin-config [4]
- Bulk asset update limits [[https://github.com/advthreat/tenzin-config/pull/1059][#1059]]
- Add Conure url to Private intel config [[https://github.com/advthreat/tenzin-config/pull/1052][#1052]]
- Add config for DI client in iroh-engine [[https://github.com/advthreat/tenzin-config/pull/1036][#1036]]
- Add device insights url to iroh-engine config [[https://github.com/advthreat/tenzin-config/pull/1014][#1014]]
** integrations
*** Matthieu Sprunck [22]
**** iroh [18]
- Rename automation_workflow_disabled to automation_workflow_definition [[https://github.com/advthreat/iroh/pull/9196][#9196]]
- Revert "Update the json appender to rename the output level key (#9187)" [[https://github.com/advthreat/iroh/pull/9191][#9191]]
- Change Incident Assignment Notification wording [[https://github.com/advthreat/iroh/pull/9189][#9189]]
- Add title and link to the incident in the incident assignment notification [[https://github.com/advthreat/iroh/pull/9188][#9188]]
- Add a log when an unexpected status is returned from KafkaConnect [[https://github.com/advthreat/iroh/pull/9153][#9153]]
- IROH Proxy: Correct handling for path with spaces (%20) [[https://github.com/advthreat/iroh/pull/9149][#9149]]
- Build notification type name from notification type [[https://github.com/advthreat/iroh/pull/9140][#9140]]
- JMX metrics for clj-http connection manager [[https://github.com/advthreat/iroh/pull/8765][#8765]]
- Always decompress the body when status is not 2xx [[https://github.com/advthreat/iroh/pull/8527][#8527]]
- Restore default expiration (24h) for the local session token [[https://github.com/advthreat/iroh/pull/8747][#8747]]
- Workflow event schema changes [[https://github.com/advthreat/iroh/pull/8656][#8656]]
- IROH Proxy: remove headers set by the reverse proxy [[https://github.com/advthreat/iroh/pull/8655][#8655]]
- More log context to investigate #8638 [[https://github.com/advthreat/iroh/pull/8654][#8654]]
- Add logging info to investigate #8638 [[https://github.com/advthreat/iroh/pull/8653][#8653]]
- StackOverflowError temporary fix [[https://github.com/advthreat/iroh/pull/8607][#8607]]
_between 6 month and 7 month old_
- Allow any header name in the remote module auth configuration [[https://github.com/advthreat/iroh/pull/8529][#8529]]
- Add ciscoxdr as a valid Feedback source [[https://github.com/advthreat/iroh/pull/8515][#8515]]
- Fix Duo Admin API Auth (sigv2) for POST requests [[https://github.com/advthreat/iroh/pull/8330][#8330]]
**** tenzin-config [4]
- Configure XDR URL in the PrivateIntel service for the Assignment notification [[https://github.com/advthreat/tenzin-config/pull/1116][#1116]]
- Create a module record for Microsoft Graph API [[https://github.com/advthreat/tenzin-config/pull/1050][#1050]]
- Fix settings names for JAMF auth upgrade [[https://github.com/advthreat/tenzin-config/pull/1048][#1048]]
- Use Token Auth with the JAMF Classic API [[https://github.com/advthreat/tenzin-config/pull/1038][#1038]]
*** Kirill Chernyshov [46]
**** iroh [39]
- Draft design [[https://github.com/advthreat/iroh/pull/9201][#9201]]
- Format redirect url for email notification [[https://github.com/advthreat/iroh/pull/9211][#9211]]
- Use static string 'Cisco' as a subtitle [[https://github.com/advthreat/iroh/pull/9210][#9210]]
- Coerce incoming notification before email format [[https://github.com/advthreat/iroh/pull/9204][#9204]]
- [REFACTORING] Standardize trapperkeeper usage [[https://github.com/advthreat/iroh/pull/9177][#9177]]
- Use ~notify!~ to create notification via API call [[https://github.com/advthreat/iroh/pull/9162][#9162]]
- Fix copyright notice in email template [[https://github.com/advthreat/iroh/pull/9159][#9159]]
- Add simple template for notification email [[https://github.com/advthreat/iroh/pull/9150][#9150]]
- Allow nil as a correlation id [[https://github.com/advthreat/iroh/pull/9143][#9143]]
- Fix for EventService initialization [[https://github.com/advthreat/iroh/pull/9141][#9141]]
- Respect user notification preferences [[https://github.com/advthreat/iroh/pull/9133][#9133]]
- Add default config for NotificationInDelivery [[https://github.com/advthreat/iroh/pull/9128][#9128]]
- 8938 e8811 process email notification delivery [[https://github.com/advthreat/iroh/pull/9127][#9127]]
- Fix config key [[https://github.com/advthreat/iroh/pull/9115][#9115]]
- Fix dev config for NotificationInDeliveryService [[https://github.com/advthreat/iroh/pull/9113][#9113]]
- On recieving NotificationRequest notify users according to their preference [[https://github.com/advthreat/iroh/pull/9087][#9087]]
- Upgrade clojure 1.11.1 -> 1.11.2 [[https://github.com/advthreat/iroh/pull/9072][#9072]]
- Remove maintenance notification type [[https://github.com/advthreat/iroh/pull/9069][#9069]]
- 8933 e8811 create notificationindeliveryservice persistence only [[https://github.com/advthreat/iroh/pull/9025][#9025]]
- "In App" -> "In-App" [[https://github.com/advthreat/iroh/pull/9020][#9020]]
- Add correct :name and :description to notification type meta [[https://github.com/advthreat/iroh/pull/9012][#9012]]
- NotificationPreference API real endpoint [[https://github.com/advthreat/iroh/pull/8995][#8995]]
- NotificationPreference Service [[https://github.com/advthreat/iroh/pull/8982][#8982]]
- Fixes for notification endpoint [[https://github.com/advthreat/iroh/pull/8964][#8964]]
- Add notification preference api endpoints [[https://github.com/advthreat/iroh/pull/8947][#8947]]
- Initial draft design of notifications delivery [[https://github.com/advthreat/iroh/pull/8844][#8844]]
- Refactor data streams service [[https://github.com/advthreat/iroh/pull/8793][#8793]]
- DRY'ed out client-creds-token namespace [[https://github.com/advthreat/iroh/pull/8783][#8783]]
- Kafka connect monitoring [[https://github.com/advthreat/iroh/pull/8278][#8278]]
- Handle undelivered records [[https://github.com/advthreat/iroh/pull/8634][#8634]]
- Events data retention enforcement job [[https://github.com/advthreat/iroh/pull/8722][#8722]]
- Iroh events data retention implementation [[https://github.com/advthreat/iroh/pull/8666][#8666]]
- Iroh events postgres data retention [[https://github.com/advthreat/iroh/pull/8693][#8693]]
- Use timbre for logging [[https://github.com/advthreat/iroh/pull/8651][#8651]]
- Add draft design for IROH Events data retention [[https://github.com/advthreat/iroh/pull/8585][#8585]]
_between 6 month and 7 month old_
- Fix shutdown process of Kafka Consumer [[https://github.com/advthreat/iroh/pull/8558][#8558]]
- Fixes for CTIA Transfer service [[https://github.com/advthreat/iroh/pull/8552][#8552]]
- Transfer CTIA Events [[https://github.com/advthreat/iroh/pull/8514][#8514]]
- Tiny fix for EventWebservice router [[https://github.com/advthreat/iroh/pull/8493][#8493]]
**** tenzin-config [7]
- Add KafkaProducerService to all envs [[https://github.com/advthreat/tenzin-config/pull/1107][#1107]]
- Add email kafka consumer to all envs [[https://github.com/advthreat/tenzin-config/pull/1106][#1106]]
- Enable kafka consumer for email notifications [[https://github.com/advthreat/tenzin-config/pull/1099][#1099]]
- Add new kafka topics for IROH notifications [[https://github.com/advthreat/tenzin-config/pull/1070][#1070]]
- Add ES sink connector v2 to test full migration [[https://github.com/advthreat/tenzin-config/pull/1035][#1035]]
- Fix broken data stream on TEST [[https://github.com/advthreat/tenzin-config/pull/1034][#1034]]
- Config for DataStreams service [[https://github.com/advthreat/tenzin-config/pull/1033][#1033]]
*** Shafiq [31]
**** iroh [28]
- Design Automation-Remote target for iroh-proxy [[https://github.com/advthreat/iroh/pull/9190][#9190]]
- Trim whitespace when interpolating pipe transforms [[https://github.com/advthreat/iroh/pull/9121][#9121]]
- Support for GoogleAPI Authorization [[https://github.com/advthreat/iroh/pull/9106][#9106]]
- Refactor proxy health check [[https://github.com/advthreat/iroh/pull/9066][#9066]]
- Data retention cleanup of notification services [[https://github.com/advthreat/iroh/pull/9064][#9064]]
- Apply data retention policy on iroh-notifications [[https://github.com/advthreat/iroh/pull/9054][#9054]]
- Add ~:remote~ type in configuration spec fields [[https://github.com/advthreat/iroh/pull/9046][#9046]]
- Refactor proxy-health-check [[https://github.com/advthreat/iroh/pull/9033][#9033]]
- Update proxy-health-check logging [[https://github.com/advthreat/iroh/pull/9028][#9028]]
- Update proxy health check logging [[https://github.com/advthreat/iroh/pull/9024][#9024]]
- Perform relay-api request based on observable-types [[https://github.com/advthreat/iroh/pull/9017][#9017]]
- Add selection of settings for configuration-token auth [[https://github.com/advthreat/iroh/pull/9007][#9007]]
- Support for dedicated url setting for iroh-proxy requests [[https://github.com/advthreat/iroh/pull/8998][#8998]]
- Route for patching module-type documentation [[https://github.com/advthreat/iroh/pull/8981][#8981]]
- Add filtering of notifications using multiple statuses [[https://github.com/advthreat/iroh/pull/8974][#8974]]
- Support for transforming interpolated strings. [[https://github.com/advthreat/iroh/pull/8945][#8945]]
- Construct token url from base-url setting [[https://github.com/advthreat/iroh/pull/8923][#8923]]
- [IROH Proxy] Support for Rubrik and Commvault API services [[https://github.com/advthreat/iroh/pull/8902][#8902]]
- [iroh-proxy] Include POST method for proxy health check [[https://github.com/advthreat/iroh/pull/8878][#8878]]
- Update relay-module schemas for Checkpoint auth [[https://github.com/advthreat/iroh/pull/8875][#8875]]
- [iroh-proxy] Implement Checkpoint Smart-1 authentication [[https://github.com/advthreat/iroh/pull/8873][#8873]]
- Fix schema of proxy health check [[https://github.com/advthreat/iroh/pull/8827][#8827]]
- Add string matching for health check [[https://github.com/advthreat/iroh/pull/8815][#8815]]
- Fallback to iroh-events store when kafka send fails [[https://github.com/advthreat/iroh/pull/8786][#8786]]
- Fix mapping for incident events [[https://github.com/advthreat/iroh/pull/8703][#8703]]
_between 6 month and 7 month old_
- Update iroh-event developer doc [[https://github.com/advthreat/iroh/pull/8596][#8596]]
- Add x-sort header to support search_after pagination [[https://github.com/advthreat/iroh/pull/8586][#8586]]
- Identify trusted service to service req for SE [[https://github.com/advthreat/iroh/pull/8495][#8495]]
**** tenzin-config [3]
- Swtich to new sink-connector in INT [[https://github.com/advthreat/tenzin-config/pull/1024][#1024]]
- Add updated sink connector for all envs [[https://github.com/advthreat/tenzin-config/pull/1021][#1021]]
- Add sink connector for new iroh-event datastream [[https://github.com/advthreat/tenzin-config/pull/1019][#1019]]
** auth
*** bartuka [71]
**** iroh [52]
- add ~:content-type :json~ explicitly to clj-http [[https://github.com/advthreat/iroh/pull/9090][#9090]]
- Brownfield Provisioning - make the ~region~ field available for TEST purposes only [[https://github.com/advthreat/iroh/pull/9079][#9079]]
- Improve logs for Brownfield provisioning [[https://github.com/advthreat/iroh/pull/9076][#9076]]
- [IROH Auth] update QA routes for Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/9053][#9053]]
- [IROH Auth] Fix access token brownfield provisioning [[https://github.com/advthreat/iroh/pull/9049][#9049]]
- [IROH Auth] bugfix - accept empty string as entitlement value for universal provisioning [[https://github.com/advthreat/iroh/pull/9021][#9021]]
- [IROH Auth] FMC add re-token proxy request [[https://github.com/advthreat/iroh/pull/9011][#9011]]
- [IROH Auth] fix FMC redirect call to ~/device~ [[https://github.com/advthreat/iroh/pull/8987][#8987]]
- [IROH Auth] fix device verification redirection [[https://github.com/advthreat/iroh/pull/8979][#8979]]
- fix proxy requests to FMC [[https://github.com/advthreat/iroh/pull/8972][#8972]]
- [IROH Auth] FMC OAuth2 and SSE proxies [[https://github.com/advthreat/iroh/pull/8840][#8840]]
- [IROH Auth] Improvements to universal provisioning callback [[https://github.com/advthreat/iroh/pull/8913][#8913]]
- [IROH Auth] bugfix #4: add ~:content-type :json~ to callback request [[https://github.com/advthreat/iroh/pull/8909][#8909]]
- [IROH Auth] fix payload sent to PIAM callback_url after provisioning was complete [[https://github.com/advthreat/iroh/pull/8900][#8900]]
- [IROH Auth] bugfix Universal Provisioning created schema error [[https://github.com/advthreat/iroh/pull/8892][#8892]]
- [IROH Auth] bugfix parsing OKTA JWT scopes [[https://github.com/advthreat/iroh/pull/8880][#8880]]
- [IROH Auth] Brownfield provisioning - endpoint to attach existing tenant to a SBG product [[https://github.com/advthreat/iroh/pull/8806][#8806]]
- [IROH Auth] Support FMC in the ~jwks~ service [[https://github.com/advthreat/iroh/pull/8830][#8830]]
- [IROH Auth] Fix DI onboarding in Universal Provisioning Flow [[https://github.com/advthreat/iroh/pull/8813][#8813]]
- Revert "[IROH Auth] support for FMC token in JWKS Service" [[https://github.com/advthreat/iroh/pull/8816][#8816]]
- [IROH Auth] support for FMC token in JWKS Service [[https://github.com/advthreat/iroh/pull/8808][#8808]]
- [IROH Auth] Check QA ~callback_url~ to complete provisioning tests [[https://github.com/advthreat/iroh/pull/8763][#8763]]
- [IROH Auth] better swagger descriptions for Universal Provisioning [[https://github.com/advthreat/iroh/pull/8752][#8752]]
- [IROH Auth] remove empty strings from ~client-id~ got from Vault [[https://github.com/advthreat/iroh/pull/8760][#8760]]
- [IROH Auth] add missing scope to get OKTA JWT [[https://github.com/advthreat/iroh/pull/8759][#8759]]
- [IROH Auth] add logs to investigate get okta jwt [[https://github.com/advthreat/iroh/pull/8758][#8758]]
- [IROH Auth] bugfix - ~client/post~ should use ~:form-params~ instead of ~:body~ [[https://github.com/advthreat/iroh/pull/8753][#8753]]
- [IROH Auth] bugfixes - arity exception, change ~product-response~ datatype, change ~pmap~ to ~map~ [[https://github.com/advthreat/iroh/pull/8738][#8738]]
- [IROH Auth] bugfix - fix urls in ~POST /tenants~ returned value and payload field names [[https://github.com/advthreat/iroh/pull/8733][#8733]]
- [IROH Auth] Cache OKTA JWT used for provisioning callback [[https://github.com/advthreat/iroh/pull/8727][#8727]]
- [IROH Auth] Improvements on logs and error handling to UniversalProvisioning and JWKSService [[https://github.com/advthreat/iroh/pull/8707][#8707]]
- [IROH Auth] Duplicate ~universal-provisioning~ web routes to accept IROH JWTs [[https://github.com/advthreat/iroh/pull/8675][#8675]]
- [IROH Auth] Expose ~callbacks packages~ store to check Universal Provisioning status [[https://github.com/advthreat/iroh/pull/8702][#8702]]
- [IROH Auth] Improve 202 Accepted response for ~/universal-provisioning/create-tenants~ [[https://github.com/advthreat/iroh/pull/8701][#8701]]
- [IROH Auth] Fix name convention to callbacks route in Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/8691][#8691]]
- [IROH Auth] Gen OKTA JWT to callback request in Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/8673][#8673]]
- bugfix - missing ~UniversalProvisioningCallbackService~ to deploy IROH nodes [[https://github.com/advthreat/iroh/pull/8680][#8680]]
- [IROH Auth] Check pending provisions from time-to-time. Endpoint that will be called by OPS tick [[https://github.com/advthreat/iroh/pull/8674][#8674]]
- [IROH Auth] Add callback handler to receive provisioning status from downstream apps [[https://github.com/advthreat/iroh/pull/8633][#8633]]
- [IROH Auth] Add support to UserIdentity JWTs in ~JWKSService~ [[https://github.com/advthreat/iroh/pull/8647][#8647]]
- [IROH Auth] Bugfix in JWKSService logic [[https://github.com/advthreat/iroh/pull/8659][#8659]]
- [IROH Auth] update docs for Universal Provisioning work [[https://github.com/advthreat/iroh/pull/8640][#8640]]
- [IROH Auth] Simplify IROH Web Core by leveraging ~JWKSService~ for all webservices [[https://github.com/advthreat/iroh/pull/8632][#8632]]
- [IROH Auth] Add structure to keep track of onboardings to support async flow in Universal Provisioning [[https://github.com/advthreat/iroh/pull/8599][#8599]]
_between 6 month and 7 month old_
- [IROH Auth] Add support to accept IROH Auth JWTs and External JWTs in a WebService [[https://github.com/advthreat/iroh/pull/8528][#8528]]
- [IROH Auth] bump ~ring-jwt-middleware~ to ~1.1.5~ [[https://github.com/advthreat/iroh/pull/8568][#8568]]
- [IROH Auth] check entitlements schema in universal piam flow [[https://github.com/advthreat/iroh/pull/8560][#8560]]
- [IROH Auth] fix check of ~allowed-origins~ for ~registration_redirect~ query param [[https://github.com/advthreat/iroh/pull/8559][#8559]]
- [IROH Auth] move ~oauth2-jwkset~ to ~jwks-svc~ [[https://github.com/advthreat/iroh/pull/8534][#8534]]
- [IROH Auth] - Expose ~universal-provisioning-web-service~ [[https://github.com/advthreat/iroh/pull/8499][#8499]]
- [IROH Auth] move ~is-trusted-clients?~ to ~OAuth2ClientService~ [[https://github.com/advthreat/iroh/pull/8502][#8502]]
- [IROH Auth] add ~UniversalProvisioningService~ [[https://github.com/advthreat/iroh/pull/8459][#8459]]
**** ring-jwt-middleware [11]
_between 6 month and 7 month old_
- add test case
- update readme
- fix schema
- log the full jwt when error
- use the default value
- fix tests by adding ~post-jwt-format-fn-arg-fn~ to config and schema
- fix all tests by changing the output of ~decode~
- Merge pull request #28 from threatgrid/pubkey-fn-arg-fn
- fix config_test
- add test case
- initial commit
**** tenzin-config [8]
- add fmc client id for each env [[https://github.com/advthreat/tenzin-config/pull/1065][#1065]]
- fix url for device verification [[https://github.com/advthreat/tenzin-config/pull/1058][#1058]]
- Add FMC Proxy configuration [[https://github.com/advthreat/tenzin-config/pull/1056][#1056]]
- fix okta links [[https://github.com/advthreat/tenzin-config/pull/1043][#1043]]
- FMC base-urls to configure JWKS [[https://github.com/advthreat/tenzin-config/pull/1040][#1040]]
- [IROH Auth] bugfix - add config to okta jwks [[https://github.com/advthreat/tenzin-config/pull/1017][#1017]]
- [IROH Auth] add OKTA config for Universal Provisioning flow #1010 [[https://github.com/advthreat/tenzin-config/pull/1013][#1013]]
- add universal_provisioning_callbacks store [[https://github.com/advthreat/tenzin-config/pull/1011][#1011]]
*** Yann Esposito [130]
**** iroh [55]
- improve Client credentials error message to help debug [[https://github.com/advthreat/iroh/pull/9213][#9213]]
- Attempt to provide a body to the onboarding with mustache [[https://github.com/advthreat/iroh/pull/9151][#9151]]
- provisioning API for Org apps [[https://github.com/advthreat/iroh/pull/9195][#9195]]
- Revert "add admin-ui to the gh-pages (#9222)" [[https://github.com/advthreat/iroh/pull/9223][#9223]]
- add admin-ui to the gh-pages [[https://github.com/advthreat/iroh/pull/9222][#9222]]
- Add sc-enabled? flag to profile API views [[https://github.com/advthreat/iroh/pull/9192][#9192]]
- [PIAM Brownfield Provisioning]: Provide a way to update link tenants [[https://github.com/advthreat/iroh/pull/9186][#9186]]
- Add apps field to Orgs [[https://github.com/advthreat/iroh/pull/9175][#9175]]
- improve response when PIAM returns an error [[https://github.com/advthreat/iroh/pull/9183][#9183]]
- fix flaky test invite-test paging [[https://github.com/advthreat/iroh/pull/9182][#9182]]
- Support aero configurations [[https://github.com/advthreat/iroh/pull/9170][#9170]]
- Fix invites pagination [[https://github.com/advthreat/iroh/pull/9138][#9138]]
- Support FMC returning Bearer instead of bearer [[https://github.com/advthreat/iroh/pull/9126][#9126]]
- composable jwks test helper [[https://github.com/advthreat/iroh/pull/9120][#9120]]
- Sync user-name during SCSO login [[https://github.com/advthreat/iroh/pull/9117][#9117]]
- Another IPv6 in URL fix [[https://github.com/advthreat/iroh/pull/9084][#9084]]
- Support IPv6 in URL for inspect service [[https://github.com/advthreat/iroh/pull/9083][#9083]]
- Update of the login doc [[https://github.com/advthreat/iroh/pull/9067][#9067]]
- optimize search user given a list of ids [[https://github.com/advthreat/iroh/pull/9018][#9018]]
- Fix link tenant bug [[https://github.com/advthreat/iroh/pull/8975][#8975]]
- Upgrade Org to XDR on first entitlement update. [[https://github.com/advthreat/iroh/pull/8881][#8881]]
- [IROH-Auth]: Auth Code Grant Client that do not generate any refresh token [[https://github.com/advthreat/iroh/pull/8927][#8927]]
- Specialize TAC routes access [[https://github.com/advthreat/iroh/pull/8884][#8884]]
- Remove legacy restriction of AO scopes [[https://github.com/advthreat/iroh/pull/8890][#8890]]
- Update deps to accept JWT without nbf claim [[https://github.com/advthreat/iroh/pull/8872][#8872]]
- New endpoint to ease impersonation usage [[https://github.com/advthreat/iroh/pull/8855][#8855]]
- Fix PIAM Universal Provisioning routes [[https://github.com/advthreat/iroh/pull/8828][#8828]]
- Should fix open impersonate flaky test [[https://github.com/advthreat/iroh/pull/8809][#8809]]
- Keep track of impersonators [[https://github.com/advthreat/iroh/pull/8736][#8736]]
- Restrict TAC routes to admins [[https://github.com/advthreat/iroh/pull/8794][#8794]]
- Remove with-tk [[https://github.com/advthreat/iroh/pull/8779][#8779]]
- Code/Test Improvements [[https://github.com/advthreat/iroh/pull/8767][#8767]]
- add a test for matching schema [[https://github.com/advthreat/iroh/pull/8770][#8770]]
- Custom Role Design doc [[https://github.com/advthreat/iroh/pull/8497][#8497]]
- Attempt to improve error message of match? [[https://github.com/advthreat/iroh/pull/8769][#8769]]
- Use ~cid~ for ~trace_id~ when present [[https://github.com/advthreat/iroh/pull/8754][#8754]]
- Support public client for custom routes [[https://github.com/advthreat/iroh/pull/8749][#8749]]
- Add playbook scope [[https://github.com/advthreat/iroh/pull/8739][#8739]]
- Fix webhook race condition risk [[https://github.com/advthreat/iroh/pull/8728][#8728]]
- Call get-org only once for org-virtual user [[https://github.com/advthreat/iroh/pull/8724][#8724]]
- Use a cache for entitlement summaries [[https://github.com/advthreat/iroh/pull/8667][#8667]]
- upgrade jetty version [[https://github.com/advthreat/iroh/pull/8714][#8714]]
- Remove a forgotten pretty printer [[https://github.com/advthreat/iroh/pull/8713][#8713]]
- Fast Event Notifier dispatch using event-type [[https://github.com/advthreat/iroh/pull/8650][#8650]]
- Fix DI onboarding [[https://github.com/advthreat/iroh/pull/8657][#8657]]
_between 6 month and 7 month old_
- Generalize default indexes for data retention [[https://github.com/advthreat/iroh/pull/8598][#8598]]
- [Data Retention Policy]: Delete incident summaries along incident [[https://github.com/advthreat/iroh/pull/8576][#8576]]
- [Provisioning] Introduce ~product-instance-id~ [[https://github.com/advthreat/iroh/pull/8577][#8577]]
- Simply wait a lot more for ES to sync [[https://github.com/advthreat/iroh/pull/8553][#8553]]
- Quick fix on the IROH login page [[https://github.com/advthreat/iroh/pull/8564][#8564]]
- Prevent org duplication during provisioning [[https://github.com/advthreat/iroh/pull/8556][#8556]]
- Declared scopes tree [[https://github.com/advthreat/iroh/pull/8537][#8537]]
- Improve constraints against Entitlements [[https://github.com/advthreat/iroh/pull/8525][#8525]]
- Fix admin route to support combinators [[https://github.com/advthreat/iroh/pull/8377][#8377]]
- Data Retention endpoint returns immediately [[https://github.com/advthreat/iroh/pull/8486][#8486]]
**** iroh-scripts [43]
- fix a bug with trust client
- fix resend-invite
- script to remove flags
- fix a bug in create-super-org
- relink scc script
- prevent id collision
- cleaned-up get-org response
- Added add-flag script here
- CSE client and better patch
- resend-invite
- add SXP riles prod clients
- improve client manipulations
- Updated scripts
- use include
- use local clojure
- Added a better alias for sxo clients
- SXO rules
- added ai client with script
- Fix
- A few new scripts
- Super client should be part of XDR orgs
- Super org should have the XDR flag
- Add admin user
- updated and added scripts
- save and improve client aliases
- save improvements
- create dashboard clients
- Support client aliases in get-client
- Update client with client-aliases
- many new scripts
- added a 1-time script
- Add trusted to get-client
- Improve search and error messages
- Prepare TG to SCSO org migration
_between 6 month and 7 month old_
- add scope to a client
- Help support cider
- add admin to org
- Improved descriptions
- promote-to-master script
- Fix and small improvements
- Improve robustness
- Scripts for admin
- client-pass
**** oauth2-client-demo [3]
- pin packages
- reuse authorized url
- added Meraki client to the list
**** ring-jwt-middleware [7]
- Version 1.1.7-SNAPSHOT
- Version 1.1.6
- Support missing nbf JWT [[https://github.com/advthreat/ring-jwt-middleware/pull/30][#30]]
_between 6 month and 7 month old_
- Version 1.1.6-SNAPSHOT
- Version 1.1.5
- v1.1.5-SNAPSHOT
- Version 1.1.4
**** scopula [6]
- Version 0.3.3-SNAPSHOT
- Version 0.3.2
- real cljs support
- Version 0.3.2-SNAPSHOT
- Version 0.3.1
- support cljs
**** tenzin-config [12]
- add iroh gh-pages to allowed login origin [[https://github.com/advthreat/tenzin-config/pull/1123][#1123]]
- New SCA env for TEST/STAGING [[https://github.com/advthreat/tenzin-config/pull/1114][#1114]]
- configure automatio rules clients to not be rate limited [[https://github.com/advthreat/tenzin-config/pull/1111][#1111]]
- interpolation improvements [[https://github.com/advthreat/tenzin-config/pull/1112][#1112]]
- Add support for interpolation and self ref [[https://github.com/advthreat/tenzin-config/pull/1110][#1110]]
- Remove rate-limit for another SXO client on INT [[https://github.com/advthreat/tenzin-config/pull/1087][#1087]]
- Disable rate-limit SXO client for rules [[https://github.com/advthreat/tenzin-config/pull/1084][#1084]]
- Double threads dedicated for VirusTotal http calls [[https://github.com/advthreat/tenzin-config/pull/1051][#1051]]
- fix vault tpl transformations and checks [[https://github.com/advthreat/tenzin-config/pull/1041][#1041]]
- Remove rate-limit for automation [[https://github.com/advthreat/tenzin-config/pull/1044][#1044]]
- Check vault templating error [[https://github.com/advthreat/tenzin-config/pull/1023][#1023]]
- Add Universal Provisioning Services [[https://github.com/advthreat/tenzin-config/pull/1015][#1015]]
**** xdr-provisioning [4]
- improved re-onboarding script
- use local clojure
- Manage entitlements add-ons
- add a re-provisioning script that rerun onboardings
*** Olivier Barbeau [50]
**** iroh [34]
- Add number of incidents to each technique in the Mitre matrix [[https://github.com/advthreat/iroh/pull/9157][#9157]]
- Fix events and incidents ES stores for DEV [[https://github.com/advthreat/iroh/pull/9154][#9154]]
- E8851: XDR Native & detections [[https://github.com/advthreat/iroh/pull/9122][#9122]]
- E8851: Design of changes for XDR native detections [[https://github.com/advthreat/iroh/pull/9110][#9110]]
- E8851: Product ordering in the coverage of techniques [[https://github.com/advthreat/iroh/pull/9100][#9100]]
- E8851: Product ordering and SCA renaming [[https://github.com/advthreat/iroh/pull/9086][#9086]]
- E8851: Add Org's integrations to the Mitre matrix [[https://github.com/advthreat/iroh/pull/8993][#8993]]
- E8851: Sorting of Mitre elements [[https://github.com/advthreat/iroh/pull/8992][#8992]]
- E8851: Static matrix common to all Orgs [[https://github.com/advthreat/iroh/pull/8939][#8939]]
- E8851: Talos MITRE coverage files import [[https://github.com/advthreat/iroh/pull/8876][#8876]]
- Design of the Talos MITRE coverage files import [[https://github.com/advthreat/iroh/pull/8856][#8856]]
- 'iroh' node type and default services for all node types [[https://github.com/advthreat/iroh/pull/8817][#8817]]
- Check the list of services for a node type [[https://github.com/advthreat/iroh/pull/8800][#8800]]
- Fix merge error on PR 8784 [[https://github.com/advthreat/iroh/pull/8797][#8797]]
- [IROH configuration]: Move role-web-service config to default tk files [[https://github.com/advthreat/iroh/pull/8782][#8782]]
- [IROH configuration]: Universal Provisioning Services config refactor [[https://github.com/advthreat/iroh/pull/8784][#8784]]
- [IROH configuration]: explicit name for generated conf and meta [[https://github.com/advthreat/iroh/pull/8785][#8785]]
- Clean bootstrap.cfg; remove tmp file [[https://github.com/advthreat/iroh/pull/8781][#8781]]
- Add few additional tests to iroh services [[https://github.com/advthreat/iroh/pull/8762][#8762]]
- rewrite tests [[https://github.com/advthreat/iroh/pull/8773][#8773]]
- more info for debugging [[https://github.com/advthreat/iroh/pull/8717][#8717]]
- [IROH configuration]: general documentation [[https://github.com/advthreat/iroh/pull/8764][#8764]]
- update developer doc for api-gateway [[https://github.com/advthreat/iroh/pull/8723][#8723]]
- Some test clean-up [[https://github.com/advthreat/iroh/pull/8716][#8716]]
- High volume of SQL queries for a single observe/deliberate call [[https://github.com/advthreat/iroh/pull/8682][#8682]]
- Remove the state of module instances in ~obfuscate-module-instance~ [[https://github.com/advthreat/iroh/pull/8670][#8670]]
- E8388: update proxy-endpoints-metadata endpoint and metadata [[https://github.com/advthreat/iroh/pull/8663][#8663]]
- E8388: update x-proxy endpoint and IntService ACL filters [[https://github.com/advthreat/iroh/pull/8608][#8608]]
- E8388 : Simplifies upgrade/downgrade tests [[https://github.com/advthreat/iroh/pull/8635][#8635]]
- Implement ~Module Instance service~ event handler [[https://github.com/advthreat/iroh/pull/8592][#8592]]
- Updates to the design 'entitlement changes for integration modules' [[https://github.com/advthreat/iroh/pull/8541][#8541]]
_between 6 month and 7 month old_
- E8388: add new module-instance events, register Module Instance service as handler [[https://github.com/advthreat/iroh/pull/8547][#8547]]
- E8388: Issue 8531 add state to module instance schema [[https://github.com/advthreat/iroh/pull/8544][#8544]]
- Issue 8389 design entitlement changes for integration modules [[https://github.com/advthreat/iroh/pull/8510][#8510]]
**** tenzin-config [16]
- add XDR native module types for PROD [[https://github.com/advthreat/tenzin-config/pull/1115][#1115]]
- add SCA module-type-id for XDR Native on TEST [temp UI fix] [[https://github.com/advthreat/tenzin-config/pull/1109][#1109]]
- add SCA module-type-id for XDR Native [temp UI fix] [[https://github.com/advthreat/tenzin-config/pull/1108][#1108]]
- Mitre: Add detections for XDR Native [[https://github.com/advthreat/tenzin-config/pull/1098][#1098]]
- product ordering and SCA renaming [[https://github.com/advthreat/tenzin-config/pull/1079][#1079]]
- Config for Mitre covering products [[https://github.com/advthreat/tenzin-config/pull/1072][#1072]]
- Deep merge for vectors and sets with duplicates check [[https://github.com/advthreat/tenzin-config/pull/1032][#1032]]
- Reduce configuration duplicates - config.edn part [[https://github.com/advthreat/tenzin-config/pull/1031][#1031]]
- Reduce configuration duplicates - bootstrap.cfg part [[https://github.com/advthreat/tenzin-config/pull/1028][#1028]]
- Move role-web-service config to IROH [[https://github.com/advthreat/tenzin-config/pull/1026][#1026]]
- Move Universal Provisioning Services config to IROH [[https://github.com/advthreat/tenzin-config/pull/1027][#1027]]
- Clean bootstrap cfg [[https://github.com/advthreat/tenzin-config/pull/1025][#1025]]
- Remove the ~:registration~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/963][#963]]
- Remove the ~:merge-users-by-email~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/962][#962]]
- Remove the ~:account-activation-optim~ flag in all environments as it is now activated everywhere. [[https://github.com/advthreat/tenzin-config/pull/961][#961]]
- Remove the ~xdr-roles~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/964][#964]]
*** (Yogsototh) [62]
**** iroh-scripts [43]
- fix a bug with trust client
- fix resend-invite
- script to remove flags
- fix a bug in create-super-org
- relink scc script
- prevent id collision
- cleaned-up get-org response
- Added add-flag script here
- CSE client and better patch
- resend-invite
- add SXP riles prod clients
- improve client manipulations
- Updated scripts
- use include
- use local clojure
- Added a better alias for sxo clients
- SXO rules
- added ai client with script
- Fix
- A few new scripts
- Super client should be part of XDR orgs
- Super org should have the XDR flag
- Add admin user
- updated and added scripts
- save and improve client aliases
- save improvements
- create dashboard clients
- Support client aliases in get-client
- Update client with client-aliases
- many new scripts
- added a 1-time script
- Add trusted to get-client
- Improve search and error messages
- Prepare TG to SCSO org migration
_between 6 month and 7 month old_
- add scope to a client
- Help support cider
- add admin to org
- Improved descriptions
- promote-to-master script
- Fix and small improvements
- Improve robustness
- Scripts for admin
- client-pass
**** oauth2-client-demo [3]
- pin packages
- reuse authorized url
- added Meraki client to the list
**** ring-jwt-middleware [6]
- Version 1.1.7-SNAPSHOT
- Version 1.1.6
_between 6 month and 7 month old_
- Version 1.1.6-SNAPSHOT
- Version 1.1.5
- v1.1.5-SNAPSHOT
- Version 1.1.4
**** scopula [6]
- Version 0.3.3-SNAPSHOT
- Version 0.3.2
- real cljs support
- Version 0.3.2-SNAPSHOT
- Version 0.3.1
- support cljs
**** xdr-provisioning [4]
- improved re-onboarding script
- use local clojure
- Manage entitlements add-ons
- add a re-provisioning script that rerun onboardings
** iroh-ops
*** Jerome Schneider [1]
**** tenzin-config [1]
- IROH migrate to new MSK SASL/SCRAM cluster!
*** Patrick Patat [1]
**** tenzin-config [1]
- refactor ops config with new ref system [[https://github.com/advthreat/tenzin-config/pull/1113][#1113]]
* Other
** Other
*** Robert Levy [7]
**** iroh [6]
- Inherit properties from type in hierarchical modules [[https://github.com/advthreat/iroh/pull/9042][#9042]]
- Format hierarchical modules invalid-parent-id error with context and error type [[https://github.com/advthreat/iroh/pull/8901][#8901]]
- Update hardcoded source in Secure Endpoint module [[https://github.com/advthreat/iroh/pull/8874][#8874]]
- Expose pagination & search functionality in notifications api [[https://github.com/advthreat/iroh/pull/8803][#8803]]
- Fix bug in hierarchical module logic producing empty settings/settings_effective map [[https://github.com/advthreat/iroh/pull/8745][#8745]]
- Issue 8158 hierarchical module [[https://github.com/advthreat/iroh/pull/8469][#8469]]
**** tenzin-config [1]
- Revert "Adds cache configuration for CrowdStrike (#1002)" [[https://github.com/advthreat/tenzin-config/pull/1005][#1005]]
*** Eric Gierach [5]
**** iroh [2]
_between 6 month and 7 month old_
- bumping iroh-engine to 0.15.13 [[https://github.com/advthreat/iroh/pull/8520][#8520]]
- bumping iroh-engine to 0.15.12 [[https://github.com/advthreat/iroh/pull/8509][#8509]]
**** tenzin-config [3]
- removing duplicate entry [[https://github.com/advthreat/tenzin-config/pull/1078][#1078]]
- Swap stg and test configs for reporting. [[https://github.com/advthreat/tenzin-config/pull/1077][#1077]]
- Disabling reporting until Ops gets the infra set up. [[https://github.com/advthreat/tenzin-config/pull/1075][#1075]]
*** II [20]
**** iroh [16]
- Keeps Kondo from being run on dev start [[https://github.com/advthreat/iroh/pull/9220][#9220]]
- Xdr 1282 Adds new Umbrella service to default services [[https://github.com/advthreat/iroh/pull/9214][#9214]]
- Xdr 1282 add v 2 token cache to umbrella integration [[https://github.com/advthreat/iroh/pull/9208][#9208]]
- XDR-1411 Fixes inconsistent v1 v2 refer [[https://github.com/advthreat/iroh/pull/9197][#9197]]
- 9074 remove settings effective [[https://github.com/advthreat/iroh/pull/9075][#9075]]
- 8990 umbrella investigate v2 [[https://github.com/advthreat/iroh/pull/9030][#9030]]
- 8958 Adds Missing Umbrella v2 Sightings [[https://github.com/advthreat/iroh/pull/8960][#8960]]
- 8498 fix token cache [[https://github.com/advthreat/iroh/pull/8911][#8911]]
- 8798 create migration to add parents to existing microsoft defender modules [[https://github.com/advthreat/iroh/pull/8870][#8870]]
- Throws exception in parent validation on non-existent parent [[https://github.com/advthreat/iroh/pull/8850][#8850]]
- Merges module type props on create and update health check [[https://github.com/advthreat/iroh/pull/8845][#8845]]
- Implements v2 threat hunting [[https://github.com/advthreat/iroh/pull/8833][#8833]]
- This should fix issue with parent settings not used on create-patch [[https://github.com/advthreat/iroh/pull/8822][#8822]]
- Adds insights scope to allowed Automation scopes in gen-ao-jwt [[https://github.com/advthreat/iroh/pull/8678][#8678]]
- 8496 token cache fix [[https://github.com/advthreat/iroh/pull/8637][#8637]]
_between 6 month and 7 month old_
- 8496 - relay module token cache [[https://github.com/advthreat/iroh/pull/8580][#8580]]
**** tenzin-config [4]
- Disables Umbrella module auto load so service does it [[https://github.com/advthreat/tenzin-config/pull/1120][#1120]]
- Enables Umbrella token caches [[https://github.com/advthreat/tenzin-config/pull/1119][#1119]]
- Revert "Revert "Adds cache configuration for CrowdStrike (#1002)" (#1005)" [[https://github.com/advthreat/tenzin-config/pull/1008][#1008]]
_between 6 month and 7 month old_
- Adds cache configuration for CrowdStrike [[https://github.com/advthreat/tenzin-config/pull/1002][#1002]]
*** Devin Walters [9]
**** tenzin-config [9]
- Configure s3-http-client connection pool size for PROD environments [[https://github.com/advthreat/tenzin-config/pull/1105][#1105]]
- Turn on reporting pipeline in TEST [[https://github.com/advthreat/tenzin-config/pull/1097][#1097]]
- Up hikari pool size in INT for conure [[https://github.com/advthreat/tenzin-config/pull/1095][#1095]]
- Configure incident import bucket per PROD env for iroh and iroh-async [[https://github.com/advthreat/tenzin-config/pull/1092][#1092]]
- Configure incident pipeline [[https://github.com/advthreat/tenzin-config/pull/1091][#1091]]
- Fix bucket name [[https://github.com/advthreat/tenzin-config/pull/1083][#1083]]
- Match s3 bucket key [[https://github.com/advthreat/tenzin-config/pull/1082][#1082]]
- Add INT and TEST enrichment bucket names to relevant configs [[https://github.com/advthreat/tenzin-config/pull/1057][#1057]]
_between 6 month and 7 month old_
- Add port 443 to ctia base urls [[https://github.com/advthreat/tenzin-config/pull/996][#996]]
*** Mia [5]
**** iroh [5]
- create permanent logs to unobtrusively monitor bundle import results [[https://github.com/advthreat/iroh/pull/9242][#9242]]
- New iroh event docs [[https://github.com/advthreat/iroh/pull/9181][#9181]]
- iroh-engine 0.16.2 [[https://github.com/advthreat/iroh/pull/9125][#9125]]
- Engine 0.16.1 [[https://github.com/advthreat/iroh/pull/9116][#9116]]
- Engine 0.16.0 [[https://github.com/advthreat/iroh/pull/8997][#8997]]
*** Martin Bruchanov [1]
**** tenzin-config [1]
- XDRSRE-64: Authentication for public CTIA in INT [[https://github.com/advthreat/tenzin-config/pull/1081][#1081]]
*** James Moser [1]
**** tenzin-config [1]
- added QA domain to idps email domain whitelists [[https://github.com/advthreat/tenzin-config/pull/1085][#1085]]
*** [20]
**** iroh [16]
- Keeps Kondo from being run on dev start [[https://github.com/advthreat/iroh/pull/9220][#9220]]
- Xdr 1282 Adds new Umbrella service to default services [[https://github.com/advthreat/iroh/pull/9214][#9214]]
- Xdr 1282 add v 2 token cache to umbrella integration [[https://github.com/advthreat/iroh/pull/9208][#9208]]
- XDR-1411 Fixes inconsistent v1 v2 refer [[https://github.com/advthreat/iroh/pull/9197][#9197]]
- 9074 remove settings effective [[https://github.com/advthreat/iroh/pull/9075][#9075]]
- 8990 umbrella investigate v2 [[https://github.com/advthreat/iroh/pull/9030][#9030]]
- 8958 Adds Missing Umbrella v2 Sightings [[https://github.com/advthreat/iroh/pull/8960][#8960]]
- 8498 fix token cache [[https://github.com/advthreat/iroh/pull/8911][#8911]]
- 8798 create migration to add parents to existing microsoft defender modules [[https://github.com/advthreat/iroh/pull/8870][#8870]]
- Throws exception in parent validation on non-existent parent [[https://github.com/advthreat/iroh/pull/8850][#8850]]
- Merges module type props on create and update health check [[https://github.com/advthreat/iroh/pull/8845][#8845]]
- Implements v2 threat hunting [[https://github.com/advthreat/iroh/pull/8833][#8833]]
- This should fix issue with parent settings not used on create-patch [[https://github.com/advthreat/iroh/pull/8822][#8822]]
- Adds insights scope to allowed Automation scopes in gen-ao-jwt [[https://github.com/advthreat/iroh/pull/8678][#8678]]
- 8496 token cache fix [[https://github.com/advthreat/iroh/pull/8637][#8637]]
_between 6 month and 7 month old_
- 8496 - relay module token cache [[https://github.com/advthreat/iroh/pull/8580][#8580]]
**** tenzin-config [4]
- Disables Umbrella module auto load so service does it [[https://github.com/advthreat/tenzin-config/pull/1120][#1120]]
- Enables Umbrella token caches [[https://github.com/advthreat/tenzin-config/pull/1119][#1119]]
- Revert "Revert "Adds cache configuration for CrowdStrike (#1002)" (#1005)" [[https://github.com/advthreat/tenzin-config/pull/1008][#1008]]
_between 6 month and 7 month old_
- Adds cache configuration for CrowdStrike [[https://github.com/advthreat/tenzin-config/pull/1002][#1002]]
*** Martin Bruchanov [1]
**** iroh [1]
- XDR-1344: Final version of deletion script used for PROD change [[https://github.com/advthreat/iroh/pull/9174][#9174]]
*** Ruslan Yemelianov [2]
**** tenzin-config [2]
- Revert "enable ES auth private-ctia INT"
- enable ES auth private-ctia INT
*** Andrew Parisi [2]
**** tenzin-config [2]
- [data-retention/update-iroh-internal-for-prod] [[https://github.com/advthreat/tenzin-config/pull/1018][#1018]]
- [data-retention/update-entitlement-route-information] [[https://github.com/advthreat/tenzin-config/pull/1004][#1004]]
*** Scott McLeod [7]
**** iroh [6]
- Notification service timestamp filter [[https://github.com/advthreat/iroh/pull/9252][#9252]]
- Tk store half bounded intervals [[https://github.com/advthreat/iroh/pull/9158][#9158]]
- Extend tk search with range queries [[https://github.com/advthreat/iroh/pull/8912][#8912]]
- Resolves postgres driver sql-injection vulnerability #9091 [[https://github.com/advthreat/iroh/pull/9092][#9092]]
- Implement searching risk scores by score [[https://github.com/advthreat/iroh/pull/8907][#8907]]
- tk store: Add delete-search method #8213 [[https://github.com/advthreat/iroh/pull/8692][#8692]]
**** tenzin-config [1]
- Increase ReportService batch size to ES maximum [[https://github.com/advthreat/tenzin-config/pull/1055][#1055]]
*** Sam Waggoner [1]
**** tenzin-config [1]
- hydrant/912 add clean hashes importer.
*** t2sw [2]
**** ctia [1]
_between 6 month and 7 month old_
- Update CODEOWNERS [[https://github.com/threatgrid/ctia/pull/1390][#1390]]
**** iroh [1]
- add health endpoint to tac portal and update tests [[https://github.com/advthreat/iroh/pull/9002][#9002]]
*** Jerome Schneider [1]
**** iroh [1]
- Upgrade PostgreSQL to 12.15 [[https://github.com/advthreat/iroh/pull/8618][#8618]]
*** Brooke Swanson [24]
**** ctia [2]
- XDR-1769: bump CTIM to 1.3.17. [[https://github.com/threatgrid/ctia/pull/1422][#1422]]
- Add brookeswanson to codeowners. [[https://github.com/threatgrid/ctia/pull/1396][#1396]]
**** iroh [8]
- Maintain behavior for existing events, but also notify s3 if an incid… [[https://github.com/advthreat/iroh/pull/9172][#9172]]
- XDR-1769: bump CTIM to 1.3.17. [[https://github.com/advthreat/iroh/pull/9226][#9226]]
- Reformat bucket path [[https://github.com/advthreat/iroh/pull/9102][#9102]]
- Save to s3 on bundle import. [[https://github.com/advthreat/iroh/pull/8977][#8977]]
- Replace CTIA Crud with Conure Calls [[https://github.com/advthreat/iroh/pull/8924][#8924]]
- Limit risk score [[https://github.com/advthreat/iroh/pull/8906][#8906]]
- Set Limits around observe targets call [[https://github.com/advthreat/iroh/pull/8910][#8910]]
- Add no-doc true and prevent explosion due to mismatched types. [[https://github.com/advthreat/iroh/pull/8548][#8548]]
**** tenzin-config [14]
- Failure to configure correct url. [[https://github.com/advthreat/tenzin-config/pull/1100][#1100]]
- These were flipped in TEST and we would like to test reports. [[https://github.com/advthreat/tenzin-config/pull/1094][#1094]]
- One more time see if the report tab will work. [[https://github.com/advthreat/tenzin-config/pull/1088][#1088]]
- Toggle report feature until Infrastructure is stable. [[https://github.com/advthreat/tenzin-config/pull/1086][#1086]]
- update config. [[https://github.com/advthreat/tenzin-config/pull/1080][#1080]]
- Report in test. [[https://github.com/advthreat/tenzin-config/pull/1076][#1076]]
- conure -> base-url. [[https://github.com/advthreat/tenzin-config/pull/1073][#1073]]
- Temporary flip this to not spam logs. [[https://github.com/advthreat/tenzin-config/pull/1069][#1069]]
- Output buckets. [[https://github.com/advthreat/tenzin-config/pull/1068][#1068]]
- Distributor and Conure configs. [[https://github.com/advthreat/tenzin-config/pull/1067][#1067]]
- Add base-url for incident export (and incident report). [[https://github.com/advthreat/tenzin-config/pull/1064][#1064]]
- Add playbook to conure configs. [[https://github.com/advthreat/tenzin-config/pull/1060][#1060]]
- Add ouath2 config for all regions. [[https://github.com/advthreat/tenzin-config/pull/1020][#1020]]
- Playbook automation config. [[https://github.com/advthreat/tenzin-config/pull/1037][#1037]]
*** Yurii Ivanisenko [1]
**** tenzin-config [1]
- tactical-portal moved to vercel [[https://github.com/advthreat/tenzin-config/pull/1022][#1022]]
*** James Brock [1]
**** easy-purescript-nix [1]
- purs: 0.15.10 -> 0.15.15
*** ryemelia [6]
**** tenzin-config [6]
- XDRSRE-1150: [TEST] Enable ES auth iroh/iroh-async [[https://github.com/advthreat/tenzin-config/pull/1128][#1128]]
- Enable ES auth private-ctia TEST [[https://github.com/advthreat/tenzin-config/pull/1126][#1126]]
- Enable es auth CTIA test [[https://github.com/advthreat/tenzin-config/pull/1127][#1127]]
- fix kafka connector ES AUTH for INT [[https://github.com/advthreat/tenzin-config/pull/1129][#1129]]
- Enable ES auth private-ctia INT [[https://github.com/advthreat/tenzin-config/pull/1125][#1125]]
- XDRSRE-1273: [INT] Enable ES auth for iroh iroh-async [[https://github.com/advthreat/tenzin-config/pull/1124][#1124]]

1940
reports/FY24Q4-tmp-report.html Normal file
View file

File diff suppressed because it is too large Load diff

940
reports/FY24Q4-tmp-report.org Normal file
View file

@ -0,0 +1,940 @@
#+title: FY24Q4 Report
#+subtitle: logs goes 7 month back
#+date: 2024-06-04
#+options: H:6 ^:nil
* IROH
** lead
*** Guillaume Buisson [13]
**** ctia [2]
- Properly filter Relationships to assemble a Feed View [[https://github.com/threatgrid/ctia/pull/1421][#1421]]
- Filter out some infrastructure details from Error API Responses [[https://github.com/threatgrid/ctia/pull/1412][#1412]]
**** iroh [9]
- Logging improvements [[https://github.com/advthreat/iroh/pull/9241][#9241]]
- fix a flaky test in iroh-web [[https://github.com/advthreat/iroh/pull/9250][#9250]]
- Don't use pp-str to log the request in the rate limiter service [[https://github.com/advthreat/iroh/pull/9249][#9249]]
- Fix iroh-kafka* logs [[https://github.com/advthreat/iroh/pull/9240][#9240]]
- Update the json appender to rename the output level key [[https://github.com/advthreat/iroh/pull/9187][#9187]]
- update the logstash-v2 logging preset [[https://github.com/advthreat/iroh/pull/9178][#9178]]
- Don't fire disabled webhooks [[https://github.com/advthreat/iroh/pull/8741][#8741]]
_between 6 month and 7 month old_
- upgrade ctia-investigate to use transit+json instead of edn [[https://github.com/advthreat/iroh/pull/8623][#8623]]
- A new script to update a record :created in ES [[https://github.com/advthreat/iroh/pull/8574][#8574]]
**** tenzin-config [2]
- setup the IROH json logging appender
- Re-apply the default rate limit for the NGFW Incident promotion client [[https://github.com/advthreat/tenzin-config/pull/1063][#1063]]
** data
*** Mario Aquino [40]
**** iroh [30]
- Constrain judgements included with threat hunt incident bundles [[https://github.com/advthreat/iroh/pull/9279][#9279]]
- Threat hunt integration tests [[https://github.com/advthreat/iroh/pull/9218][#9218]]
- Threat hunt module instance pagination [[https://github.com/advthreat/iroh/pull/9200][#9200]]
- iroh-async Telemetry Identity Data [[https://github.com/advthreat/iroh/pull/9166][#9166]]
- Xdr 1086/crud store fields filtering [[https://github.com/advthreat/iroh/pull/9147][#9147]]
- iroh-async task (metric) tag [[https://github.com/advthreat/iroh/pull/9123][#9123]]
- iroh-metrics in default bootstrap [[https://github.com/advthreat/iroh/pull/9118][#9118]]
- Metrics Service (micrometer) [[https://github.com/advthreat/iroh/pull/9029][#9029]]
- Disable color logging for test execution [[https://github.com/advthreat/iroh/pull/9097][#9097]]
- Carmine & Timbre upgrade v2 [[https://github.com/advthreat/iroh/pull/9005][#9005]]
- Loosen Risk Score Incident validation [[https://github.com/advthreat/iroh/pull/9013][#9013]]
- Apply risk score valid ranges to incident schemas [[https://github.com/advthreat/iroh/pull/8976][#8976]]
- Revert "Upgrade carmine version (#8888)" [[https://github.com/advthreat/iroh/pull/9003][#9003]]
- Log Tuning [[https://github.com/advthreat/iroh/pull/8978][#8978]]
- Upgrade carmine version [[https://github.com/advthreat/iroh/pull/8888][#8888]]
- Fix flaky test [[https://github.com/advthreat/iroh/pull/8956][#8956]]
- iroh-async high-traffic adjustments [[https://github.com/advthreat/iroh/pull/8835][#8835]]
- Fix disabled threat-hunt test [[https://github.com/advthreat/iroh/pull/8814][#8814]]
- Update incident_time when updating incident status [[https://github.com/advthreat/iroh/pull/8801][#8801]]
- incident enrichment activity diagram [[https://github.com/advthreat/iroh/pull/8712][#8712]]
- Separate Risk score & incident enrichment [[https://github.com/advthreat/iroh/pull/8751][#8751]]
- Improve safe-filtering [[https://github.com/advthreat/iroh/pull/8731][#8731]]
- iroh-async: Flatten Datadog context [[https://github.com/advthreat/iroh/pull/8706][#8706]]
- iroh-async logging & tracing context [[https://github.com/advthreat/iroh/pull/8705][#8705]]
_between 6 month and 7 month old_
- Socket timeout milliseconds (not seconds) [[https://github.com/advthreat/iroh/pull/8690][#8690]]
- Risk Score socket-timeout [[https://github.com/advthreat/iroh/pull/8687][#8687]]
- Threat Hunt Module Exclusion [[https://github.com/advthreat/iroh/pull/8646][#8646]]
- Remove dead code [[https://github.com/advthreat/iroh/pull/8626][#8626]]
- Incident Summary migration re-run [[https://github.com/advthreat/iroh/pull/8597][#8597]]
- Notification request uses paginated user search [[https://github.com/advthreat/iroh/pull/8606][#8606]]
**** tenzin-config [10]
- Fix auth parameters passed for calling ES [[https://github.com/advthreat/tenzin-config/pull/1139][#1139]]
- Address thread exhaustion in conn mgrs during threat hunting [[https://github.com/advthreat/tenzin-config/pull/1130][#1130]]
- Exclude CTIA modules from threat hunt execution [[https://github.com/advthreat/tenzin-config/pull/1122][#1122]]
- Add iroh-async client-id to rate unlimited list [[https://github.com/advthreat/tenzin-config/pull/1053][#1053]]
- Increase conn-manager thread count after PROD performance monitoring [[https://github.com/advthreat/tenzin-config/pull/1042][#1042]]
- Increase thread pool size for EU private intel conn mgr [[https://github.com/advthreat/tenzin-config/pull/1039][#1039]]
- Increase connection mgr thread pool for NAM/EU/TEST [[https://github.com/advthreat/tenzin-config/pull/1030][#1030]]
_between 6 month and 7 month old_
- Increase thread pool size for engine connection manager [[https://github.com/advthreat/tenzin-config/pull/1012][#1012]]
- Config for skipping Private Intel during investigation threat hunt [[https://github.com/advthreat/tenzin-config/pull/1009][#1009]]
- Rerun incident summary migration and update ES index [[https://github.com/advthreat/tenzin-config/pull/1001][#1001]]
*** Guillaume Erétéo [52]
**** ctia [11]
- remove ES5 support [[https://github.com/threatgrid/ctia/pull/1419][#1419]]
- Optimize lucene searches [[https://github.com/threatgrid/ctia/pull/1420][#1420]]
- bump ctim / remove status disposition [[https://github.com/threatgrid/ctia/pull/1417][#1417]]
- ctim 1.3.15 [[https://github.com/threatgrid/ctia/pull/1415][#1415]]
- silent this too noisy log [[https://github.com/threatgrid/ctia/pull/1414][#1414]]
- ctim-1.3.14 [[https://github.com/threatgrid/ctia/pull/1413][#1413]]
- remove un-store [[https://github.com/threatgrid/ctia/pull/1410][#1410]]
- fix wait_for for delete search [[https://github.com/threatgrid/ctia/pull/1399][#1399]]
_between 6 month and 7 month old_
- incident meta [[https://github.com/threatgrid/ctia/pull/1391][#1391]]
- Incident status disposition [[https://github.com/threatgrid/ctia/pull/1389][#1389]]
- Update CODEOWNERS [[https://github.com/threatgrid/ctia/pull/1387][#1387]]
**** iroh [38]
- Enable auth on private intel es IOPS script [[https://github.com/advthreat/iroh/pull/9275][#9275]]
- Dump events with dump metrics script [[https://github.com/advthreat/iroh/pull/9180][#9180]]
- Sca clean phase 2 [[https://github.com/advthreat/iroh/pull/9176][#9176]]
- add backup clusters for delete [[https://github.com/advthreat/iroh/pull/9173][#9173]]
- Scripts for SCA issue cleaning [[https://github.com/advthreat/iroh/pull/9161][#9161]]
- simplify sorting in telemetry reports [[https://github.com/advthreat/iroh/pull/9144][#9144]]
- Add logs to better monitor reports [[https://github.com/advthreat/iroh/pull/9142][#9142]]
- Report service: consider missing user/org ids [[https://github.com/advthreat/iroh/pull/9134][#9134]]
- filter ids on search [[https://github.com/advthreat/iroh/pull/9130][#9130]]
- Generate statistics about modules [[https://github.com/advthreat/iroh/pull/9108][#9108]]
- Refactor iops report generation [[https://github.com/advthreat/iroh/pull/9099][#9099]]
- bump ctim / remove status disposition [[https://github.com/advthreat/iroh/pull/9114][#9114]]
- fix flaky ES test: wait some more [[https://github.com/advthreat/iroh/pull/9089][#9089]]
- telemetry report: fix search iteration for batch size 10000 [[https://github.com/advthreat/iroh/pull/9082][#9082]]
- reduce logs by adding user-scopes [[https://github.com/advthreat/iroh/pull/9078][#9078]]
- tk store: update ES index state [[https://github.com/advthreat/iroh/pull/8664][#8664]]
- Add admin maintenance route to load MITRE stix [[https://github.com/advthreat/iroh/pull/8967][#8967]]
- ctim 1.3.15 [[https://github.com/advthreat/iroh/pull/9068][#9068]]
- limit walk entities to the necessary exports [[https://github.com/advthreat/iroh/pull/9039][#9039]]
- ctim 1.3.14 [[https://github.com/advthreat/iroh/pull/9016][#9016]]
- Dump ES metrics telemetry events [[https://github.com/advthreat/iroh/pull/8999][#8999]]
- script to clean SE false positive incidents and sightings [[https://github.com/advthreat/iroh/pull/8846][#8846]]
- MITRE Matrix: dynamic components design [[https://github.com/advthreat/iroh/pull/8973][#8973]]
- fix Talos threat hunt [[https://github.com/advthreat/iroh/pull/8969][#8969]]
- update the design of static MITRE matrix rendering [[https://github.com/advthreat/iroh/pull/8949][#8949]]
- replace lazyseq by iteration in reports [[https://github.com/advthreat/iroh/pull/8957][#8957]]
- For Jeetu by G2 [[https://github.com/advthreat/iroh/pull/8920][#8920]]
- Some more incident stats [[https://github.com/advthreat/iroh/pull/8861][#8861]]
- import mitre matrix backbone [[https://github.com/advthreat/iroh/pull/8899][#8899]]
- Mitre coverage static matrix [[https://github.com/advthreat/iroh/pull/8882][#8882]]
- add created and modified to IROH CTIM entities [[https://github.com/advthreat/iroh/pull/8810][#8810]]
- bundle import activity diagrams [[https://github.com/advthreat/iroh/pull/8708][#8708]]
- scoring at bundle import [[https://github.com/advthreat/iroh/pull/8694][#8694]]
_between 6 month and 7 month old_
- Meta incident field [[https://github.com/advthreat/iroh/pull/8617][#8617]]
- entitlement-enforcement-jobs-service in default [[https://github.com/advthreat/iroh/pull/8612][#8612]]
- incident status_disposition [[https://github.com/advthreat/iroh/pull/8587][#8587]]
- introduce admin common web service for cisco services [[https://github.com/advthreat/iroh/pull/8573][#8573]]
- speed up listing of entilements [[https://github.com/advthreat/iroh/pull/8516][#8516]]
**** tenzin-config [3]
- configure / tune private intel proxy cm [[https://github.com/advthreat/tenzin-config/pull/1074][#1074]]
- increase bundle-batch-size [[https://github.com/advthreat/tenzin-config/pull/1071][#1071]]
_between 6 month and 7 month old_
- fix config path in README.md [[https://github.com/advthreat/tenzin-config/pull/1000][#1000]]
*** Ambrose Bonnaire-Sergeant [41]
**** ctia [13]
- Bump ring-swagger with proof of memory leak fix [[https://github.com/threatgrid/ctia/pull/1423][#1423]]
- Clojure 1.11.1 -> 1.11.2 [[https://github.com/threatgrid/ctia/pull/1416][#1416]]
- Revert patch bundle commits [[https://github.com/threatgrid/ctia/pull/1411][#1411]]
- Fix 2XX response swagger/coercion, ban ~:return~ [[https://github.com/threatgrid/ctia/pull/1407][#1407]]
- Remove asset properties/mapping merging during bundle patch [[https://github.com/threatgrid/ctia/pull/1408][#1408]]
- Fix :body descriptions [[https://github.com/threatgrid/ctia/pull/1409][#1409]]
- Fix POST /bulk schema checking [[https://github.com/threatgrid/ctia/pull/1406][#1406]]
- Use prn instead of pprint for logs [[https://github.com/threatgrid/ctia/pull/1401][#1401]]
- Eval routes and options given to ~context~ at initialization time [[https://github.com/threatgrid/ctia/pull/1394][#1394]]
- Use ~st/merge~ to merge schemas instead of ~into~ [[https://github.com/threatgrid/ctia/pull/1398][#1398]]
- Never match existing asset-* entities when patch-existing=false [[https://github.com/threatgrid/ctia/pull/1395][#1395]]
- Re-enable incident tests [[https://github.com/threatgrid/ctia/pull/1393][#1393]]
_between 6 month and 7 month old_
- Add external_ids to investigation select fields [[https://github.com/threatgrid/ctia/pull/1392][#1392]]
**** iroh [24]
- Add support for JDK 21 [[https://github.com/advthreat/iroh/pull/9251][#9251]]
- Bump ring-swagger and prove it fixes the memory leak [[https://github.com/advthreat/iroh/pull/9244][#9244]]
- Fix typo in debug log [[https://github.com/advthreat/iroh/pull/9228][#9228]]
- Debug logs to investigate person assets not being imported [[https://github.com/advthreat/iroh/pull/9227][#9227]]
- Update status endpoint to keep conure updated [[https://github.com/advthreat/iroh/pull/9209][#9209]]
- Update test for new carmine non-FIFO queues: ~queue-status-report-test~ [[https://github.com/advthreat/iroh/pull/9103][#9103]]
- Make generated tk meta easier to review using pprint [[https://github.com/advthreat/iroh/pull/8805][#8805]]
- Restrict possible values for updated asset properties [[https://github.com/advthreat/iroh/pull/9022][#9022]]
- Don't forward response headers from CTIA to IROH [[https://github.com/advthreat/iroh/pull/9014][#9014]]
- Only subscribe incidents with supported observables [[https://github.com/advthreat/iroh/pull/9000][#9000]]
- Fix flaky test [[https://github.com/advthreat/iroh/pull/9001][#9001]]
- Redis: Set NX / XX [[https://github.com/advthreat/iroh/pull/8970][#8970]]
- Bulk asset update + rescoring route [[https://github.com/advthreat/iroh/pull/8963][#8963]]
- Fix logf call [[https://github.com/advthreat/iroh/pull/8925][#8925]]
- Fix incident subscription args, and only subscribe incident if observables/identities are non-empty [[https://github.com/advthreat/iroh/pull/8921][#8921]]
- Fix DI subscription URL [[https://github.com/advthreat/iroh/pull/8914][#8914]]
- Revert patch bundle commits [[https://github.com/advthreat/iroh/pull/8903][#8903]]
- Fix swagger description [[https://github.com/advthreat/iroh/pull/8905][#8905]]
- Asset properties update and incident rescoring route [[https://github.com/advthreat/iroh/pull/8843][#8843]]
- Rescoring task [[https://github.com/advthreat/iroh/pull/8869][#8869]]
- Generate valid DI auth tokens for incident subscriptions [[https://github.com/advthreat/iroh/pull/8804][#8804]]
- Fix ~(reset)~ [[https://github.com/advthreat/iroh/pull/8799][#8799]]
- Subscribe to incident asset rescoring via DI [[https://github.com/advthreat/iroh/pull/8699][#8699]]
- Only pass default patch-existing query params in bundle/import proxy if patch-existing=true [[https://github.com/advthreat/iroh/pull/8725][#8725]]
**** tenzin-config [4]
- Bulk asset update limits [[https://github.com/advthreat/tenzin-config/pull/1059][#1059]]
- Add Conure url to Private intel config [[https://github.com/advthreat/tenzin-config/pull/1052][#1052]]
- Add config for DI client in iroh-engine [[https://github.com/advthreat/tenzin-config/pull/1036][#1036]]
- Add device insights url to iroh-engine config [[https://github.com/advthreat/tenzin-config/pull/1014][#1014]]
** integrations
*** Matthieu Sprunck [20]
**** iroh [16]
- Adding and editing Automate notification types [[https://github.com/advthreat/iroh/pull/9277][#9277]]
- Rename automation_workflow_disabled to automation_workflow_definition [[https://github.com/advthreat/iroh/pull/9196][#9196]]
- Revert "Update the json appender to rename the output level key (#9187)" [[https://github.com/advthreat/iroh/pull/9191][#9191]]
- Change Incident Assignment Notification wording [[https://github.com/advthreat/iroh/pull/9189][#9189]]
- Add title and link to the incident in the incident assignment notification [[https://github.com/advthreat/iroh/pull/9188][#9188]]
- Add a log when an unexpected status is returned from KafkaConnect [[https://github.com/advthreat/iroh/pull/9153][#9153]]
- IROH Proxy: Correct handling for path with spaces (%20) [[https://github.com/advthreat/iroh/pull/9149][#9149]]
- Build notification type name from notification type [[https://github.com/advthreat/iroh/pull/9140][#9140]]
- JMX metrics for clj-http connection manager [[https://github.com/advthreat/iroh/pull/8765][#8765]]
- Always decompress the body when status is not 2xx [[https://github.com/advthreat/iroh/pull/8527][#8527]]
- Restore default expiration (24h) for the local session token [[https://github.com/advthreat/iroh/pull/8747][#8747]]
_between 6 month and 7 month old_
- Workflow event schema changes [[https://github.com/advthreat/iroh/pull/8656][#8656]]
- IROH Proxy: remove headers set by the reverse proxy [[https://github.com/advthreat/iroh/pull/8655][#8655]]
- More log context to investigate #8638 [[https://github.com/advthreat/iroh/pull/8654][#8654]]
- Add logging info to investigate #8638 [[https://github.com/advthreat/iroh/pull/8653][#8653]]
- StackOverflowError temporary fix [[https://github.com/advthreat/iroh/pull/8607][#8607]]
**** tenzin-config [4]
- Configure XDR URL in the PrivateIntel service for the Assignment notification [[https://github.com/advthreat/tenzin-config/pull/1116][#1116]]
- Create a module record for Microsoft Graph API [[https://github.com/advthreat/tenzin-config/pull/1050][#1050]]
- Fix settings names for JAMF auth upgrade [[https://github.com/advthreat/tenzin-config/pull/1048][#1048]]
- Use Token Auth with the JAMF Classic API [[https://github.com/advthreat/tenzin-config/pull/1038][#1038]]
*** Kirill Chernyshov [42]
**** iroh [35]
- Draft design [[https://github.com/advthreat/iroh/pull/9201][#9201]]
- Format redirect url for email notification [[https://github.com/advthreat/iroh/pull/9211][#9211]]
- Use static string 'Cisco' as a subtitle [[https://github.com/advthreat/iroh/pull/9210][#9210]]
- Coerce incoming notification before email format [[https://github.com/advthreat/iroh/pull/9204][#9204]]
- [REFACTORING] Standardize trapperkeeper usage [[https://github.com/advthreat/iroh/pull/9177][#9177]]
- Use ~notify!~ to create notification via API call [[https://github.com/advthreat/iroh/pull/9162][#9162]]
- Fix copyright notice in email template [[https://github.com/advthreat/iroh/pull/9159][#9159]]
- Add simple template for notification email [[https://github.com/advthreat/iroh/pull/9150][#9150]]
- Allow nil as a correlation id [[https://github.com/advthreat/iroh/pull/9143][#9143]]
- Fix for EventService initialization [[https://github.com/advthreat/iroh/pull/9141][#9141]]
- Respect user notification preferences [[https://github.com/advthreat/iroh/pull/9133][#9133]]
- Add default config for NotificationInDelivery [[https://github.com/advthreat/iroh/pull/9128][#9128]]
- 8938 e8811 process email notification delivery [[https://github.com/advthreat/iroh/pull/9127][#9127]]
- Fix config key [[https://github.com/advthreat/iroh/pull/9115][#9115]]
- Fix dev config for NotificationInDeliveryService [[https://github.com/advthreat/iroh/pull/9113][#9113]]
- On recieving NotificationRequest notify users according to their preference [[https://github.com/advthreat/iroh/pull/9087][#9087]]
- Upgrade clojure 1.11.1 -> 1.11.2 [[https://github.com/advthreat/iroh/pull/9072][#9072]]
- Remove maintenance notification type [[https://github.com/advthreat/iroh/pull/9069][#9069]]
- 8933 e8811 create notificationindeliveryservice persistence only [[https://github.com/advthreat/iroh/pull/9025][#9025]]
- "In App" -> "In-App" [[https://github.com/advthreat/iroh/pull/9020][#9020]]
- Add correct :name and :description to notification type meta [[https://github.com/advthreat/iroh/pull/9012][#9012]]
- NotificationPreference API real endpoint [[https://github.com/advthreat/iroh/pull/8995][#8995]]
- NotificationPreference Service [[https://github.com/advthreat/iroh/pull/8982][#8982]]
- Fixes for notification endpoint [[https://github.com/advthreat/iroh/pull/8964][#8964]]
- Add notification preference api endpoints [[https://github.com/advthreat/iroh/pull/8947][#8947]]
- Initial draft design of notifications delivery [[https://github.com/advthreat/iroh/pull/8844][#8844]]
- Refactor data streams service [[https://github.com/advthreat/iroh/pull/8793][#8793]]
- DRY'ed out client-creds-token namespace [[https://github.com/advthreat/iroh/pull/8783][#8783]]
- Kafka connect monitoring [[https://github.com/advthreat/iroh/pull/8278][#8278]]
- Handle undelivered records [[https://github.com/advthreat/iroh/pull/8634][#8634]]
- Events data retention enforcement job [[https://github.com/advthreat/iroh/pull/8722][#8722]]
- Iroh events data retention implementation [[https://github.com/advthreat/iroh/pull/8666][#8666]]
- Iroh events postgres data retention [[https://github.com/advthreat/iroh/pull/8693][#8693]]
_between 6 month and 7 month old_
- Use timbre for logging [[https://github.com/advthreat/iroh/pull/8651][#8651]]
- Add draft design for IROH Events data retention [[https://github.com/advthreat/iroh/pull/8585][#8585]]
**** tenzin-config [7]
- Add KafkaProducerService to all envs [[https://github.com/advthreat/tenzin-config/pull/1107][#1107]]
- Add email kafka consumer to all envs [[https://github.com/advthreat/tenzin-config/pull/1106][#1106]]
- Enable kafka consumer for email notifications [[https://github.com/advthreat/tenzin-config/pull/1099][#1099]]
- Add new kafka topics for IROH notifications [[https://github.com/advthreat/tenzin-config/pull/1070][#1070]]
- Add ES sink connector v2 to test full migration [[https://github.com/advthreat/tenzin-config/pull/1035][#1035]]
- Fix broken data stream on TEST [[https://github.com/advthreat/tenzin-config/pull/1034][#1034]]
- Config for DataStreams service [[https://github.com/advthreat/tenzin-config/pull/1033][#1033]]
*** Shafiq [33]
**** iroh [30]
- Return relevant proxy health check errors req auth fails [[https://github.com/advthreat/iroh/pull/9290][#9290]]
- Fix access-token url for rubrik and commvault auth [[https://github.com/advthreat/iroh/pull/9287][#9287]]
- Support Async remote requests in AutomateRemoteProxy [[https://github.com/advthreat/iroh/pull/9264][#9264]]
- Design Automation-Remote target for iroh-proxy [[https://github.com/advthreat/iroh/pull/9190][#9190]]
- Trim whitespace when interpolating pipe transforms [[https://github.com/advthreat/iroh/pull/9121][#9121]]
- Support for GoogleAPI Authorization [[https://github.com/advthreat/iroh/pull/9106][#9106]]
- Refactor proxy health check [[https://github.com/advthreat/iroh/pull/9066][#9066]]
- Data retention cleanup of notification services [[https://github.com/advthreat/iroh/pull/9064][#9064]]
- Apply data retention policy on iroh-notifications [[https://github.com/advthreat/iroh/pull/9054][#9054]]
- Add ~:remote~ type in configuration spec fields [[https://github.com/advthreat/iroh/pull/9046][#9046]]
- Refactor proxy-health-check [[https://github.com/advthreat/iroh/pull/9033][#9033]]
- Update proxy-health-check logging [[https://github.com/advthreat/iroh/pull/9028][#9028]]
- Update proxy health check logging [[https://github.com/advthreat/iroh/pull/9024][#9024]]
- Perform relay-api request based on observable-types [[https://github.com/advthreat/iroh/pull/9017][#9017]]
- Add selection of settings for configuration-token auth [[https://github.com/advthreat/iroh/pull/9007][#9007]]
- Support for dedicated url setting for iroh-proxy requests [[https://github.com/advthreat/iroh/pull/8998][#8998]]
- Route for patching module-type documentation [[https://github.com/advthreat/iroh/pull/8981][#8981]]
- Add filtering of notifications using multiple statuses [[https://github.com/advthreat/iroh/pull/8974][#8974]]
- Support for transforming interpolated strings. [[https://github.com/advthreat/iroh/pull/8945][#8945]]
- Construct token url from base-url setting [[https://github.com/advthreat/iroh/pull/8923][#8923]]
- [IROH Proxy] Support for Rubrik and Commvault API services [[https://github.com/advthreat/iroh/pull/8902][#8902]]
- [iroh-proxy] Include POST method for proxy health check [[https://github.com/advthreat/iroh/pull/8878][#8878]]
- Update relay-module schemas for Checkpoint auth [[https://github.com/advthreat/iroh/pull/8875][#8875]]
- [iroh-proxy] Implement Checkpoint Smart-1 authentication [[https://github.com/advthreat/iroh/pull/8873][#8873]]
- Fix schema of proxy health check [[https://github.com/advthreat/iroh/pull/8827][#8827]]
- Add string matching for health check [[https://github.com/advthreat/iroh/pull/8815][#8815]]
- Fallback to iroh-events store when kafka send fails [[https://github.com/advthreat/iroh/pull/8786][#8786]]
- Fix mapping for incident events [[https://github.com/advthreat/iroh/pull/8703][#8703]]
_between 6 month and 7 month old_
- Update iroh-event developer doc [[https://github.com/advthreat/iroh/pull/8596][#8596]]
- Add x-sort header to support search_after pagination [[https://github.com/advthreat/iroh/pull/8586][#8586]]
**** tenzin-config [3]
- Swtich to new sink-connector in INT [[https://github.com/advthreat/tenzin-config/pull/1024][#1024]]
- Add updated sink connector for all envs [[https://github.com/advthreat/tenzin-config/pull/1021][#1021]]
- Add sink connector for new iroh-event datastream [[https://github.com/advthreat/tenzin-config/pull/1019][#1019]]
** auth
*** bartuka [54]
**** iroh [46]
- add ~:content-type :json~ explicitly to clj-http [[https://github.com/advthreat/iroh/pull/9090][#9090]]
- Brownfield Provisioning - make the ~region~ field available for TEST purposes only [[https://github.com/advthreat/iroh/pull/9079][#9079]]
- Improve logs for Brownfield provisioning [[https://github.com/advthreat/iroh/pull/9076][#9076]]
- [IROH Auth] update QA routes for Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/9053][#9053]]
- [IROH Auth] Fix access token brownfield provisioning [[https://github.com/advthreat/iroh/pull/9049][#9049]]
- [IROH Auth] bugfix - accept empty string as entitlement value for universal provisioning [[https://github.com/advthreat/iroh/pull/9021][#9021]]
- [IROH Auth] FMC add re-token proxy request [[https://github.com/advthreat/iroh/pull/9011][#9011]]
- [IROH Auth] fix FMC redirect call to ~/device~ [[https://github.com/advthreat/iroh/pull/8987][#8987]]
- [IROH Auth] fix device verification redirection [[https://github.com/advthreat/iroh/pull/8979][#8979]]
- fix proxy requests to FMC [[https://github.com/advthreat/iroh/pull/8972][#8972]]
- [IROH Auth] FMC OAuth2 and SSE proxies [[https://github.com/advthreat/iroh/pull/8840][#8840]]
- [IROH Auth] Improvements to universal provisioning callback [[https://github.com/advthreat/iroh/pull/8913][#8913]]
- [IROH Auth] bugfix #4: add ~:content-type :json~ to callback request [[https://github.com/advthreat/iroh/pull/8909][#8909]]
- [IROH Auth] fix payload sent to PIAM callback_url after provisioning was complete [[https://github.com/advthreat/iroh/pull/8900][#8900]]
- [IROH Auth] bugfix Universal Provisioning created schema error [[https://github.com/advthreat/iroh/pull/8892][#8892]]
- [IROH Auth] bugfix parsing OKTA JWT scopes [[https://github.com/advthreat/iroh/pull/8880][#8880]]
- [IROH Auth] Brownfield provisioning - endpoint to attach existing tenant to a SBG product [[https://github.com/advthreat/iroh/pull/8806][#8806]]
- [IROH Auth] Support FMC in the ~jwks~ service [[https://github.com/advthreat/iroh/pull/8830][#8830]]
- [IROH Auth] Fix DI onboarding in Universal Provisioning Flow [[https://github.com/advthreat/iroh/pull/8813][#8813]]
- Revert "[IROH Auth] support for FMC token in JWKS Service" [[https://github.com/advthreat/iroh/pull/8816][#8816]]
- [IROH Auth] support for FMC token in JWKS Service [[https://github.com/advthreat/iroh/pull/8808][#8808]]
- [IROH Auth] Check QA ~callback_url~ to complete provisioning tests [[https://github.com/advthreat/iroh/pull/8763][#8763]]
- [IROH Auth] better swagger descriptions for Universal Provisioning [[https://github.com/advthreat/iroh/pull/8752][#8752]]
- [IROH Auth] remove empty strings from ~client-id~ got from Vault [[https://github.com/advthreat/iroh/pull/8760][#8760]]
- [IROH Auth] add missing scope to get OKTA JWT [[https://github.com/advthreat/iroh/pull/8759][#8759]]
- [IROH Auth] add logs to investigate get okta jwt [[https://github.com/advthreat/iroh/pull/8758][#8758]]
- [IROH Auth] bugfix - ~client/post~ should use ~:form-params~ instead of ~:body~ [[https://github.com/advthreat/iroh/pull/8753][#8753]]
- [IROH Auth] bugfixes - arity exception, change ~product-response~ datatype, change ~pmap~ to ~map~ [[https://github.com/advthreat/iroh/pull/8738][#8738]]
- [IROH Auth] bugfix - fix urls in ~POST /tenants~ returned value and payload field names [[https://github.com/advthreat/iroh/pull/8733][#8733]]
- [IROH Auth] Cache OKTA JWT used for provisioning callback [[https://github.com/advthreat/iroh/pull/8727][#8727]]
- [IROH Auth] Improvements on logs and error handling to UniversalProvisioning and JWKSService [[https://github.com/advthreat/iroh/pull/8707][#8707]]
- [IROH Auth] Duplicate ~universal-provisioning~ web routes to accept IROH JWTs [[https://github.com/advthreat/iroh/pull/8675][#8675]]
- [IROH Auth] Expose ~callbacks packages~ store to check Universal Provisioning status [[https://github.com/advthreat/iroh/pull/8702][#8702]]
- [IROH Auth] Improve 202 Accepted response for ~/universal-provisioning/create-tenants~ [[https://github.com/advthreat/iroh/pull/8701][#8701]]
- [IROH Auth] Fix name convention to callbacks route in Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/8691][#8691]]
_between 6 month and 7 month old_
- [IROH Auth] Gen OKTA JWT to callback request in Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/8673][#8673]]
- bugfix - missing ~UniversalProvisioningCallbackService~ to deploy IROH nodes [[https://github.com/advthreat/iroh/pull/8680][#8680]]
- [IROH Auth] Check pending provisions from time-to-time. Endpoint that will be called by OPS tick [[https://github.com/advthreat/iroh/pull/8674][#8674]]
- [IROH Auth] Add callback handler to receive provisioning status from downstream apps [[https://github.com/advthreat/iroh/pull/8633][#8633]]
- [IROH Auth] Add support to UserIdentity JWTs in ~JWKSService~ [[https://github.com/advthreat/iroh/pull/8647][#8647]]
- [IROH Auth] Bugfix in JWKSService logic [[https://github.com/advthreat/iroh/pull/8659][#8659]]
- [IROH Auth] update docs for Universal Provisioning work [[https://github.com/advthreat/iroh/pull/8640][#8640]]
- [IROH Auth] Simplify IROH Web Core by leveraging ~JWKSService~ for all webservices [[https://github.com/advthreat/iroh/pull/8632][#8632]]
- [IROH Auth] Add structure to keep track of onboardings to support async flow in Universal Provisioning [[https://github.com/advthreat/iroh/pull/8599][#8599]]
- [IROH Auth] Add support to accept IROH Auth JWTs and External JWTs in a WebService [[https://github.com/advthreat/iroh/pull/8528][#8528]]
- [IROH Auth] bump ~ring-jwt-middleware~ to ~1.1.5~ [[https://github.com/advthreat/iroh/pull/8568][#8568]]
**** tenzin-config [8]
- add fmc client id for each env [[https://github.com/advthreat/tenzin-config/pull/1065][#1065]]
- fix url for device verification [[https://github.com/advthreat/tenzin-config/pull/1058][#1058]]
- Add FMC Proxy configuration [[https://github.com/advthreat/tenzin-config/pull/1056][#1056]]
- fix okta links [[https://github.com/advthreat/tenzin-config/pull/1043][#1043]]
- FMC base-urls to configure JWKS [[https://github.com/advthreat/tenzin-config/pull/1040][#1040]]
- [IROH Auth] bugfix - add config to okta jwks [[https://github.com/advthreat/tenzin-config/pull/1017][#1017]]
- [IROH Auth] add OKTA config for Universal Provisioning flow #1010 [[https://github.com/advthreat/tenzin-config/pull/1013][#1013]]
_between 6 month and 7 month old_
- add universal_provisioning_callbacks store [[https://github.com/advthreat/tenzin-config/pull/1011][#1011]]
*** Yann Esposito [118]
**** iroh [51]
- Scopes by app [[https://github.com/advthreat/iroh/pull/9247][#9247]]
- Disable SSE Proxy for XDR orgs [[https://github.com/advthreat/iroh/pull/9280][#9280]]
- improve Client credentials error message to help debug [[https://github.com/advthreat/iroh/pull/9213][#9213]]
- Attempt to provide a body to the onboarding with mustache [[https://github.com/advthreat/iroh/pull/9151][#9151]]
- provisioning API for Org apps [[https://github.com/advthreat/iroh/pull/9195][#9195]]
- Revert "add admin-ui to the gh-pages (#9222)" [[https://github.com/advthreat/iroh/pull/9223][#9223]]
- add admin-ui to the gh-pages [[https://github.com/advthreat/iroh/pull/9222][#9222]]
- Add sc-enabled? flag to profile API views [[https://github.com/advthreat/iroh/pull/9192][#9192]]
- [PIAM Brownfield Provisioning]: Provide a way to update link tenants [[https://github.com/advthreat/iroh/pull/9186][#9186]]
- Add apps field to Orgs [[https://github.com/advthreat/iroh/pull/9175][#9175]]
- improve response when PIAM returns an error [[https://github.com/advthreat/iroh/pull/9183][#9183]]
- fix flaky test invite-test paging [[https://github.com/advthreat/iroh/pull/9182][#9182]]
- Support aero configurations [[https://github.com/advthreat/iroh/pull/9170][#9170]]
- Fix invites pagination [[https://github.com/advthreat/iroh/pull/9138][#9138]]
- Support FMC returning Bearer instead of bearer [[https://github.com/advthreat/iroh/pull/9126][#9126]]
- composable jwks test helper [[https://github.com/advthreat/iroh/pull/9120][#9120]]
- Sync user-name during SCSO login [[https://github.com/advthreat/iroh/pull/9117][#9117]]
- Another IPv6 in URL fix [[https://github.com/advthreat/iroh/pull/9084][#9084]]
- Support IPv6 in URL for inspect service [[https://github.com/advthreat/iroh/pull/9083][#9083]]
- Update of the login doc [[https://github.com/advthreat/iroh/pull/9067][#9067]]
- optimize search user given a list of ids [[https://github.com/advthreat/iroh/pull/9018][#9018]]
- Fix link tenant bug [[https://github.com/advthreat/iroh/pull/8975][#8975]]
- Upgrade Org to XDR on first entitlement update. [[https://github.com/advthreat/iroh/pull/8881][#8881]]
- [IROH-Auth]: Auth Code Grant Client that do not generate any refresh token [[https://github.com/advthreat/iroh/pull/8927][#8927]]
- Specialize TAC routes access [[https://github.com/advthreat/iroh/pull/8884][#8884]]
- Remove legacy restriction of AO scopes [[https://github.com/advthreat/iroh/pull/8890][#8890]]
- Update deps to accept JWT without nbf claim [[https://github.com/advthreat/iroh/pull/8872][#8872]]
- New endpoint to ease impersonation usage [[https://github.com/advthreat/iroh/pull/8855][#8855]]
- Fix PIAM Universal Provisioning routes [[https://github.com/advthreat/iroh/pull/8828][#8828]]
- Should fix open impersonate flaky test [[https://github.com/advthreat/iroh/pull/8809][#8809]]
- Keep track of impersonators [[https://github.com/advthreat/iroh/pull/8736][#8736]]
- Restrict TAC routes to admins [[https://github.com/advthreat/iroh/pull/8794][#8794]]
- Remove with-tk [[https://github.com/advthreat/iroh/pull/8779][#8779]]
- Code/Test Improvements [[https://github.com/advthreat/iroh/pull/8767][#8767]]
- add a test for matching schema [[https://github.com/advthreat/iroh/pull/8770][#8770]]
- Custom Role Design doc [[https://github.com/advthreat/iroh/pull/8497][#8497]]
- Attempt to improve error message of match? [[https://github.com/advthreat/iroh/pull/8769][#8769]]
- Use ~cid~ for ~trace_id~ when present [[https://github.com/advthreat/iroh/pull/8754][#8754]]
- Support public client for custom routes [[https://github.com/advthreat/iroh/pull/8749][#8749]]
- Add playbook scope [[https://github.com/advthreat/iroh/pull/8739][#8739]]
- Fix webhook race condition risk [[https://github.com/advthreat/iroh/pull/8728][#8728]]
- Call get-org only once for org-virtual user [[https://github.com/advthreat/iroh/pull/8724][#8724]]
- Use a cache for entitlement summaries [[https://github.com/advthreat/iroh/pull/8667][#8667]]
- upgrade jetty version [[https://github.com/advthreat/iroh/pull/8714][#8714]]
- Remove a forgotten pretty printer [[https://github.com/advthreat/iroh/pull/8713][#8713]]
_between 6 month and 7 month old_
- Fast Event Notifier dispatch using event-type [[https://github.com/advthreat/iroh/pull/8650][#8650]]
- Fix DI onboarding [[https://github.com/advthreat/iroh/pull/8657][#8657]]
- Generalize default indexes for data retention [[https://github.com/advthreat/iroh/pull/8598][#8598]]
- [Data Retention Policy]: Delete incident summaries along incident [[https://github.com/advthreat/iroh/pull/8576][#8576]]
- [Provisioning] Introduce ~product-instance-id~ [[https://github.com/advthreat/iroh/pull/8577][#8577]]
- Simply wait a lot more for ES to sync [[https://github.com/advthreat/iroh/pull/8553][#8553]]
**** iroh-scripts [36]
- ai onboarding
- fix a bug with trust client
- fix resend-invite
- script to remove flags
- fix a bug in create-super-org
- relink scc script
- prevent id collision
- cleaned-up get-org response
- Added add-flag script here
- CSE client and better patch
- resend-invite
- add SXP riles prod clients
- improve client manipulations
- Updated scripts
- use include
- use local clojure
- Added a better alias for sxo clients
- SXO rules
- added ai client with script
- Fix
- A few new scripts
- Super client should be part of XDR orgs
- Super org should have the XDR flag
- Add admin user
- updated and added scripts
- save and improve client aliases
- save improvements
- create dashboard clients
- Support client aliases in get-client
- Update client with client-aliases
- many new scripts
_between 6 month and 7 month old_
- added a 1-time script
- Add trusted to get-client
- Improve search and error messages
- Prepare TG to SCSO org migration
- add scope to a client
**** oauth2-client-demo [3]
- pin packages
- reuse authorized url
- added Meraki client to the list
**** ring-jwt-middleware [3]
- Version 1.1.7-SNAPSHOT
- Version 1.1.6
- Support missing nbf JWT [[https://github.com/advthreat/ring-jwt-middleware/pull/30][#30]]
**** scopula [6]
- Version 0.3.3-SNAPSHOT
- Version 0.3.2
- real cljs support
- Version 0.3.2-SNAPSHOT
- Version 0.3.1
- support cljs
**** tenzin-config [14]
- Add applications URL in iroh conf [[https://github.com/advthreat/tenzin-config/pull/1146][#1146]]
- Add AI Assistant automatic onboarding during Provisioning [[https://github.com/advthreat/tenzin-config/pull/1142][#1142]]
- add iroh gh-pages to allowed login origin [[https://github.com/advthreat/tenzin-config/pull/1123][#1123]]
- New SCA env for TEST/STAGING [[https://github.com/advthreat/tenzin-config/pull/1114][#1114]]
- configure automatio rules clients to not be rate limited [[https://github.com/advthreat/tenzin-config/pull/1111][#1111]]
- interpolation improvements [[https://github.com/advthreat/tenzin-config/pull/1112][#1112]]
- Add support for interpolation and self ref [[https://github.com/advthreat/tenzin-config/pull/1110][#1110]]
- Remove rate-limit for another SXO client on INT [[https://github.com/advthreat/tenzin-config/pull/1087][#1087]]
- Disable rate-limit SXO client for rules [[https://github.com/advthreat/tenzin-config/pull/1084][#1084]]
- Double threads dedicated for VirusTotal http calls [[https://github.com/advthreat/tenzin-config/pull/1051][#1051]]
- fix vault tpl transformations and checks [[https://github.com/advthreat/tenzin-config/pull/1041][#1041]]
- Remove rate-limit for automation [[https://github.com/advthreat/tenzin-config/pull/1044][#1044]]
- Check vault templating error [[https://github.com/advthreat/tenzin-config/pull/1023][#1023]]
- Add Universal Provisioning Services [[https://github.com/advthreat/tenzin-config/pull/1015][#1015]]
**** xdr-provisioning [5]
- added a few useful script + ai onboarding support
- improved re-onboarding script
- use local clojure
- Manage entitlements add-ons
- add a re-provisioning script that rerun onboardings
*** Olivier Barbeau [47]
**** iroh [31]
- Add number of incidents to each technique in the Mitre matrix [[https://github.com/advthreat/iroh/pull/9157][#9157]]
- Fix events and incidents ES stores for DEV [[https://github.com/advthreat/iroh/pull/9154][#9154]]
- E8851: XDR Native & detections [[https://github.com/advthreat/iroh/pull/9122][#9122]]
- E8851: Design of changes for XDR native detections [[https://github.com/advthreat/iroh/pull/9110][#9110]]
- E8851: Product ordering in the coverage of techniques [[https://github.com/advthreat/iroh/pull/9100][#9100]]
- E8851: Product ordering and SCA renaming [[https://github.com/advthreat/iroh/pull/9086][#9086]]
- E8851: Add Org's integrations to the Mitre matrix [[https://github.com/advthreat/iroh/pull/8993][#8993]]
- E8851: Sorting of Mitre elements [[https://github.com/advthreat/iroh/pull/8992][#8992]]
- E8851: Static matrix common to all Orgs [[https://github.com/advthreat/iroh/pull/8939][#8939]]
- E8851: Talos MITRE coverage files import [[https://github.com/advthreat/iroh/pull/8876][#8876]]
- Design of the Talos MITRE coverage files import [[https://github.com/advthreat/iroh/pull/8856][#8856]]
- 'iroh' node type and default services for all node types [[https://github.com/advthreat/iroh/pull/8817][#8817]]
- Check the list of services for a node type [[https://github.com/advthreat/iroh/pull/8800][#8800]]
- Fix merge error on PR 8784 [[https://github.com/advthreat/iroh/pull/8797][#8797]]
- [IROH configuration]: Move role-web-service config to default tk files [[https://github.com/advthreat/iroh/pull/8782][#8782]]
- [IROH configuration]: Universal Provisioning Services config refactor [[https://github.com/advthreat/iroh/pull/8784][#8784]]
- [IROH configuration]: explicit name for generated conf and meta [[https://github.com/advthreat/iroh/pull/8785][#8785]]
- Clean bootstrap.cfg; remove tmp file [[https://github.com/advthreat/iroh/pull/8781][#8781]]
- Add few additional tests to iroh services [[https://github.com/advthreat/iroh/pull/8762][#8762]]
- rewrite tests [[https://github.com/advthreat/iroh/pull/8773][#8773]]
- more info for debugging [[https://github.com/advthreat/iroh/pull/8717][#8717]]
- [IROH configuration]: general documentation [[https://github.com/advthreat/iroh/pull/8764][#8764]]
- update developer doc for api-gateway [[https://github.com/advthreat/iroh/pull/8723][#8723]]
- Some test clean-up [[https://github.com/advthreat/iroh/pull/8716][#8716]]
_between 6 month and 7 month old_
- High volume of SQL queries for a single observe/deliberate call [[https://github.com/advthreat/iroh/pull/8682][#8682]]
- Remove the state of module instances in ~obfuscate-module-instance~ [[https://github.com/advthreat/iroh/pull/8670][#8670]]
- E8388: update proxy-endpoints-metadata endpoint and metadata [[https://github.com/advthreat/iroh/pull/8663][#8663]]
- E8388: update x-proxy endpoint and IntService ACL filters [[https://github.com/advthreat/iroh/pull/8608][#8608]]
- E8388 : Simplifies upgrade/downgrade tests [[https://github.com/advthreat/iroh/pull/8635][#8635]]
- Implement ~Module Instance service~ event handler [[https://github.com/advthreat/iroh/pull/8592][#8592]]
- Updates to the design 'entitlement changes for integration modules' [[https://github.com/advthreat/iroh/pull/8541][#8541]]
**** tenzin-config [16]
- add XDR native module types for PROD [[https://github.com/advthreat/tenzin-config/pull/1115][#1115]]
- add SCA module-type-id for XDR Native on TEST [temp UI fix] [[https://github.com/advthreat/tenzin-config/pull/1109][#1109]]
- add SCA module-type-id for XDR Native [temp UI fix] [[https://github.com/advthreat/tenzin-config/pull/1108][#1108]]
- Mitre: Add detections for XDR Native [[https://github.com/advthreat/tenzin-config/pull/1098][#1098]]
- product ordering and SCA renaming [[https://github.com/advthreat/tenzin-config/pull/1079][#1079]]
- Config for Mitre covering products [[https://github.com/advthreat/tenzin-config/pull/1072][#1072]]
- Deep merge for vectors and sets with duplicates check [[https://github.com/advthreat/tenzin-config/pull/1032][#1032]]
- Reduce configuration duplicates - config.edn part [[https://github.com/advthreat/tenzin-config/pull/1031][#1031]]
- Reduce configuration duplicates - bootstrap.cfg part [[https://github.com/advthreat/tenzin-config/pull/1028][#1028]]
- Move role-web-service config to IROH [[https://github.com/advthreat/tenzin-config/pull/1026][#1026]]
- Move Universal Provisioning Services config to IROH [[https://github.com/advthreat/tenzin-config/pull/1027][#1027]]
- Clean bootstrap cfg [[https://github.com/advthreat/tenzin-config/pull/1025][#1025]]
- Remove the ~:registration~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/963][#963]]
- Remove the ~:merge-users-by-email~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/962][#962]]
- Remove the ~:account-activation-optim~ flag in all environments as it is now activated everywhere. [[https://github.com/advthreat/tenzin-config/pull/961][#961]]
- Remove the ~xdr-roles~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/964][#964]]
*** (Yogsototh) [52]
**** iroh-scripts [36]
- ai onboarding
- fix a bug with trust client
- fix resend-invite
- script to remove flags
- fix a bug in create-super-org
- relink scc script
- prevent id collision
- cleaned-up get-org response
- Added add-flag script here
- CSE client and better patch
- resend-invite
- add SXP riles prod clients
- improve client manipulations
- Updated scripts
- use include
- use local clojure
- Added a better alias for sxo clients
- SXO rules
- added ai client with script
- Fix
- A few new scripts
- Super client should be part of XDR orgs
- Super org should have the XDR flag
- Add admin user
- updated and added scripts
- save and improve client aliases
- save improvements
- create dashboard clients
- Support client aliases in get-client
- Update client with client-aliases
- many new scripts
_between 6 month and 7 month old_
- added a 1-time script
- Add trusted to get-client
- Improve search and error messages
- Prepare TG to SCSO org migration
- add scope to a client
**** oauth2-client-demo [3]
- pin packages
- reuse authorized url
- added Meraki client to the list
**** ring-jwt-middleware [2]
- Version 1.1.7-SNAPSHOT
- Version 1.1.6
**** scopula [6]
- Version 0.3.3-SNAPSHOT
- Version 0.3.2
- real cljs support
- Version 0.3.2-SNAPSHOT
- Version 0.3.1
- support cljs
**** xdr-provisioning [5]
- added a few useful script + ai onboarding support
- improved re-onboarding script
- use local clojure
- Manage entitlements add-ons
- add a re-provisioning script that rerun onboardings
** iroh-ops
*** Jerome Schneider [1]
**** tenzin-config [1]
- IROH migrate to new MSK SASL/SCRAM cluster!
*** Patrick Patat [1]
**** tenzin-config [1]
- refactor ops config with new ref system [[https://github.com/advthreat/tenzin-config/pull/1113][#1113]]
* Other
** Other
*** Robert Levy [7]
**** iroh [6]
- Inherit properties from type in hierarchical modules [[https://github.com/advthreat/iroh/pull/9042][#9042]]
- Format hierarchical modules invalid-parent-id error with context and error type [[https://github.com/advthreat/iroh/pull/8901][#8901]]
- Update hardcoded source in Secure Endpoint module [[https://github.com/advthreat/iroh/pull/8874][#8874]]
- Expose pagination & search functionality in notifications api [[https://github.com/advthreat/iroh/pull/8803][#8803]]
- Fix bug in hierarchical module logic producing empty settings/settings_effective map [[https://github.com/advthreat/iroh/pull/8745][#8745]]
- Issue 8158 hierarchical module [[https://github.com/advthreat/iroh/pull/8469][#8469]]
**** tenzin-config [1]
_between 6 month and 7 month old_
- Revert "Adds cache configuration for CrowdStrike (#1002)" [[https://github.com/advthreat/tenzin-config/pull/1005][#1005]]
*** Eric Gierach [4]
**** iroh [1]
- update iroh-engine to 0.16.5 [[https://github.com/advthreat/iroh/pull/9291][#9291]]
**** tenzin-config [3]
- removing duplicate entry [[https://github.com/advthreat/tenzin-config/pull/1078][#1078]]
- Swap stg and test configs for reporting. [[https://github.com/advthreat/tenzin-config/pull/1077][#1077]]
- Disabling reporting until Ops gets the infra set up. [[https://github.com/advthreat/tenzin-config/pull/1075][#1075]]
*** II [21]
**** iroh [17]
- Xdr 1281 Adds user agent to Umbrella requests [[https://github.com/advthreat/iroh/pull/9292][#9292]]
- Keeps Kondo from being run on dev start [[https://github.com/advthreat/iroh/pull/9220][#9220]]
- Xdr 1282 Adds new Umbrella service to default services [[https://github.com/advthreat/iroh/pull/9214][#9214]]
- Xdr 1282 add v 2 token cache to umbrella integration [[https://github.com/advthreat/iroh/pull/9208][#9208]]
- XDR-1411 Fixes inconsistent v1 v2 refer [[https://github.com/advthreat/iroh/pull/9197][#9197]]
- 9074 remove settings effective [[https://github.com/advthreat/iroh/pull/9075][#9075]]
- 8990 umbrella investigate v2 [[https://github.com/advthreat/iroh/pull/9030][#9030]]
- 8958 Adds Missing Umbrella v2 Sightings [[https://github.com/advthreat/iroh/pull/8960][#8960]]
- 8498 fix token cache [[https://github.com/advthreat/iroh/pull/8911][#8911]]
- 8798 create migration to add parents to existing microsoft defender modules [[https://github.com/advthreat/iroh/pull/8870][#8870]]
- Throws exception in parent validation on non-existent parent [[https://github.com/advthreat/iroh/pull/8850][#8850]]
- Merges module type props on create and update health check [[https://github.com/advthreat/iroh/pull/8845][#8845]]
- Implements v2 threat hunting [[https://github.com/advthreat/iroh/pull/8833][#8833]]
- This should fix issue with parent settings not used on create-patch [[https://github.com/advthreat/iroh/pull/8822][#8822]]
_between 6 month and 7 month old_
- Adds insights scope to allowed Automation scopes in gen-ao-jwt [[https://github.com/advthreat/iroh/pull/8678][#8678]]
- 8496 token cache fix [[https://github.com/advthreat/iroh/pull/8637][#8637]]
- 8496 - relay module token cache [[https://github.com/advthreat/iroh/pull/8580][#8580]]
**** tenzin-config [4]
- Disables Umbrella module auto load so service does it [[https://github.com/advthreat/tenzin-config/pull/1120][#1120]]
- Enables Umbrella token caches [[https://github.com/advthreat/tenzin-config/pull/1119][#1119]]
_between 6 month and 7 month old_
- Revert "Revert "Adds cache configuration for CrowdStrike (#1002)" (#1005)" [[https://github.com/advthreat/tenzin-config/pull/1008][#1008]]
- Adds cache configuration for CrowdStrike [[https://github.com/advthreat/tenzin-config/pull/1002][#1002]]
*** Devin Walters [8]
**** tenzin-config [8]
- Configure s3-http-client connection pool size for PROD environments [[https://github.com/advthreat/tenzin-config/pull/1105][#1105]]
- Turn on reporting pipeline in TEST [[https://github.com/advthreat/tenzin-config/pull/1097][#1097]]
- Up hikari pool size in INT for conure [[https://github.com/advthreat/tenzin-config/pull/1095][#1095]]
- Configure incident import bucket per PROD env for iroh and iroh-async [[https://github.com/advthreat/tenzin-config/pull/1092][#1092]]
- Configure incident pipeline [[https://github.com/advthreat/tenzin-config/pull/1091][#1091]]
- Fix bucket name [[https://github.com/advthreat/tenzin-config/pull/1083][#1083]]
- Match s3 bucket key [[https://github.com/advthreat/tenzin-config/pull/1082][#1082]]
- Add INT and TEST enrichment bucket names to relevant configs [[https://github.com/advthreat/tenzin-config/pull/1057][#1057]]
*** Mia [7]
**** iroh [7]
- new engine version [[https://github.com/advthreat/iroh/pull/9273][#9273]]
- Xdr 1918 no old assets [[https://github.com/advthreat/iroh/pull/9267][#9267]]
- create permanent logs to unobtrusively monitor bundle import results [[https://github.com/advthreat/iroh/pull/9242][#9242]]
- New iroh event docs [[https://github.com/advthreat/iroh/pull/9181][#9181]]
- iroh-engine 0.16.2 [[https://github.com/advthreat/iroh/pull/9125][#9125]]
- Engine 0.16.1 [[https://github.com/advthreat/iroh/pull/9116][#9116]]
- Engine 0.16.0 [[https://github.com/advthreat/iroh/pull/8997][#8997]]
*** Martin Bruchanov [3]
**** tenzin-config [3]
- XDRSRE-1158: Enabling ElasticSearch authentication for CTIA/PCTIA [[https://github.com/advthreat/tenzin-config/pull/1141][#1141]]
- XDRSRE-1150: Retention enforcement authentication INT [[https://github.com/advthreat/tenzin-config/pull/1132][#1132]]
- XDRSRE-64: Authentication for public CTIA in INT [[https://github.com/advthreat/tenzin-config/pull/1081][#1081]]
*** James Moser [1]
**** tenzin-config [1]
- added QA domain to idps email domain whitelists [[https://github.com/advthreat/tenzin-config/pull/1085][#1085]]
*** [21]
**** iroh [17]
- Xdr 1281 Adds user agent to Umbrella requests [[https://github.com/advthreat/iroh/pull/9292][#9292]]
- Keeps Kondo from being run on dev start [[https://github.com/advthreat/iroh/pull/9220][#9220]]
- Xdr 1282 Adds new Umbrella service to default services [[https://github.com/advthreat/iroh/pull/9214][#9214]]
- Xdr 1282 add v 2 token cache to umbrella integration [[https://github.com/advthreat/iroh/pull/9208][#9208]]
- XDR-1411 Fixes inconsistent v1 v2 refer [[https://github.com/advthreat/iroh/pull/9197][#9197]]
- 9074 remove settings effective [[https://github.com/advthreat/iroh/pull/9075][#9075]]
- 8990 umbrella investigate v2 [[https://github.com/advthreat/iroh/pull/9030][#9030]]
- 8958 Adds Missing Umbrella v2 Sightings [[https://github.com/advthreat/iroh/pull/8960][#8960]]
- 8498 fix token cache [[https://github.com/advthreat/iroh/pull/8911][#8911]]
- 8798 create migration to add parents to existing microsoft defender modules [[https://github.com/advthreat/iroh/pull/8870][#8870]]
- Throws exception in parent validation on non-existent parent [[https://github.com/advthreat/iroh/pull/8850][#8850]]
- Merges module type props on create and update health check [[https://github.com/advthreat/iroh/pull/8845][#8845]]
- Implements v2 threat hunting [[https://github.com/advthreat/iroh/pull/8833][#8833]]
- This should fix issue with parent settings not used on create-patch [[https://github.com/advthreat/iroh/pull/8822][#8822]]
_between 6 month and 7 month old_
- Adds insights scope to allowed Automation scopes in gen-ao-jwt [[https://github.com/advthreat/iroh/pull/8678][#8678]]
- 8496 token cache fix [[https://github.com/advthreat/iroh/pull/8637][#8637]]
- 8496 - relay module token cache [[https://github.com/advthreat/iroh/pull/8580][#8580]]
**** tenzin-config [4]
- Disables Umbrella module auto load so service does it [[https://github.com/advthreat/tenzin-config/pull/1120][#1120]]
- Enables Umbrella token caches [[https://github.com/advthreat/tenzin-config/pull/1119][#1119]]
_between 6 month and 7 month old_
- Revert "Revert "Adds cache configuration for CrowdStrike (#1002)" (#1005)" [[https://github.com/advthreat/tenzin-config/pull/1008][#1008]]
- Adds cache configuration for CrowdStrike [[https://github.com/advthreat/tenzin-config/pull/1002][#1002]]
*** Martin Bruchanov [1]
**** iroh [1]
- XDR-1344: Final version of deletion script used for PROD change [[https://github.com/advthreat/iroh/pull/9174][#9174]]
*** Ruslan Yemelianov [2]
**** tenzin-config [2]
- Revert "enable ES auth private-ctia INT"
- enable ES auth private-ctia INT
*** Andrew Parisi [2]
**** tenzin-config [2]
- [data-retention/update-iroh-internal-for-prod] [[https://github.com/advthreat/tenzin-config/pull/1018][#1018]]
_between 6 month and 7 month old_
- [data-retention/update-entitlement-route-information] [[https://github.com/advthreat/tenzin-config/pull/1004][#1004]]
*** Scott McLeod [7]
**** iroh [6]
- Notification service timestamp filter [[https://github.com/advthreat/iroh/pull/9252][#9252]]
- Tk store half bounded intervals [[https://github.com/advthreat/iroh/pull/9158][#9158]]
- Extend tk search with range queries [[https://github.com/advthreat/iroh/pull/8912][#8912]]
- Resolves postgres driver sql-injection vulnerability #9091 [[https://github.com/advthreat/iroh/pull/9092][#9092]]
- Implement searching risk scores by score [[https://github.com/advthreat/iroh/pull/8907][#8907]]
- tk store: Add delete-search method #8213 [[https://github.com/advthreat/iroh/pull/8692][#8692]]
**** tenzin-config [1]
- Increase ReportService batch size to ES maximum [[https://github.com/advthreat/tenzin-config/pull/1055][#1055]]
*** Sam Waggoner [3]
**** tenzin-config [3]
- Increase ctia.http.bulk.max-size in INT
- Configure hydrant to use internal ES metrics api.
- hydrant/912 add clean hashes importer.
*** t2sw [2]
**** ctia [1]
_between 6 month and 7 month old_
- Update CODEOWNERS [[https://github.com/threatgrid/ctia/pull/1390][#1390]]
**** iroh [1]
- add health endpoint to tac portal and update tests [[https://github.com/advthreat/iroh/pull/9002][#9002]]
*** Brooke Swanson [24]
**** ctia [2]
- XDR-1769: bump CTIM to 1.3.17. [[https://github.com/threatgrid/ctia/pull/1422][#1422]]
- Add brookeswanson to codeowners. [[https://github.com/threatgrid/ctia/pull/1396][#1396]]
**** iroh [8]
- Maintain behavior for existing events, but also notify s3 if an incid… [[https://github.com/advthreat/iroh/pull/9172][#9172]]
- XDR-1769: bump CTIM to 1.3.17. [[https://github.com/advthreat/iroh/pull/9226][#9226]]
- Reformat bucket path [[https://github.com/advthreat/iroh/pull/9102][#9102]]
- Save to s3 on bundle import. [[https://github.com/advthreat/iroh/pull/8977][#8977]]
- Replace CTIA Crud with Conure Calls [[https://github.com/advthreat/iroh/pull/8924][#8924]]
- Limit risk score [[https://github.com/advthreat/iroh/pull/8906][#8906]]
- Set Limits around observe targets call [[https://github.com/advthreat/iroh/pull/8910][#8910]]
- Add no-doc true and prevent explosion due to mismatched types. [[https://github.com/advthreat/iroh/pull/8548][#8548]]
**** tenzin-config [14]
- Failure to configure correct url. [[https://github.com/advthreat/tenzin-config/pull/1100][#1100]]
- These were flipped in TEST and we would like to test reports. [[https://github.com/advthreat/tenzin-config/pull/1094][#1094]]
- One more time see if the report tab will work. [[https://github.com/advthreat/tenzin-config/pull/1088][#1088]]
- Toggle report feature until Infrastructure is stable. [[https://github.com/advthreat/tenzin-config/pull/1086][#1086]]
- update config. [[https://github.com/advthreat/tenzin-config/pull/1080][#1080]]
- Report in test. [[https://github.com/advthreat/tenzin-config/pull/1076][#1076]]
- conure -> base-url. [[https://github.com/advthreat/tenzin-config/pull/1073][#1073]]
- Temporary flip this to not spam logs. [[https://github.com/advthreat/tenzin-config/pull/1069][#1069]]
- Output buckets. [[https://github.com/advthreat/tenzin-config/pull/1068][#1068]]
- Distributor and Conure configs. [[https://github.com/advthreat/tenzin-config/pull/1067][#1067]]
- Add base-url for incident export (and incident report). [[https://github.com/advthreat/tenzin-config/pull/1064][#1064]]
- Add playbook to conure configs. [[https://github.com/advthreat/tenzin-config/pull/1060][#1060]]
- Add ouath2 config for all regions. [[https://github.com/advthreat/tenzin-config/pull/1020][#1020]]
- Playbook automation config. [[https://github.com/advthreat/tenzin-config/pull/1037][#1037]]
*** Yurii Ivanisenko [1]
**** tenzin-config [1]
- tactical-portal moved to vercel [[https://github.com/advthreat/tenzin-config/pull/1022][#1022]]
*** James Brock [1]
**** easy-purescript-nix [1]
- purs: 0.15.10 -> 0.15.15
*** ryemelia [9]
**** tenzin-config [9]
- XDRSRE-1370: Enable ES auth for staging-ctia service [[https://github.com/advthreat/tenzin-config/pull/1147][#1147]]
- XDRSRE-1370: Enable ES auth for ctia and private-ctia [[https://github.com/advthreat/tenzin-config/pull/1145][#1145]]
- XDRSRE-1155: Enable ES auth iroh/iroh-async all envs [[https://github.com/advthreat/tenzin-config/pull/1137][#1137]]
- XDRSRE-1150: [TEST] Enable ES auth iroh/iroh-async [[https://github.com/advthreat/tenzin-config/pull/1128][#1128]]
- Enable ES auth private-ctia TEST [[https://github.com/advthreat/tenzin-config/pull/1126][#1126]]
- Enable es auth CTIA test [[https://github.com/advthreat/tenzin-config/pull/1127][#1127]]
- fix kafka connector ES AUTH for INT [[https://github.com/advthreat/tenzin-config/pull/1129][#1129]]
- Enable ES auth private-ctia INT [[https://github.com/advthreat/tenzin-config/pull/1125][#1125]]
- XDRSRE-1273: [INT] Enable ES auth for iroh iroh-async [[https://github.com/advthreat/tenzin-config/pull/1124][#1124]]

717
reports/latest-weekly.html
View file

@ -4,8 +4,8 @@
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="dcterms.date" content="2023-06-16" />
<title>Code Weekly Report 24</title>
<meta name="dcterms.date" content="2024-03-12" />
<title>Code Weekly Report 10</title>
<style>
html {
line-height: 1.5;
@ -180,9 +180,9 @@
</head>
<body>
<header id="title-block-header">
<h1 class="title">Code Weekly Report 24</h1>
<h1 class="title">Code Weekly Report 10</h1>
<p class="subtitle">logs goes 2 weeks back</p>
<p class="date">2023-06-16</p>
<p class="date">2024-03-12</p>
</header>
<nav id="TOC" role="doc-toc">
<ul>
@ -192,151 +192,103 @@
<ul>
<li><a href="#guillaume-buisson-1">Guillaume Buisson [1]</a>
<ul>
<li><a href="#iroh-1">iroh [1]</a></li>
<li><a href="#ctia-1">ctia [1]</a></li>
</ul></li>
</ul></li>
<li><a href="#data">data</a>
<ul>
<li><a href="#mario-aquino-4">Mario Aquino [4]</a>
<ul>
<li><a href="#iroh-4">iroh [4]</a></li>
</ul></li>
<li><a href="#guillaume-erétéo-2">Guillaume Erétéo [2]</a>
<li><a href="#mario-aquino-2">Mario Aquino [2]</a>
<ul>
<li><a href="#iroh-2">iroh [2]</a></li>
</ul></li>
<li><a href="#ambrose-bonnaire-sergeant-1">Ambrose Bonnaire-Sergeant
[1]</a>
<li><a href="#guillaume-erétéo-11">Guillaume Erétéo [11]</a>
<ul>
<li><a href="#ctia-1">ctia [1]</a></li>
<li><a href="#ctia-3">ctia [3]</a></li>
<li><a href="#iroh-6">iroh [6]</a></li>
<li><a href="#tenzin-config-2">tenzin-config [2]</a></li>
</ul></li>
<li><a href="#ambrose-bonnaire-sergeant-2">Ambrose Bonnaire-Sergeant
[2]</a>
<ul>
<li><a href="#iroh-2-1">iroh [2]</a></li>
</ul></li>
</ul></li>
<li><a href="#integrations">integrations</a>
<ul>
<li><a href="#matthieu-sprunck-2">Matthieu Sprunck [2]</a>
<li><a href="#section">[0]</a></li>
<li><a href="#kirill-chernyshov-6">Kirill Chernyshov [6]</a>
<ul>
<li><a href="#tenzin-config-2">tenzin-config [2]</a></li>
<li><a href="#iroh-5">iroh [5]</a></li>
<li><a href="#tenzin-config-1">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#kirill-chernyshov-8">Kirill Chernyshov [8]</a>
<li><a href="#shafiq-7">Shafiq [7]</a>
<ul>
<li><a href="#iroh-3">iroh [3]</a></li>
<li><a href="#tenzin-config-5">tenzin-config [5]</a></li>
</ul></li>
<li><a href="#shafiq-1">Shafiq [1]</a>
<ul>
<li><a href="#iroh-1-1">iroh [1]</a></li>
<li><a href="#iroh-7">iroh [7]</a></li>
</ul></li>
</ul></li>
<li><a href="#auth">auth</a>
<ul>
<li><a href="#bartuka-1">bartuka [1]</a>
<li><a href="#bartuka-4">bartuka [4]</a>
<ul>
<li><a href="#iroh-1-2">iroh [1]</a></li>
<li><a href="#iroh-3">iroh [3]</a></li>
<li><a href="#tenzin-config-1-1">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#yann-esposito-16">Yann Esposito [16]</a>
<li><a href="#yann-esposito-4">Yann Esposito [4]</a>
<ul>
<li><a href="#iroh-4-1">iroh [4]</a></li>
<li><a href="#ring-jwt-middleware-3">ring-jwt-middleware [3]</a></li>
<li><a href="#tenzin-config-9">tenzin-config [9]</a></li>
<li><a href="#iroh-2-2">iroh [2]</a></li>
<li><a href="#iroh-scripts-1">iroh-scripts [1]</a></li>
<li><a href="#xdr-provisioning-1">xdr-provisioning [1]</a></li>
</ul></li>
<li><a href="#olivier-barbeau-7">Olivier Barbeau [7]</a>
<li><a href="#section-1">[0]</a></li>
<li><a href="#yogsototh-2">(Yogsototh) [2]</a>
<ul>
<li><a href="#iroh-7">iroh [7]</a></li>
</ul></li>
<li><a href="#yogsototh-3">(Yogsototh) [3]</a>
<ul>
<li><a href="#ring-jwt-middleware-3-1">ring-jwt-middleware [3]</a></li>
<li><a href="#iroh-scripts-1-1">iroh-scripts [1]</a></li>
<li><a href="#xdr-provisioning-1-1">xdr-provisioning [1]</a></li>
</ul></li>
</ul></li>
<li><a href="#iroh-ops">iroh-ops</a>
<ul>
<li><a href="#jerome-schneider-1">Jerome Schneider [1]</a>
<ul>
<li><a href="#tenzin-1">tenzin [1]</a></li>
</ul></li>
<li><a href="#patrick-patat-1">Patrick Patat [1]</a>
<ul>
<li><a href="#iroh-ops-1">iroh-ops [1]</a></li>
</ul></li>
<li><a href="#patrick-patat-1-1">Patrick Patat [1]</a>
<ul>
<li><a href="#iroh-ops-1-1">iroh-ops [1]</a></li>
</ul></li>
<li><a href="#section-2">[0]</a></li>
<li><a href="#section-3">[0]</a></li>
<li><a href="#section-4">[0]</a></li>
<li><a href="#section-5">[0]</a></li>
</ul></li>
</ul></li>
<li><a href="#other">Other</a>
<ul>
<li><a href="#other-1">Other</a>
<ul>
<li><a href="#robert-levy-2">Robert Levy [2]</a>
<li><a href="#robert-levy-1">Robert Levy [1]</a>
<ul>
<li><a href="#iroh-1-3">iroh [1]</a></li>
<li><a href="#tenzin-config-1">tenzin-config [1]</a></li>
<li><a href="#iroh-1">iroh [1]</a></li>
</ul></li>
<li><a href="#devin-walters-2">Devin Walters [2]</a>
<ul>
<li><a href="#tenzin-config-2-1">tenzin-config [2]</a></li>
</ul></li>
<li><a href="#mia-3">Mia [3]</a>
<ul>
<li><a href="#iroh-1-4">iroh [1]</a></li>
<li><a href="#iroh-engine-2">iroh-engine [2]</a></li>
</ul></li>
<li><a href="#scott-mcleod-1">Scott McLeod [1]</a>
<ul>
<li><a href="#tenzin-config-1-1">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#krishna-ganugapenta-4">krishna Ganugapenta [4]</a>
<ul>
<li><a href="#tenzin-4">tenzin [4]</a></li>
</ul></li>
<li><a href="#milehrer-2">milehrer [2]</a>
<ul>
<li><a href="#iroh-engine-2-1">iroh-engine [2]</a></li>
</ul></li>
<li><a href="#martin-bruchanov-2">Martin Bruchanov [2]</a>
<ul>
<li><a href="#tenzin-2">tenzin [2]</a></li>
</ul></li>
<li><a href="#kirill-chernyshov-1">Kirill Chernyshov [1]</a>
<li><a href="#eric-gierach-1">Eric Gierach [1]</a>
<ul>
<li><a href="#tenzin-config-1-2">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#john-jardine-2">John Jardine [2]</a>
<li><a href="#ii-2">II [2]</a>
<ul>
<li><a href="#tenzin-2-1">tenzin [2]</a></li>
<li><a href="#iroh-2-3">iroh [2]</a></li>
</ul></li>
<li><a href="#sofiia-mykytiuk-9">Sofiia Mykytiuk [9]</a>
<li><a href="#section-6">[2]</a>
<ul>
<li><a href="#tenzin-9">tenzin [9]</a></li>
<li><a href="#iroh-2-4">iroh [2]</a></li>
</ul></li>
<li><a href="#muhammad-xdr-ops-4">muhammad-xdr-ops [4]</a>
<li><a href="#sam-waggoner-1">Sam Waggoner [1]</a>
<ul>
<li><a href="#tenzin-4-1">tenzin [4]</a></li>
<li><a href="#tenzin-config-1-3">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#dmytro-budko-5">Dmytro Budko [5]</a>
<li><a href="#t2sw-1">t2sw [1]</a>
<ul>
<li><a href="#tenzin-5">tenzin [5]</a></li>
<li><a href="#iroh-1-1">iroh [1]</a></li>
</ul></li>
<li><a href="#scott-mcleod-1-1">Scott McLeod [1]</a>
<li><a href="#brooke-swanson-5">Brooke Swanson [5]</a>
<ul>
<li><a href="#iroh-1-5">iroh [1]</a></li>
<li><a href="#tenzin-config-5">tenzin-config [5]</a></li>
</ul></li>
<li><a href="#rekha-gupta-2">Rekha Gupta [2]</a>
<li><a href="#james-brock-1">James Brock [1]</a>
<ul>
<li><a href="#tenzin-config-2-2">tenzin-config [2]</a></li>
</ul></li>
<li><a href="#jerome-schneider-1-1">Jerome Schneider [1]</a>
<ul>
<li><a href="#tenzin-1-1">tenzin [1]</a></li>
</ul></li>
<li><a href="#yurii-ivanisenko-2">Yurii Ivanisenko [2]</a>
<ul>
<li><a href="#tenzin-2-2">tenzin [2]</a></li>
</ul></li>
<li><a href="#gayan-jayasundara-2">Gayan Jayasundara [2]</a>
<ul>
<li><a href="#tenzin-2-3">tenzin [2]</a></li>
<li><a href="#easy-purescript-nix-1">easy-purescript-nix [1]</a></li>
</ul></li>
</ul></li>
</ul></li>
@ -345,430 +297,299 @@
<h1 id="iroh">IROH</h1>
<h2 id="lead">lead</h2>
<h3 id="guillaume-buisson-1">Guillaume Buisson [1]</h3>
<h4 id="iroh-1">iroh [1]</h4>
<ul>
<li>Initial XDR Incident Manager Response 1.1 Draft Spec <a
href="https://github.com/advthreat/iroh/pull/7847">#7847</a></li>
</ul>
<h2 id="data">data</h2>
<h3 id="mario-aquino-4">Mario Aquino [4]</h3>
<h4 id="iroh-4">iroh [4]</h4>
<ul>
<li>Fix flaky test <a
href="https://github.com/advthreat/iroh/pull/7971">#7971</a></li>
<li>Partition and batch threat hunt observables <a
href="https://github.com/advthreat/iroh/pull/7958">#7958</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>Establish a task timeout option for async work <a
href="https://github.com/advthreat/iroh/pull/7948">#7948</a></li>
<li>Issue 7823/incident summary mapping <a
href="https://github.com/advthreat/iroh/pull/7907">#7907</a></li>
</ul>
</blockquote>
<h3 id="guillaume-erétéo-2">Guillaume Erétéo [2]</h3>
<h4 id="iroh-2">iroh [2]</h4>
<ul>
<li>Update risk-score.md <a
href="https://github.com/advthreat/iroh/pull/7974">#7974</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>adding org mode for calculating data volume <a
href="https://github.com/advthreat/iroh/pull/7941">#7941</a></li>
</ul>
</blockquote>
<h3 id="ambrose-bonnaire-sergeant-1">Ambrose Bonnaire-Sergeant [1]</h3>
<h4 id="ctia-1">ctia [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>Disable /metric/average route for irrelevant entities <a
href="https://github.com/advthreat/ctia/pull/1372">#1372</a></li>
<li>[Tue Feb 27 11:10:21 2024 +0100] Filter out some infrastructure
details from Error API Responses <a
href="https://github.com/advthreat/ctia/pull/1412">#1412</a></li>
</ul>
</blockquote>
<h2 id="data">data</h2>
<h3 id="mario-aquino-2">Mario Aquino [2]</h3>
<h4 id="iroh-2">iroh [2]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Tue Feb 27 12:09:26 2024 -0600] Carmine &amp; Timbre upgrade v2 <a
href="https://github.com/advthreat/iroh/pull/9005">#9005</a></li>
<li>[Tue Feb 27 11:40:01 2024 -0600] Loosen Risk Score Incident
validation <a
href="https://github.com/advthreat/iroh/pull/9013">#9013</a></li>
</ul>
</blockquote>
<h3 id="guillaume-erétéo-11">Guillaume Erétéo [11]</h3>
<h4 id="ctia-3">ctia [3]</h4>
<ul>
<li>[Mon Mar 11 11:11:26 2024 +0100] ctim 1.3.15 <a
href="https://github.com/advthreat/ctia/pull/1415">#1415</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Fri Mar 1 12:51:13 2024 +0100] silent this too noisy log <a
href="https://github.com/advthreat/ctia/pull/1414">#1414</a></li>
<li>[Wed Feb 28 11:27:13 2024 +0100] ctim-1.3.14 <a
href="https://github.com/advthreat/ctia/pull/1413">#1413</a></li>
</ul>
</blockquote>
<h4 id="iroh-6">iroh [6]</h4>
<ul>
<li>[Mon Mar 11 17:59:02 2024 +0100] Add admin maintenance route to load
MITRE stix <a
href="https://github.com/advthreat/iroh/pull/8967">#8967</a></li>
<li>[Mon Mar 11 11:11:38 2024 +0100] ctim 1.3.15 <a
href="https://github.com/advthreat/iroh/pull/9068">#9068</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Mon Mar 4 15:32:25 2024 +0100] limit walk entities to the necessary
exports <a
href="https://github.com/advthreat/iroh/pull/9039">#9039</a></li>
<li>[Wed Feb 28 11:27:18 2024 +0100] ctim 1.3.14 <a
href="https://github.com/advthreat/iroh/pull/9016">#9016</a></li>
<li>[Tue Feb 27 16:26:14 2024 +0100] Dump ES metrics telemetry events <a
href="https://github.com/advthreat/iroh/pull/8999">#8999</a></li>
<li>[Tue Feb 27 15:38:10 2024 +0100] script to clean SE false positive
incidents and sightings <a
href="https://github.com/advthreat/iroh/pull/8846">#8846</a></li>
</ul>
</blockquote>
<h4 id="tenzin-config-2">tenzin-config [2]</h4>
<ul>
<li>[Wed Mar 6 14:56:11 2024 +0100] configure / tune private intel proxy
cm <a
href="https://github.com/advthreat/tenzin-config/pull/1074">#1074</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Mon Mar 4 13:12:02 2024 +0100] increase bundle-batch-size <a
href="https://github.com/advthreat/tenzin-config/pull/1071">#1071</a></li>
</ul>
</blockquote>
<h3 id="ambrose-bonnaire-sergeant-2">Ambrose Bonnaire-Sergeant [2]</h3>
<h4 id="iroh-2-1">iroh [2]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Thu Feb 29 15:08:33 2024 -0600] Restrict possible values for
updated asset properties <a
href="https://github.com/advthreat/iroh/pull/9022">#9022</a></li>
<li>[Tue Feb 27 12:57:41 2024 -0600] Don't forward response headers from
CTIA to IROH <a
href="https://github.com/advthreat/iroh/pull/9014">#9014</a></li>
</ul>
</blockquote>
<h2 id="integrations">integrations</h2>
<h3 id="matthieu-sprunck-2">Matthieu Sprunck [2]</h3>
<h4 id="tenzin-config-2">tenzin-config [2]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<h3 id="section">[0]</h3>
<h3 id="kirill-chernyshov-6">Kirill Chernyshov [6]</h3>
<h4 id="iroh-5">iroh [5]</h4>
<ul>
<li>Share the same module configurations in iroh and iroh-async in PROD
<a
href="https://github.com/advthreat/tenzin-config/pull/905">#905</a></li>
<li>Disable HTTP Proxy in IROH proxy (PROD)<a
href="https://github.com/advthreat/tenzin-config/pull/903">#903</a></li>
</ul>
</blockquote>
<h3 id="kirill-chernyshov-8">Kirill Chernyshov [8]</h3>
<h4 id="iroh-3">iroh [3]</h4>
<ul>
<li>Remove try/catch for better error handling <a
href="https://github.com/advthreat/iroh/pull/7980">#7980</a></li>
<li>Fix NullPointerException <a
href="https://github.com/advthreat/iroh/pull/7961">#7961</a></li>
<li>[Mon Mar 11 16:06:53 2024 +0100] Upgrade clojure 1.11.1 -&gt; 1.11.2
<a href="https://github.com/advthreat/iroh/pull/9072">#9072</a></li>
<li>[Mon Mar 11 15:49:06 2024 +0100] Remove maintenance notification
type <a
href="https://github.com/advthreat/iroh/pull/9069">#9069</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>Use event id for the key of kafka record <a
href="https://github.com/advthreat/iroh/pull/7923">#7923</a></li>
</ul>
</blockquote>
<h4 id="tenzin-config-5">tenzin-config [5]</h4>
<ul>
<li>Enable KafkaServices on INT <a
href="https://github.com/advthreat/tenzin-config/pull/921">#921</a></li>
<li>Disable KafkaServices once again <a
href="https://github.com/advthreat/tenzin-config/pull/918">#918</a></li>
<li>Enable Kafka related services on INT <a
href="https://github.com/advthreat/tenzin-config/pull/916">#916</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>Temporary disable services <a
href="https://github.com/advthreat/tenzin-config/pull/914">#914</a></li>
<li>Set SSL kafka security protocol on INT <a
href="https://github.com/advthreat/tenzin-config/pull/912">#912</a></li>
</ul>
</blockquote>
<h3 id="shafiq-1">Shafiq [1]</h3>
<h4 id="iroh-1-1">iroh [1]</h4>
<ul>
<li>Creating iroh-events datastream should succeed even if it exists
already <a
href="https://github.com/advthreat/iroh/pull/7959">#7959</a></li>
</ul>
<h2 id="auth">auth</h2>
<h3 id="bartuka-1">bartuka [1]</h3>
<h4 id="iroh-1-2">iroh [1]</h4>
<ul>
<li>[IROH Auth] RBAC JWT Revocation on <code>role</code> change <a
href="https://github.com/advthreat/iroh/pull/7875">#7875</a></li>
</ul>
<h3 id="yann-esposito-16">Yann Esposito [16]</h3>
<h4 id="iroh-4-1">iroh [4]</h4>
<ul>
<li>Upgrade SX to XDR org via provisioning <a
href="https://github.com/advthreat/iroh/pull/7981">#7981</a></li>
<li>feature-flag scopes are considered as special <a
href="https://github.com/advthreat/iroh/pull/7985">#7985</a></li>
<li>fix local dev environment to be able to start locally without docker
<a href="https://github.com/advthreat/iroh/pull/7944">#7944</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>Use org to display the roles as expected <a
href="https://github.com/advthreat/iroh/pull/7952">#7952</a></li>
</ul>
</blockquote>
<h4 id="ring-jwt-middleware-3">ring-jwt-middleware [3]</h4>
<ul>
<li>Version 1.1.4-SNAPSHOT</li>
<li>Version 1.1.3</li>
<li>Support external error via is-revoked-fn</li>
</ul>
<h4 id="tenzin-config-9">tenzin-config [9]</h4>
<ul>
<li>Enable XDR roles in PROD <a
href="https://github.com/advthreat/tenzin-config/pull/919">#919</a></li>
<li>factorize PROD <a
href="https://github.com/advthreat/tenzin-config/pull/917">#917</a></li>
<li>Add role-web-service config everywhere <a
href="https://github.com/advthreat/tenzin-config/pull/911">#911</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>Canonicalize the configs (#913) <a
href="https://github.com/advthreat/tenzin-config/pull/915">#915</a></li>
<li>Canonicalize the configs <a
href="https://github.com/advthreat/tenzin-config/pull/913">#913</a></li>
<li>Add missing role-web-service everywhere <a
href="https://github.com/advthreat/tenzin-config/pull/910">#910</a></li>
<li>Gen configs git pre-commit hook <a
href="https://github.com/advthreat/tenzin-config/pull/908">#908</a></li>
<li>Factorisation iroh/iroh-async confs <a
href="https://github.com/advthreat/tenzin-config/pull/904">#904</a></li>
<li>Tree config structures to prevent config duplication. <a
href="https://github.com/advthreat/tenzin-config/pull/901">#901</a></li>
</ul>
</blockquote>
<h3 id="olivier-barbeau-7">Olivier Barbeau [7]</h3>
<h4 id="iroh-7">iroh [7]</h4>
<ul>
<li>Upgrade Babashka <a
href="https://github.com/advthreat/iroh/pull/7967">#7967</a></li>
<li>add missing exclusions for uberjar <a
href="https://github.com/advthreat/iroh/pull/7963">#7963</a></li>
<li>fix bug when Org has no entitlement <a
href="https://github.com/advthreat/iroh/pull/7956">#7956</a></li>
<li>[IROH configuration]: Generate service diagram <a
href="https://github.com/advthreat/iroh/pull/7872">#7872</a></li>
<li>GH pages updates <a
href="https://github.com/advthreat/iroh/pull/7960">#7960</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>fix alias arguments <a
href="https://github.com/advthreat/iroh/pull/7954">#7954</a></li>
<li>Issue 7930 GitHub pages styling <a
href="https://github.com/advthreat/iroh/pull/7932">#7932</a></li>
</ul>
</blockquote>
<h3 id="yogsototh-3">(Yogsototh) [3]</h3>
<h4 id="ring-jwt-middleware-3-1">ring-jwt-middleware [3]</h4>
<ul>
<li>Version 1.1.4-SNAPSHOT</li>
<li>Version 1.1.3</li>
<li>Support external error via is-revoked-fn</li>
</ul>
<h2 id="iroh-ops">iroh-ops</h2>
<h3 id="jerome-schneider-1">Jerome Schneider [1]</h3>
<h4 id="tenzin-1">tenzin [1]</h4>
<ul>
<li>Kafka Connect: fixed cluster conf and use our own cacerts file</li>
</ul>
<h3 id="patrick-patat-1">Patrick Patat [1]</h3>
<h4 id="iroh-ops-1">iroh-ops [1]</h4>
<ul>
<li>Merge pull request #75 from advthreat/squid</li>
</ul>
<h3 id="patrick-patat-1-1">Patrick Patat [1]</h3>
<h4 id="iroh-ops-1-1">iroh-ops [1]</h4>
<ul>
<li>add squid server for vector in public subnet</li>
</ul>
<h1 id="other">Other</h1>
<h2 id="other-1">Other</h2>
<h3 id="robert-levy-2">Robert Levy [2]</h3>
<h4 id="iroh-1-3">iroh [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>user and team mean time tiles <a
href="https://github.com/advthreat/iroh/pull/7873">#7873</a></li>
<li>[Thu Feb 29 18:38:25 2024 +0100] 8933 e8811 create
notificationindeliveryservice persistence only <a
href="https://github.com/advthreat/iroh/pull/9025">#9025</a></li>
<li>[Wed Feb 28 08:42:32 2024 -0800] "In App" -&gt; "In-App" <a
href="https://github.com/advthreat/iroh/pull/9020">#9020</a></li>
<li>[Tue Feb 27 08:26:32 2024 -0800] Add correct :name and :description
to notification type meta <a
href="https://github.com/advthreat/iroh/pull/9012">#9012</a></li>
</ul>
</blockquote>
<h4 id="tenzin-config-1">tenzin-config [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>add migration for iroh issue #7819 to TEST and PROD environments <a
href="https://github.com/advthreat/tenzin-config/pull/902">#902</a></li>
<li>[Fri Mar 1 02:16:05 2024 -0800] Add new kafka topics for IROH
notifications <a
href="https://github.com/advthreat/tenzin-config/pull/1070">#1070</a></li>
</ul>
</blockquote>
<h3 id="devin-walters-2">Devin Walters [2]</h3>
<h4 id="tenzin-config-2-1">tenzin-config [2]</h4>
<h3 id="shafiq-7">Shafiq [7]</h3>
<h4 id="iroh-7">iroh [7]</h4>
<ul>
<li>Add config.edn for other conure-distributor environments <a
href="https://github.com/advthreat/tenzin-config/pull/920">#920</a></li>
<li>[Mon Mar 11 14:31:53 2024 +0100] Data retention cleanup of
notification services <a
href="https://github.com/advthreat/iroh/pull/9064">#9064</a></li>
<li>[Thu Mar 7 09:44:42 2024 +0100] Apply data retention policy on
iroh-notifications <a
href="https://github.com/advthreat/iroh/pull/9054">#9054</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>Reduce conure-distributor worker count <a
href="https://github.com/advthreat/tenzin-config/pull/906">#906</a></li>
<li>[Mon Mar 4 18:19:59 2024 +0100] Add <code>:remote</code> type in
configuration spec fields <a
href="https://github.com/advthreat/iroh/pull/9046">#9046</a></li>
<li>[Fri Mar 1 14:05:52 2024 +0100] Refactor proxy-health-check <a
href="https://github.com/advthreat/iroh/pull/9033">#9033</a></li>
<li>[Thu Feb 29 17:24:20 2024 +0100] Update proxy-health-check logging
<a href="https://github.com/advthreat/iroh/pull/9028">#9028</a></li>
<li>[Thu Feb 29 13:26:40 2024 +0100] Update proxy health check logging
<a href="https://github.com/advthreat/iroh/pull/9024">#9024</a></li>
<li>[Thu Feb 29 10:50:00 2024 +0100] Perform relay-api request based on
observable-types <a
href="https://github.com/advthreat/iroh/pull/9017">#9017</a></li>
</ul>
</blockquote>
<h3 id="mia-3">Mia [3]</h3>
<h4 id="iroh-1-4">iroh [1]</h4>
<h2 id="auth">auth</h2>
<h3 id="bartuka-4">bartuka [4]</h3>
<h4 id="iroh-3">iroh [3]</h4>
<ul>
<li>Snapshot for risk score <a
href="https://github.com/advthreat/iroh/pull/7964">#7964</a></li>
<li>[Wed Mar 6 05:32:37 2024 -0300] [IROH Auth] update QA routes for
Universal Provisioning flow <a
href="https://github.com/advthreat/iroh/pull/9053">#9053</a></li>
<li>[Tue Mar 5 12:57:32 2024 -0300] [IROH Auth] Fix access token
brownfield provisioning <a
href="https://github.com/advthreat/iroh/pull/9049">#9049</a></li>
</ul>
<h4 id="iroh-engine-2">iroh-engine [2]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>Merge pull request #1394 from advthreat/v0.15.6-rc</li>
<li>Merge pull request #1393 from advthreat/save-asset-snapshot</li>
<li>[Thu Feb 29 06:01:22 2024 -0300] [IROH Auth] bugfix - accept empty
string as entitlement value for universal provisioning <a
href="https://github.com/advthreat/iroh/pull/9021">#9021</a></li>
</ul>
</blockquote>
<h3 id="scott-mcleod-1">Scott McLeod [1]</h3>
<h4 id="tenzin-config-1-1">tenzin-config [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>Config changes supporting IROH PR #7934 <a
href="https://github.com/advthreat/tenzin-config/pull/899">#899</a></li>
<li>[Tue Feb 27 12:16:08 2024 -0300] add fmc client id for each env <a
href="https://github.com/advthreat/tenzin-config/pull/1065">#1065</a></li>
</ul>
</blockquote>
<h3 id="krishna-ganugapenta-4">krishna Ganugapenta [4]</h3>
<h4 id="tenzin-4">tenzin [4]</h4>
<h3 id="yann-esposito-4">Yann Esposito [4]</h3>
<h4 id="iroh-2-2">iroh [2]</h4>
<ul>
<li>COnure-distributor PROD ASG modules fix <a
href="https://github.com/advthreat/tenzin/pull/3062">#3062</a></li>
<li>ops<sub>vpncidr</sub> removal from TEST and other backup regions as
ops vpn not present there <a
href="https://github.com/advthreat/tenzin/pull/3061">#3061</a></li>
<li>Conure-distributor setup config for TEST/PROD <a
href="https://github.com/advthreat/tenzin/pull/3049">#3049</a></li>
<li>[Tue Mar 12 07:43:49 2024 +0100] Update of the login doc <a
href="https://github.com/advthreat/iroh/pull/9067">#9067</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>Conure<sub>distributor</sub> terraform modules config updates <a
href="https://github.com/advthreat/tenzin/pull/3027">#3027</a></li>
<li>[Fri Mar 1 15:29:16 2024 +0100] optimize search user given a list of
ids <a href="https://github.com/advthreat/iroh/pull/9018">#9018</a></li>
</ul>
</blockquote>
<h3 id="milehrer-2">milehrer [2]</h3>
<h4 id="iroh-engine-2-1">iroh-engine [2]</h4>
<h4 id="iroh-scripts-1">iroh-scripts [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>prepare for v0.15.6</li>
<li>Remove sightings from asset enrichment response, save snapshot
instead</li>
<li>[Mon Mar 4 18:27:15 2024 +0100] Updated scripts</li>
</ul>
</blockquote>
<h3 id="martin-bruchanov-2">Martin Bruchanov [2]</h3>
<h4 id="tenzin-2">tenzin [2]</h4>
<h4 id="xdr-provisioning-1">xdr-provisioning [1]</h4>
<ul>
<li>Clean-up of the old ES5 deployment code <a
href="https://github.com/advthreat/tenzin/pull/3053">#3053</a></li>
<li>[Fri Mar 8 19:50:36 2024 +0100] improved re-onboarding script</li>
</ul>
<h3 id="section-1">[0]</h3>
<h3 id="yogsototh-2">(Yogsototh) [2]</h3>
<h4 id="iroh-scripts-1-1">iroh-scripts [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>Fix for consul registration of ops-openvpn service <a
href="https://github.com/advthreat/tenzin/pull/2968">#2968</a></li>
<li>[Mon Mar 4 18:27:15 2024 +0100] Updated scripts</li>
</ul>
</blockquote>
<h3 id="kirill-chernyshov-1">Kirill Chernyshov [1]</h3>
<h4 id="xdr-provisioning-1-1">xdr-provisioning [1]</h4>
<ul>
<li>[Fri Mar 8 19:50:36 2024 +0100] improved re-onboarding script</li>
</ul>
<h2 id="iroh-ops">iroh-ops</h2>
<h3 id="section-2">[0]</h3>
<h3 id="section-3">[0]</h3>
<h3 id="section-4">[0]</h3>
<h3 id="section-5">[0]</h3>
<h1 id="other">Other</h1>
<h2 id="other-1">Other</h2>
<h3 id="robert-levy-1">Robert Levy [1]</h3>
<h4 id="iroh-1">iroh [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Mon Mar 4 17:01:03 2024 -0800] Inherit properties from type in
hierarchical modules <a
href="https://github.com/advthreat/iroh/pull/9042">#9042</a></li>
</ul>
</blockquote>
<h3 id="eric-gierach-1">Eric Gierach [1]</h3>
<h4 id="tenzin-config-1-2">tenzin-config [1]</h4>
<ul>
<li>[Wed Mar 6 14:41:09 2024 -0600] Disabling reporting until Ops gets
the infra set up. <a
href="https://github.com/advthreat/tenzin-config/pull/1075">#1075</a></li>
</ul>
<h3 id="ii-2">II [2]</h3>
<h4 id="iroh-2-3">iroh [2]</h4>
<ul>
<li>[Mon Mar 11 14:36:08 2024 -0500] 9074 remove settings effective <a
href="https://github.com/advthreat/iroh/pull/9075">#9075</a></li>
<li>[Tue Mar 5 08:08:24 2024 -0600] 8990 umbrella investigate v2 <a
href="https://github.com/advthreat/iroh/pull/9030">#9030</a></li>
</ul>
<h3 id="section-6">[2]</h3>
<h4 id="iroh-2-4">iroh [2]</h4>
<ul>
<li>[Mon Mar 11 14:36:08 2024 -0500] 9074 remove settings effective <a
href="https://github.com/advthreat/iroh/pull/9075">#9075</a></li>
<li>[Tue Mar 5 08:08:24 2024 -0600] 8990 umbrella investigate v2 <a
href="https://github.com/advthreat/iroh/pull/9030">#9030</a></li>
</ul>
<h3 id="sam-waggoner-1">Sam Waggoner [1]</h3>
<h4 id="tenzin-config-1-3">tenzin-config [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>IROH Events migration to Elasticsearch <a
href="https://github.com/advthreat/tenzin-config/pull/909">#909</a></li>
<li>[Thu Feb 29 10:19:20 2024 -0600] hydrant/912 add clean hashes
importer.</li>
</ul>
</blockquote>
<h3 id="john-jardine-2">John Jardine [2]</h3>
<h4 id="tenzin-2-1">tenzin [2]</h4>
<h3 id="t2sw-1">t2sw [1]</h3>
<h4 id="iroh-1-1">iroh [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>Add endpoint generation procedure and update endpoints. <a
href="https://github.com/advthreat/tenzin/pull/3058">#3058</a></li>
<li>SXOPS-792: QA complaining of long queue times for incidents
enrichment <a
href="https://github.com/advthreat/tenzin/pull/3054">#3054</a></li>
<li>[Mon Mar 4 22:22:19 2024 -0800] add health endpoint to tac portal
and update tests <a
href="https://github.com/advthreat/iroh/pull/9002">#9002</a></li>
</ul>
<h3 id="sofiia-mykytiuk-9">Sofiia Mykytiuk [9]</h3>
<h4 id="tenzin-9">tenzin [9]</h4>
</blockquote>
<h3 id="brooke-swanson-5">Brooke Swanson [5]</h3>
<h4 id="tenzin-config-5">tenzin-config [5]</h4>
<ul>
<li>Update ASG for ES metrics in NAM and EU <a
href="https://github.com/advthreat/tenzin/pull/3063">#3063</a></li>
<li>Update vpnator list <a
href="https://github.com/advthreat/tenzin/pull/3050">#3050</a></li>
<li>[Fri Mar 8 12:27:52 2024 -0600] Report in test. <a
href="https://github.com/advthreat/tenzin-config/pull/1076">#1076</a></li>
<li>[Tue Mar 5 09:16:15 2024 -0600] conure -&gt; base-url. <a
href="https://github.com/advthreat/tenzin-config/pull/1073">#1073</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>Remove CSIRT<sub>Investigator</sub> role <a
href="https://github.com/advthreat/tenzin/pull/3045">#3045</a></li>
<li>Policy to allow access to DynamoDB items for ROAdmin <a
href="https://github.com/advthreat/tenzin/pull/3043">#3043</a></li>
<li>Remove jbusboom ssh configs <a
href="https://github.com/advthreat/tenzin/pull/3042">#3042</a></li>
<li>Dmarc record for STAGE <a
href="https://github.com/advthreat/tenzin/pull/3040">#3040</a></li>
<li>Remove ssh access for Michael Simonson <a
href="https://github.com/advthreat/tenzin/pull/3035">#3035</a></li>
<li>Update OPS vpnator list <a
href="https://github.com/advthreat/tenzin/pull/3034">#3034</a></li>
<li>Consul fix for ops vpn <a
href="https://github.com/advthreat/tenzin/pull/3032">#3032</a></li>
<li>[Thu Feb 29 17:26:28 2024 -0600] Temporary flip this to not spam
logs. <a
href="https://github.com/advthreat/tenzin-config/pull/1069">#1069</a></li>
<li>[Thu Feb 29 16:07:03 2024 -0600] Output buckets. <a
href="https://github.com/advthreat/tenzin-config/pull/1068">#1068</a></li>
<li>[Thu Feb 29 15:28:53 2024 -0600] Distributor and Conure configs. <a
href="https://github.com/advthreat/tenzin-config/pull/1067">#1067</a></li>
</ul>
</blockquote>
<h3 id="muhammad-xdr-ops-4">muhammad-xdr-ops [4]</h3>
<h4 id="tenzin-4-1">tenzin [4]</h4>
<h3 id="james-brock-1">James Brock [1]</h3>
<h4 id="easy-purescript-nix-1">easy-purescript-nix [1]</h4>
<ul>
<li>SXOPS-805 - adding CNAMEs for secure-client-forms MFE <a
href="https://github.com/advthreat/tenzin/pull/3065">#3065</a></li>
<li>enabled trendmicro and defender in all prod regions <a
href="https://github.com/advthreat/tenzin/pull/3055">#3055</a></li>
<li>SXOPS-763 - updating integrations version <a
href="https://github.com/advthreat/tenzin/pull/3052">#3052</a></li>
<li>[Mon Mar 11 21:52:49 2024 +0900] purs: 0.15.10 -&gt; 0.15.15</li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>SXOPS-702 removing INT access to PROD S3 bucket <a
href="https://github.com/advthreat/tenzin/pull/3024">#3024</a></li>
</ul>
</blockquote>
<h3 id="dmytro-budko-5">Dmytro Budko [5]</h3>
<h4 id="tenzin-5">tenzin [5]</h4>
<ul>
<li>SXOPS-191 Terraform: Bring INT and Test into sync with AWS <a
href="https://github.com/advthreat/tenzin/pull/3056">#3056</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>SXOPS-766 [PROD] Fix 'docs' related Terraform Delta <a
href="https://github.com/advthreat/tenzin/pull/3046">#3046</a></li>
<li>SXOPS-636 Docs XDR Deployment, Publish and Host <a
href="https://github.com/advthreat/tenzin/pull/3048">#3048</a></li>
<li>SXOPS-636 Docs XDR Deployment, Publish and Host <a
href="https://github.com/advthreat/tenzin/pull/3041">#3041</a></li>
<li>SXOPS-636 Docs XDR Deployment, Publish and Host <a
href="https://github.com/advthreat/tenzin/pull/3016">#3016</a></li>
</ul>
</blockquote>
<h3 id="scott-mcleod-1-1">Scott McLeod [1]</h3>
<h4 id="iroh-1-5">iroh [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>Use filter-map-search directly from CRUDStoreService <a
href="https://github.com/advthreat/iroh/pull/7934">#7934</a></li>
</ul>
</blockquote>
<h3 id="rekha-gupta-2">Rekha Gupta [2]</h3>
<h4 id="tenzin-config-2-2">tenzin-config [2]</h4>
<ul>
<li>fix: to port 4008 because ribbon uses 4007 <a
href="https://github.com/advthreat/tenzin-config/pull/925">#925</a></li>
<li>feat: port for new client management MFE <a
href="https://github.com/advthreat/tenzin-config/pull/924">#924</a></li>
</ul>
<h3 id="jerome-schneider-1-1">Jerome Schneider [1]</h3>
<h4 id="tenzin-1-1">tenzin [1]</h4>
<ul>
<li>SXOPS 801: Kafka connect open port 8083 and use static port in Nomad
<a href="https://github.com/advthreat/tenzin/pull/3059">#3059</a></li>
</ul>
<h3 id="yurii-ivanisenko-2">Yurii Ivanisenko [2]</h3>
<h4 id="tenzin-2-2">tenzin [2]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>connected self-hosted runner <a
href="https://github.com/advthreat/tenzin/pull/3038">#3038</a></li>
<li>added wokeignore file <a
href="https://github.com/advthreat/tenzin/pull/3036">#3036</a></li>
</ul>
</blockquote>
<h3 id="gayan-jayasundara-2">Gayan Jayasundara [2]</h3>
<h4 id="tenzin-2-3">tenzin [2]</h4>
<ul>
<li>Add Adam as codeowner to Tenzin repo <a
href="https://github.com/advthreat/tenzin/pull/3060">#3060</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>SXOPS-472 &amp; SXOPS-498 - Enable sentinelone and crowdstrike in
Production for v1.122 Release <a
href="https://github.com/advthreat/tenzin/pull/3031">#3031</a></li>
</ul>
</blockquote>
</body>
</html>

9
reports/team-report.org Normal file
View file

@ -0,0 +1,9 @@
#+title: Team Report
#+author: Yann Esposito
* IROH
** [2024-05-28 Tue]
#+begin_src bash
#+end_src

595
reports/weekly-10.html Normal file
View file

@ -0,0 +1,595 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="dcterms.date" content="2024-03-12" />
<title>Code Weekly Report 10</title>
<style>
html {
line-height: 1.5;
font-family: Georgia, serif;
font-size: 20px;
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 1em;
}
h1 {
font-size: 1.8em;
}
}
@media print {
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
font-size: 85%;
margin: 0;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
</style>
<style>
body { font-family: monospace; font-size: 14px; line-height: 1.5em; max-width: 60em; margin: 0 auto; padding-top: 0; }
h1,h2,h3,h4 { margin: 0.25em 0; }
header { margin-bottom: 0; }
header h1 { border: none; }
h1 { border-top: solid 10px; border-bottom: solid 10px; margin-bottom: 1em; padding: 0.5em 0; width: 100%; text-align: center;}
h2 { border-top: solid; text-align: center; margin-top: 1em; padding-top: 1em; }
h3 { margin-left: 1em; color: #cb4b16; }
h4 { margin-left: 2em; }
u { display: inline-block; margin-left: 2.75em; opacity: 0.3; }
hr { opacity: 0; }
a { color: #06a;}
ul { margin-left: 3em; }
#TOC ul { margin-left: 0.5em; }
li { clear: both; }
li > a { float: right; }
nav li a { float: none; }
blockquote { opacity: 0.7; }
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">Code Weekly Report 10</h1>
<p class="subtitle">logs goes 2 weeks back</p>
<p class="date">2024-03-12</p>
</header>
<nav id="TOC" role="doc-toc">
<ul>
<li><a href="#iroh">IROH</a>
<ul>
<li><a href="#lead">lead</a>
<ul>
<li><a href="#guillaume-buisson-1">Guillaume Buisson [1]</a>
<ul>
<li><a href="#ctia-1">ctia [1]</a></li>
</ul></li>
</ul></li>
<li><a href="#data">data</a>
<ul>
<li><a href="#mario-aquino-2">Mario Aquino [2]</a>
<ul>
<li><a href="#iroh-2">iroh [2]</a></li>
</ul></li>
<li><a href="#guillaume-erétéo-11">Guillaume Erétéo [11]</a>
<ul>
<li><a href="#ctia-3">ctia [3]</a></li>
<li><a href="#iroh-6">iroh [6]</a></li>
<li><a href="#tenzin-config-2">tenzin-config [2]</a></li>
</ul></li>
<li><a href="#ambrose-bonnaire-sergeant-2">Ambrose Bonnaire-Sergeant
[2]</a>
<ul>
<li><a href="#iroh-2-1">iroh [2]</a></li>
</ul></li>
</ul></li>
<li><a href="#integrations">integrations</a>
<ul>
<li><a href="#section">[0]</a></li>
<li><a href="#kirill-chernyshov-6">Kirill Chernyshov [6]</a>
<ul>
<li><a href="#iroh-5">iroh [5]</a></li>
<li><a href="#tenzin-config-1">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#shafiq-7">Shafiq [7]</a>
<ul>
<li><a href="#iroh-7">iroh [7]</a></li>
</ul></li>
</ul></li>
<li><a href="#auth">auth</a>
<ul>
<li><a href="#bartuka-4">bartuka [4]</a>
<ul>
<li><a href="#iroh-3">iroh [3]</a></li>
<li><a href="#tenzin-config-1-1">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#yann-esposito-4">Yann Esposito [4]</a>
<ul>
<li><a href="#iroh-2-2">iroh [2]</a></li>
<li><a href="#iroh-scripts-1">iroh-scripts [1]</a></li>
<li><a href="#xdr-provisioning-1">xdr-provisioning [1]</a></li>
</ul></li>
<li><a href="#section-1">[0]</a></li>
<li><a href="#yogsototh-2">(Yogsototh) [2]</a>
<ul>
<li><a href="#iroh-scripts-1-1">iroh-scripts [1]</a></li>
<li><a href="#xdr-provisioning-1-1">xdr-provisioning [1]</a></li>
</ul></li>
</ul></li>
<li><a href="#iroh-ops">iroh-ops</a>
<ul>
<li><a href="#section-2">[0]</a></li>
<li><a href="#section-3">[0]</a></li>
<li><a href="#section-4">[0]</a></li>
<li><a href="#section-5">[0]</a></li>
</ul></li>
</ul></li>
<li><a href="#other">Other</a>
<ul>
<li><a href="#other-1">Other</a>
<ul>
<li><a href="#robert-levy-1">Robert Levy [1]</a>
<ul>
<li><a href="#iroh-1">iroh [1]</a></li>
</ul></li>
<li><a href="#eric-gierach-1">Eric Gierach [1]</a>
<ul>
<li><a href="#tenzin-config-1-2">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#ii-2">II [2]</a>
<ul>
<li><a href="#iroh-2-3">iroh [2]</a></li>
</ul></li>
<li><a href="#section-6">[2]</a>
<ul>
<li><a href="#iroh-2-4">iroh [2]</a></li>
</ul></li>
<li><a href="#sam-waggoner-1">Sam Waggoner [1]</a>
<ul>
<li><a href="#tenzin-config-1-3">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#t2sw-1">t2sw [1]</a>
<ul>
<li><a href="#iroh-1-1">iroh [1]</a></li>
</ul></li>
<li><a href="#brooke-swanson-5">Brooke Swanson [5]</a>
<ul>
<li><a href="#tenzin-config-5">tenzin-config [5]</a></li>
</ul></li>
<li><a href="#james-brock-1">James Brock [1]</a>
<ul>
<li><a href="#easy-purescript-nix-1">easy-purescript-nix [1]</a></li>
</ul></li>
</ul></li>
</ul></li>
</ul>
</nav>
<h1 id="iroh">IROH</h1>
<h2 id="lead">lead</h2>
<h3 id="guillaume-buisson-1">Guillaume Buisson [1]</h3>
<h4 id="ctia-1">ctia [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Tue Feb 27 11:10:21 2024 +0100] Filter out some infrastructure
details from Error API Responses <a
href="https://github.com/advthreat/ctia/pull/1412">#1412</a></li>
</ul>
</blockquote>
<h2 id="data">data</h2>
<h3 id="mario-aquino-2">Mario Aquino [2]</h3>
<h4 id="iroh-2">iroh [2]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Tue Feb 27 12:09:26 2024 -0600] Carmine &amp; Timbre upgrade v2 <a
href="https://github.com/advthreat/iroh/pull/9005">#9005</a></li>
<li>[Tue Feb 27 11:40:01 2024 -0600] Loosen Risk Score Incident
validation <a
href="https://github.com/advthreat/iroh/pull/9013">#9013</a></li>
</ul>
</blockquote>
<h3 id="guillaume-erétéo-11">Guillaume Erétéo [11]</h3>
<h4 id="ctia-3">ctia [3]</h4>
<ul>
<li>[Mon Mar 11 11:11:26 2024 +0100] ctim 1.3.15 <a
href="https://github.com/advthreat/ctia/pull/1415">#1415</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Fri Mar 1 12:51:13 2024 +0100] silent this too noisy log <a
href="https://github.com/advthreat/ctia/pull/1414">#1414</a></li>
<li>[Wed Feb 28 11:27:13 2024 +0100] ctim-1.3.14 <a
href="https://github.com/advthreat/ctia/pull/1413">#1413</a></li>
</ul>
</blockquote>
<h4 id="iroh-6">iroh [6]</h4>
<ul>
<li>[Mon Mar 11 17:59:02 2024 +0100] Add admin maintenance route to load
MITRE stix <a
href="https://github.com/advthreat/iroh/pull/8967">#8967</a></li>
<li>[Mon Mar 11 11:11:38 2024 +0100] ctim 1.3.15 <a
href="https://github.com/advthreat/iroh/pull/9068">#9068</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Mon Mar 4 15:32:25 2024 +0100] limit walk entities to the necessary
exports <a
href="https://github.com/advthreat/iroh/pull/9039">#9039</a></li>
<li>[Wed Feb 28 11:27:18 2024 +0100] ctim 1.3.14 <a
href="https://github.com/advthreat/iroh/pull/9016">#9016</a></li>
<li>[Tue Feb 27 16:26:14 2024 +0100] Dump ES metrics telemetry events <a
href="https://github.com/advthreat/iroh/pull/8999">#8999</a></li>
<li>[Tue Feb 27 15:38:10 2024 +0100] script to clean SE false positive
incidents and sightings <a
href="https://github.com/advthreat/iroh/pull/8846">#8846</a></li>
</ul>
</blockquote>
<h4 id="tenzin-config-2">tenzin-config [2]</h4>
<ul>
<li>[Wed Mar 6 14:56:11 2024 +0100] configure / tune private intel proxy
cm <a
href="https://github.com/advthreat/tenzin-config/pull/1074">#1074</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Mon Mar 4 13:12:02 2024 +0100] increase bundle-batch-size <a
href="https://github.com/advthreat/tenzin-config/pull/1071">#1071</a></li>
</ul>
</blockquote>
<h3 id="ambrose-bonnaire-sergeant-2">Ambrose Bonnaire-Sergeant [2]</h3>
<h4 id="iroh-2-1">iroh [2]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Thu Feb 29 15:08:33 2024 -0600] Restrict possible values for
updated asset properties <a
href="https://github.com/advthreat/iroh/pull/9022">#9022</a></li>
<li>[Tue Feb 27 12:57:41 2024 -0600] Don't forward response headers from
CTIA to IROH <a
href="https://github.com/advthreat/iroh/pull/9014">#9014</a></li>
</ul>
</blockquote>
<h2 id="integrations">integrations</h2>
<h3 id="section">[0]</h3>
<h3 id="kirill-chernyshov-6">Kirill Chernyshov [6]</h3>
<h4 id="iroh-5">iroh [5]</h4>
<ul>
<li>[Mon Mar 11 16:06:53 2024 +0100] Upgrade clojure 1.11.1 -&gt; 1.11.2
<a href="https://github.com/advthreat/iroh/pull/9072">#9072</a></li>
<li>[Mon Mar 11 15:49:06 2024 +0100] Remove maintenance notification
type <a
href="https://github.com/advthreat/iroh/pull/9069">#9069</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Thu Feb 29 18:38:25 2024 +0100] 8933 e8811 create
notificationindeliveryservice persistence only <a
href="https://github.com/advthreat/iroh/pull/9025">#9025</a></li>
<li>[Wed Feb 28 08:42:32 2024 -0800] "In App" -&gt; "In-App" <a
href="https://github.com/advthreat/iroh/pull/9020">#9020</a></li>
<li>[Tue Feb 27 08:26:32 2024 -0800] Add correct :name and :description
to notification type meta <a
href="https://github.com/advthreat/iroh/pull/9012">#9012</a></li>
</ul>
</blockquote>
<h4 id="tenzin-config-1">tenzin-config [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Fri Mar 1 02:16:05 2024 -0800] Add new kafka topics for IROH
notifications <a
href="https://github.com/advthreat/tenzin-config/pull/1070">#1070</a></li>
</ul>
</blockquote>
<h3 id="shafiq-7">Shafiq [7]</h3>
<h4 id="iroh-7">iroh [7]</h4>
<ul>
<li>[Mon Mar 11 14:31:53 2024 +0100] Data retention cleanup of
notification services <a
href="https://github.com/advthreat/iroh/pull/9064">#9064</a></li>
<li>[Thu Mar 7 09:44:42 2024 +0100] Apply data retention policy on
iroh-notifications <a
href="https://github.com/advthreat/iroh/pull/9054">#9054</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Mon Mar 4 18:19:59 2024 +0100] Add <code>:remote</code> type in
configuration spec fields <a
href="https://github.com/advthreat/iroh/pull/9046">#9046</a></li>
<li>[Fri Mar 1 14:05:52 2024 +0100] Refactor proxy-health-check <a
href="https://github.com/advthreat/iroh/pull/9033">#9033</a></li>
<li>[Thu Feb 29 17:24:20 2024 +0100] Update proxy-health-check logging
<a href="https://github.com/advthreat/iroh/pull/9028">#9028</a></li>
<li>[Thu Feb 29 13:26:40 2024 +0100] Update proxy health check logging
<a href="https://github.com/advthreat/iroh/pull/9024">#9024</a></li>
<li>[Thu Feb 29 10:50:00 2024 +0100] Perform relay-api request based on
observable-types <a
href="https://github.com/advthreat/iroh/pull/9017">#9017</a></li>
</ul>
</blockquote>
<h2 id="auth">auth</h2>
<h3 id="bartuka-4">bartuka [4]</h3>
<h4 id="iroh-3">iroh [3]</h4>
<ul>
<li>[Wed Mar 6 05:32:37 2024 -0300] [IROH Auth] update QA routes for
Universal Provisioning flow <a
href="https://github.com/advthreat/iroh/pull/9053">#9053</a></li>
<li>[Tue Mar 5 12:57:32 2024 -0300] [IROH Auth] Fix access token
brownfield provisioning <a
href="https://github.com/advthreat/iroh/pull/9049">#9049</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Thu Feb 29 06:01:22 2024 -0300] [IROH Auth] bugfix - accept empty
string as entitlement value for universal provisioning <a
href="https://github.com/advthreat/iroh/pull/9021">#9021</a></li>
</ul>
</blockquote>
<h4 id="tenzin-config-1-1">tenzin-config [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Tue Feb 27 12:16:08 2024 -0300] add fmc client id for each env <a
href="https://github.com/advthreat/tenzin-config/pull/1065">#1065</a></li>
</ul>
</blockquote>
<h3 id="yann-esposito-4">Yann Esposito [4]</h3>
<h4 id="iroh-2-2">iroh [2]</h4>
<ul>
<li>[Tue Mar 12 07:43:49 2024 +0100] Update of the login doc <a
href="https://github.com/advthreat/iroh/pull/9067">#9067</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Fri Mar 1 15:29:16 2024 +0100] optimize search user given a list of
ids <a href="https://github.com/advthreat/iroh/pull/9018">#9018</a></li>
</ul>
</blockquote>
<h4 id="iroh-scripts-1">iroh-scripts [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Mon Mar 4 18:27:15 2024 +0100] Updated scripts</li>
</ul>
</blockquote>
<h4 id="xdr-provisioning-1">xdr-provisioning [1]</h4>
<ul>
<li>[Fri Mar 8 19:50:36 2024 +0100] improved re-onboarding script</li>
</ul>
<h3 id="section-1">[0]</h3>
<h3 id="yogsototh-2">(Yogsototh) [2]</h3>
<h4 id="iroh-scripts-1-1">iroh-scripts [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Mon Mar 4 18:27:15 2024 +0100] Updated scripts</li>
</ul>
</blockquote>
<h4 id="xdr-provisioning-1-1">xdr-provisioning [1]</h4>
<ul>
<li>[Fri Mar 8 19:50:36 2024 +0100] improved re-onboarding script</li>
</ul>
<h2 id="iroh-ops">iroh-ops</h2>
<h3 id="section-2">[0]</h3>
<h3 id="section-3">[0]</h3>
<h3 id="section-4">[0]</h3>
<h3 id="section-5">[0]</h3>
<h1 id="other">Other</h1>
<h2 id="other-1">Other</h2>
<h3 id="robert-levy-1">Robert Levy [1]</h3>
<h4 id="iroh-1">iroh [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Mon Mar 4 17:01:03 2024 -0800] Inherit properties from type in
hierarchical modules <a
href="https://github.com/advthreat/iroh/pull/9042">#9042</a></li>
</ul>
</blockquote>
<h3 id="eric-gierach-1">Eric Gierach [1]</h3>
<h4 id="tenzin-config-1-2">tenzin-config [1]</h4>
<ul>
<li>[Wed Mar 6 14:41:09 2024 -0600] Disabling reporting until Ops gets
the infra set up. <a
href="https://github.com/advthreat/tenzin-config/pull/1075">#1075</a></li>
</ul>
<h3 id="ii-2">II [2]</h3>
<h4 id="iroh-2-3">iroh [2]</h4>
<ul>
<li>[Mon Mar 11 14:36:08 2024 -0500] 9074 remove settings effective <a
href="https://github.com/advthreat/iroh/pull/9075">#9075</a></li>
<li>[Tue Mar 5 08:08:24 2024 -0600] 8990 umbrella investigate v2 <a
href="https://github.com/advthreat/iroh/pull/9030">#9030</a></li>
</ul>
<h3 id="section-6">[2]</h3>
<h4 id="iroh-2-4">iroh [2]</h4>
<ul>
<li>[Mon Mar 11 14:36:08 2024 -0500] 9074 remove settings effective <a
href="https://github.com/advthreat/iroh/pull/9075">#9075</a></li>
<li>[Tue Mar 5 08:08:24 2024 -0600] 8990 umbrella investigate v2 <a
href="https://github.com/advthreat/iroh/pull/9030">#9030</a></li>
</ul>
<h3 id="sam-waggoner-1">Sam Waggoner [1]</h3>
<h4 id="tenzin-config-1-3">tenzin-config [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Thu Feb 29 10:19:20 2024 -0600] hydrant/912 add clean hashes
importer.</li>
</ul>
</blockquote>
<h3 id="t2sw-1">t2sw [1]</h3>
<h4 id="iroh-1-1">iroh [1]</h4>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Mon Mar 4 22:22:19 2024 -0800] add health endpoint to tac portal
and update tests <a
href="https://github.com/advthreat/iroh/pull/9002">#9002</a></li>
</ul>
</blockquote>
<h3 id="brooke-swanson-5">Brooke Swanson [5]</h3>
<h4 id="tenzin-config-5">tenzin-config [5]</h4>
<ul>
<li>[Fri Mar 8 12:27:52 2024 -0600] Report in test. <a
href="https://github.com/advthreat/tenzin-config/pull/1076">#1076</a></li>
<li>[Tue Mar 5 09:16:15 2024 -0600] conure -&gt; base-url. <a
href="https://github.com/advthreat/tenzin-config/pull/1073">#1073</a></li>
</ul>
<blockquote>
<p><u>&gt;1w</u></p>
<ul>
<li>[Thu Feb 29 17:26:28 2024 -0600] Temporary flip this to not spam
logs. <a
href="https://github.com/advthreat/tenzin-config/pull/1069">#1069</a></li>
<li>[Thu Feb 29 16:07:03 2024 -0600] Output buckets. <a
href="https://github.com/advthreat/tenzin-config/pull/1068">#1068</a></li>
<li>[Thu Feb 29 15:28:53 2024 -0600] Distributor and Conure configs. <a
href="https://github.com/advthreat/tenzin-config/pull/1067">#1067</a></li>
</ul>
</blockquote>
<h3 id="james-brock-1">James Brock [1]</h3>
<h4 id="easy-purescript-nix-1">easy-purescript-nix [1]</h4>
<ul>
<li>[Mon Mar 11 21:52:49 2024 +0900] purs: 0.15.10 -&gt; 0.15.15</li>
</ul>
</body>
</html>

278
reports/weekly-10.org Normal file
View file

@ -0,0 +1,278 @@
#+title: Code Weekly Report 10
#+subtitle: logs goes 2 weeks back
#+date: 2024-03-12
#+options: H:6
* IROH
** lead
*** Guillaume Buisson [1]
**** ctia [1]
#+BEGIN_QUOTE
_>1w_
- [Tue Feb 27 11:10:21 2024 +0100] Filter out some infrastructure details from Error API Responses [[https://github.com/advthreat/ctia/pull/1412][#1412]]
#+END_QUOTE
** data
*** Mario Aquino [2]
**** iroh [2]
#+BEGIN_QUOTE
_>1w_
- [Tue Feb 27 12:09:26 2024 -0600] Carmine & Timbre upgrade v2 [[https://github.com/advthreat/iroh/pull/9005][#9005]]
- [Tue Feb 27 11:40:01 2024 -0600] Loosen Risk Score Incident validation [[https://github.com/advthreat/iroh/pull/9013][#9013]]
#+END_QUOTE
*** Guillaume Erétéo [11]
**** ctia [3]
- [Mon Mar 11 11:11:26 2024 +0100] ctim 1.3.15 [[https://github.com/advthreat/ctia/pull/1415][#1415]]
#+BEGIN_QUOTE
_>1w_
- [Fri Mar 1 12:51:13 2024 +0100] silent this too noisy log [[https://github.com/advthreat/ctia/pull/1414][#1414]]
- [Wed Feb 28 11:27:13 2024 +0100] ctim-1.3.14 [[https://github.com/advthreat/ctia/pull/1413][#1413]]
#+END_QUOTE
**** iroh [6]
- [Mon Mar 11 17:59:02 2024 +0100] Add admin maintenance route to load MITRE stix [[https://github.com/advthreat/iroh/pull/8967][#8967]]
- [Mon Mar 11 11:11:38 2024 +0100] ctim 1.3.15 [[https://github.com/advthreat/iroh/pull/9068][#9068]]
#+BEGIN_QUOTE
_>1w_
- [Mon Mar 4 15:32:25 2024 +0100] limit walk entities to the necessary exports [[https://github.com/advthreat/iroh/pull/9039][#9039]]
- [Wed Feb 28 11:27:18 2024 +0100] ctim 1.3.14 [[https://github.com/advthreat/iroh/pull/9016][#9016]]
- [Tue Feb 27 16:26:14 2024 +0100] Dump ES metrics telemetry events [[https://github.com/advthreat/iroh/pull/8999][#8999]]
- [Tue Feb 27 15:38:10 2024 +0100] script to clean SE false positive incidents and sightings [[https://github.com/advthreat/iroh/pull/8846][#8846]]
#+END_QUOTE
**** tenzin-config [2]
- [Wed Mar 6 14:56:11 2024 +0100] configure / tune private intel proxy cm [[https://github.com/advthreat/tenzin-config/pull/1074][#1074]]
#+BEGIN_QUOTE
_>1w_
- [Mon Mar 4 13:12:02 2024 +0100] increase bundle-batch-size [[https://github.com/advthreat/tenzin-config/pull/1071][#1071]]
#+END_QUOTE
*** Ambrose Bonnaire-Sergeant [2]
**** iroh [2]
#+BEGIN_QUOTE
_>1w_
- [Thu Feb 29 15:08:33 2024 -0600] Restrict possible values for updated asset properties [[https://github.com/advthreat/iroh/pull/9022][#9022]]
- [Tue Feb 27 12:57:41 2024 -0600] Don't forward response headers from CTIA to IROH [[https://github.com/advthreat/iroh/pull/9014][#9014]]
#+END_QUOTE
** integrations
*** [0]
*** Kirill Chernyshov [6]
**** iroh [5]
- [Mon Mar 11 16:06:53 2024 +0100] Upgrade clojure 1.11.1 -> 1.11.2 [[https://github.com/advthreat/iroh/pull/9072][#9072]]
- [Mon Mar 11 15:49:06 2024 +0100] Remove maintenance notification type [[https://github.com/advthreat/iroh/pull/9069][#9069]]
#+BEGIN_QUOTE
_>1w_
- [Thu Feb 29 18:38:25 2024 +0100] 8933 e8811 create notificationindeliveryservice persistence only [[https://github.com/advthreat/iroh/pull/9025][#9025]]
- [Wed Feb 28 08:42:32 2024 -0800] "In App" -> "In-App" [[https://github.com/advthreat/iroh/pull/9020][#9020]]
- [Tue Feb 27 08:26:32 2024 -0800] Add correct :name and :description to notification type meta [[https://github.com/advthreat/iroh/pull/9012][#9012]]
#+END_QUOTE
**** tenzin-config [1]
#+BEGIN_QUOTE
_>1w_
- [Fri Mar 1 02:16:05 2024 -0800] Add new kafka topics for IROH notifications [[https://github.com/advthreat/tenzin-config/pull/1070][#1070]]
#+END_QUOTE
*** Shafiq [7]
**** iroh [7]
- [Mon Mar 11 14:31:53 2024 +0100] Data retention cleanup of notification services [[https://github.com/advthreat/iroh/pull/9064][#9064]]
- [Thu Mar 7 09:44:42 2024 +0100] Apply data retention policy on iroh-notifications [[https://github.com/advthreat/iroh/pull/9054][#9054]]
#+BEGIN_QUOTE
_>1w_
- [Mon Mar 4 18:19:59 2024 +0100] Add ~:remote~ type in configuration spec fields [[https://github.com/advthreat/iroh/pull/9046][#9046]]
- [Fri Mar 1 14:05:52 2024 +0100] Refactor proxy-health-check [[https://github.com/advthreat/iroh/pull/9033][#9033]]
- [Thu Feb 29 17:24:20 2024 +0100] Update proxy-health-check logging [[https://github.com/advthreat/iroh/pull/9028][#9028]]
- [Thu Feb 29 13:26:40 2024 +0100] Update proxy health check logging [[https://github.com/advthreat/iroh/pull/9024][#9024]]
- [Thu Feb 29 10:50:00 2024 +0100] Perform relay-api request based on observable-types [[https://github.com/advthreat/iroh/pull/9017][#9017]]
#+END_QUOTE
** auth
*** bartuka [4]
**** iroh [3]
- [Wed Mar 6 05:32:37 2024 -0300] [IROH Auth] update QA routes for Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/9053][#9053]]
- [Tue Mar 5 12:57:32 2024 -0300] [IROH Auth] Fix access token brownfield provisioning [[https://github.com/advthreat/iroh/pull/9049][#9049]]
#+BEGIN_QUOTE
_>1w_
- [Thu Feb 29 06:01:22 2024 -0300] [IROH Auth] bugfix - accept empty string as entitlement value for universal provisioning [[https://github.com/advthreat/iroh/pull/9021][#9021]]
#+END_QUOTE
**** tenzin-config [1]
#+BEGIN_QUOTE
_>1w_
- [Tue Feb 27 12:16:08 2024 -0300] add fmc client id for each env [[https://github.com/advthreat/tenzin-config/pull/1065][#1065]]
#+END_QUOTE
*** Yann Esposito [4]
**** iroh [2]
- [Tue Mar 12 07:43:49 2024 +0100] Update of the login doc [[https://github.com/advthreat/iroh/pull/9067][#9067]]
#+BEGIN_QUOTE
_>1w_
- [Fri Mar 1 15:29:16 2024 +0100] optimize search user given a list of ids [[https://github.com/advthreat/iroh/pull/9018][#9018]]
#+END_QUOTE
**** iroh-scripts [1]
#+BEGIN_QUOTE
_>1w_
- [Mon Mar 4 18:27:15 2024 +0100] Updated scripts
#+END_QUOTE
**** xdr-provisioning [1]
- [Fri Mar 8 19:50:36 2024 +0100] improved re-onboarding script
*** [0]
*** (Yogsototh) [2]
**** iroh-scripts [1]
#+BEGIN_QUOTE
_>1w_
- [Mon Mar 4 18:27:15 2024 +0100] Updated scripts
#+END_QUOTE
**** xdr-provisioning [1]
- [Fri Mar 8 19:50:36 2024 +0100] improved re-onboarding script
** iroh-ops
*** [0]
*** [0]
*** [0]
*** [0]
* Other
** Other
*** Robert Levy [1]
**** iroh [1]
#+BEGIN_QUOTE
_>1w_
- [Mon Mar 4 17:01:03 2024 -0800] Inherit properties from type in hierarchical modules [[https://github.com/advthreat/iroh/pull/9042][#9042]]
#+END_QUOTE
*** Eric Gierach [1]
**** tenzin-config [1]
- [Wed Mar 6 14:41:09 2024 -0600] Disabling reporting until Ops gets the infra set up. [[https://github.com/advthreat/tenzin-config/pull/1075][#1075]]
*** II [2]
**** iroh [2]
- [Mon Mar 11 14:36:08 2024 -0500] 9074 remove settings effective [[https://github.com/advthreat/iroh/pull/9075][#9075]]
- [Tue Mar 5 08:08:24 2024 -0600] 8990 umbrella investigate v2 [[https://github.com/advthreat/iroh/pull/9030][#9030]]
*** [2]
**** iroh [2]
- [Mon Mar 11 14:36:08 2024 -0500] 9074 remove settings effective [[https://github.com/advthreat/iroh/pull/9075][#9075]]
- [Tue Mar 5 08:08:24 2024 -0600] 8990 umbrella investigate v2 [[https://github.com/advthreat/iroh/pull/9030][#9030]]
*** Sam Waggoner [1]
**** tenzin-config [1]
#+BEGIN_QUOTE
_>1w_
- [Thu Feb 29 10:19:20 2024 -0600] hydrant/912 add clean hashes importer.
#+END_QUOTE
*** t2sw [1]
**** iroh [1]
#+BEGIN_QUOTE
_>1w_
- [Mon Mar 4 22:22:19 2024 -0800] add health endpoint to tac portal and update tests [[https://github.com/advthreat/iroh/pull/9002][#9002]]
#+END_QUOTE
*** Brooke Swanson [5]
**** tenzin-config [5]
- [Fri Mar 8 12:27:52 2024 -0600] Report in test. [[https://github.com/advthreat/tenzin-config/pull/1076][#1076]]
- [Tue Mar 5 09:16:15 2024 -0600] conure -> base-url. [[https://github.com/advthreat/tenzin-config/pull/1073][#1073]]
#+BEGIN_QUOTE
_>1w_
- [Thu Feb 29 17:26:28 2024 -0600] Temporary flip this to not spam logs. [[https://github.com/advthreat/tenzin-config/pull/1069][#1069]]
- [Thu Feb 29 16:07:03 2024 -0600] Output buckets. [[https://github.com/advthreat/tenzin-config/pull/1068][#1068]]
- [Thu Feb 29 15:28:53 2024 -0600] Distributor and Conure configs. [[https://github.com/advthreat/tenzin-config/pull/1067][#1067]]
#+END_QUOTE
*** James Brock [1]
**** easy-purescript-nix [1]
- [Mon Mar 11 21:52:49 2024 +0900] purs: 0.15.10 -> 0.15.15

BIN
roam/org-roam 2.db-journal
View file

Binary file not shown.

BIN
roam/org-roam 3.db-journal
View file

Binary file not shown.

BIN
roam/org-roam 4.db-journal
View file

Binary file not shown.

BIN
roam/org-roam 5.db-journal
View file

Binary file not shown.

BIN
roam/org-roam 6.db-journal
View file

Binary file not shown.

BIN
roam/org-roam 7.db-journal
View file

Binary file not shown.

BIN
roam/org-roam 8.db-journal
View file

Binary file not shown.

4462
tracker.org
View file

File diff suppressed because it is too large Load diff

1646
tracker.org_archive
View file

File diff suppressed because it is too large Load diff