#+title: FY23Q1 Report
#+subtitle: logs goes 4 months back
#+date: 2023-11-15
#+options: H:6 ^:nil
* IROH
** lead


*** Guillaume Buisson [23]

**** ctia [1]


_between 3 and 4 months old_

- Revert "woke tool added (#1375)"
**** iroh [6]

- A new script to update a record :created in ES [[https://github.com/advthreat/iroh/pull/8574][#8574]]
- NotificationRequest Service Design [[https://github.com/advthreat/iroh/pull/8264][#8264]]

_between 3 and 4 months old_

- Api insights compliance and tooling [[https://github.com/advthreat/iroh/pull/8204][#8204]]
- Revert "Initial API Insights support (#7938)" [[https://github.com/advthreat/iroh/pull/8200][#8200]]
- Initial API Insights support [[https://github.com/advthreat/iroh/pull/7938][#7938]]
- Initial Notification service developer documentation [[https://github.com/advthreat/iroh/pull/8166][#8166]]
**** iroh-offsite-fy24 [15]

- Added coffee section
- Added Workstation
- fixed time
- Individual Presentations Schedule
- Adding my retrospective
- updated program
- Changed the program
- moved stuff
- typo
- Added schedule CS
- Update program.org
- Update program.org
- Update README.org
- Added schedule CS
- Added Program
**** tenzin-config [1]


_between 3 and 4 months old_

- Set the IROH API version [[https://github.com/advthreat/tenzin-config/pull/965][#965]]
** data


*** Mario Aquino [35]

**** iroh [29]

- Incident Summary migration re-run [[https://github.com/advthreat/iroh/pull/8597][#8597]]
- Notification request uses paginated user search [[https://github.com/advthreat/iroh/pull/8606][#8606]]
- Add support for role-targetted notification [[https://github.com/advthreat/iroh/pull/8557][#8557]]
- Issue 8438/notification request phase 1 [[https://github.com/advthreat/iroh/pull/8470][#8470]]
- Fix flaky test [[https://github.com/advthreat/iroh/pull/8521][#8521]]
- Use int-req-ctx when calling post-bundle-import [[https://github.com/advthreat/iroh/pull/8500][#8500]]
- Use incident long-id for incident summary lookup [[https://github.com/advthreat/iroh/pull/8489][#8489]]
- Establish timeout limit for incident enrichment [[https://github.com/advthreat/iroh/pull/8484][#8484]]
- Use org virtual user for threat hunt enrichment enqueuing [[https://github.com/advthreat/iroh/pull/8458][#8458]]
- Prevent incident-summary ID patching [[https://github.com/advthreat/iroh/pull/8468][#8468]]
- Limit fields returned by Incident Summary Search [[https://github.com/advthreat/iroh/pull/8435][#8435]]
- Incident summary update migration [[https://github.com/advthreat/iroh/pull/8416][#8416]]
- Incident Summary search max page size increase [[https://github.com/advthreat/iroh/pull/8414][#8414]]
- Update Incident Summary [[https://github.com/advthreat/iroh/pull/8386][#8386]]
- Fix support for sorting on source or title [[https://github.com/advthreat/iroh/pull/8392][#8392]]
- Prevent caching Talos threat hunt if missing judgements [[https://github.com/advthreat/iroh/pull/8357][#8357]]
- Set default page size to 10, max to 25 for incident summary search [[https://github.com/advthreat/iroh/pull/8344][#8344]]
- Prevent empty threat data from saving with threat hunt status [[https://github.com/advthreat/iroh/pull/8314][#8314]]
- Add info logging for visibility into incident determination [[https://github.com/advthreat/iroh/pull/8305][#8305]]
- Incident Summary timestamp and search filters support [[https://github.com/advthreat/iroh/pull/8262][#8262]]
- Incident Summary modification timestamps [[https://github.com/advthreat/iroh/pull/8229][#8229]]

_between 3 and 4 months old_

- Async metrics doc [[https://github.com/advthreat/iroh/pull/7774][#7774]]
- [Bugfix] Enforce groups filtering when searching incident summaries [[https://github.com/advthreat/iroh/pull/8211][#8211]]
- Prepend bearer prefix if missing [[https://github.com/advthreat/iroh/pull/8190][#8190]]
- Fix CTIA auth parameter [[https://github.com/advthreat/iroh/pull/8174][#8174]]
- Incident Summary Migration (v2) [[https://github.com/advthreat/iroh/pull/8167][#8167]]
- Incident Summary Migration [[https://github.com/advthreat/iroh/pull/8092][#8092]]
- Developer doc for the migration task [[https://github.com/advthreat/iroh/pull/8087][#8087]]
- Issue 8081/configure incident summary index settings [[https://github.com/advthreat/iroh/pull/8086][#8086]]
**** iroh-offsite-fy24 [1]

- The Mario you know...
**** tenzin-config [5]

- Rerun incident summary migration and update ES index [[https://github.com/advthreat/tenzin-config/pull/1001][#1001]]
- Enable incident summary update migration [[https://github.com/advthreat/tenzin-config/pull/983][#983]]
- Config for incident summary date migration [[https://github.com/advthreat/tenzin-config/pull/968][#968]]

_between 3 and 4 months old_

- Adds incident summary migration [[https://github.com/advthreat/tenzin-config/pull/958][#958]]
- Removes refresh parameter from incident summary index config [[https://github.com/advthreat/tenzin-config/pull/948][#948]]

*** Guillaume Erétéo [26]

**** ctia [2]

- Incident status disposition [[https://github.com/advthreat/ctia/pull/1389][#1389]]
- Update CODEOWNERS [[https://github.com/advthreat/ctia/pull/1387][#1387]]
**** iroh [15]

- entitlement-enforcement-jobs-service in default [[https://github.com/advthreat/iroh/pull/8612][#8612]]
- incident status_disposition [[https://github.com/advthreat/iroh/pull/8587][#8587]]
- introduce admin common web service for cisco services [[https://github.com/advthreat/iroh/pull/8573][#8573]]
- speed up listing of entilements [[https://github.com/advthreat/iroh/pull/8516][#8516]]
- Update CODEOWNERS [[https://github.com/advthreat/iroh/pull/8524][#8524]]
- Add entitlement summaries endpoint for external policy enforcement jobs [[https://github.com/advthreat/iroh/pull/8508][#8508]]
- ductile 0.4.8 [[https://github.com/advthreat/iroh/pull/8453][#8453]]
- XDR intel retention design [[https://github.com/advthreat/iroh/pull/8153][#8153]]
- Manual Data Deletion of Private Intel Data [[https://github.com/advthreat/iroh/pull/8384][#8384]]

_between 3 and 4 months old_

- SE and SCA stats [[https://github.com/advthreat/iroh/pull/8154][#8154]]
- Eventually fix incident report flaky test 2 [[https://github.com/advthreat/iroh/pull/8171][#8171]]
- Draft of proposals for migrating enrichment to CONURE [[https://github.com/advthreat/iroh/pull/7983][#7983]]
- Ductile 0.4.7 [[https://github.com/advthreat/iroh/pull/8120][#8120]]
- fix flaky test on incident summary report [[https://github.com/advthreat/iroh/pull/8083][#8083]]
- aliased ES tk-store [[https://github.com/advthreat/iroh/pull/7822][#7822]]
**** iroh-offsite-fy24 [3]

- fix
- typos
- ge
**** tenzin-config [6]

- fix config path in README.md [[https://github.com/advthreat/tenzin-config/pull/1000][#1000]]

_between 3 and 4 months old_

- add back incident in public intel [[https://github.com/advthreat/tenzin-config/pull/960][#960]]
- disable unsused private/public stores [[https://github.com/advthreat/tenzin-config/pull/959][#959]]
- wip [[https://github.com/advthreat/tenzin-config/pull/951][#951]]
- rename incident summary index for new params [[https://github.com/advthreat/tenzin-config/pull/950][#950]]
- add write alias and rollover [[https://github.com/advthreat/tenzin-config/pull/949][#949]]

*** Ambrose Bonnaire-Sergeant [23]

**** ctia [4]

- New bundle/import option: merge previous incident tactics/techniques [[https://github.com/advthreat/ctia/pull/1388][#1388]]
- Patch existing entities in ~POST /bundle/import~ [[https://github.com/advthreat/ctia/pull/1383][#1383]]
- Fix memory leak [[https://github.com/advthreat/ctia/pull/1382][#1382]]

_between 3 and 4 months old_

- Do not init disabled stores [[https://github.com/advthreat/ctia/pull/1379][#1379]]
**** iroh [6]

- Enable entity patching in POST /private-intel/bundle/import [[https://github.com/advthreat/iroh/pull/8492][#8492]]
- Fix bad bulk call [[https://github.com/advthreat/iroh/pull/8333][#8333]]
- PATCH /bundle/import pass-thru route [[https://github.com/advthreat/iroh/pull/8128][#8128]]
- Fix memory leak [[https://github.com/advthreat/iroh/pull/8243][#8243]]

_between 3 and 4 months old_

- Add missing bearer in incident summary [[https://github.com/advthreat/iroh/pull/8183][#8183]]
- Revert "Fix CTIA auth parameter" [[https://github.com/advthreat/iroh/pull/8182][#8182]]
**** iroh-offsite-fy24 [13]

- Merge branch 'main' of github.com:advthreat/iroh-offsite-fy24
- wip
- successes
- leak
- 120
- plumbing
- flaky
- stuff
- schema
- assess
- me
- stuff
- start
** integrations


*** Matthieu Sprunck [12]

**** iroh [5]

- StackOverflowError temporary fix [[https://github.com/advthreat/iroh/pull/8607][#8607]]
- Allow any header name in the remote module auth configuration [[https://github.com/advthreat/iroh/pull/8529][#8529]]
- Add ciscoxdr as a valid Feedback source [[https://github.com/advthreat/iroh/pull/8515][#8515]]
- Fix Duo Admin API Auth (sigv2) for POST requests [[https://github.com/advthreat/iroh/pull/8330][#8330]]
- Remote module: Remove duplicate / in generated URLs [[https://github.com/advthreat/iroh/pull/8095][#8095]]
**** tenzin-config [7]

- Configure new CSC domain in the provisioning service [[https://github.com/advthreat/tenzin-config/pull/988][#988]]
- New CSC domain for TEST [[https://github.com/advthreat/tenzin-config/pull/987][#987]]
- Add missing config to ExtraHop module record [[https://github.com/advthreat/tenzin-config/pull/974][#974]]
- IROH Proxy config for ExtraHop integration [[https://github.com/advthreat/tenzin-config/pull/973][#973]]
- Disable all relay apis in the Duo module [[https://github.com/advthreat/tenzin-config/pull/971][#971]]
- Configure the IROH Proxy for the Duo module [[https://github.com/advthreat/tenzin-config/pull/969][#969]]

_between 3 and 4 months old_

- IROH Proxy configuration for PAN Cortex XDR [[https://github.com/advthreat/tenzin-config/pull/947][#947]]

*** Kirill Chernyshov [24]

**** iroh [20]

- Add draft design for IROH Events data retention [[https://github.com/advthreat/iroh/pull/8585][#8585]]
- Fix shutdown process of Kafka Consumer [[https://github.com/advthreat/iroh/pull/8558][#8558]]
- Fixes for CTIA Transfer service [[https://github.com/advthreat/iroh/pull/8552][#8552]]
- Transfer CTIA Events [[https://github.com/advthreat/iroh/pull/8514][#8514]]
- Tiny fix for EventWebservice router [[https://github.com/advthreat/iroh/pull/8493][#8493]]
- Handle a case when no include-filters given [[https://github.com/advthreat/iroh/pull/8405][#8405]]
- Replace symbols in random nonce [[https://github.com/advthreat/iroh/pull/8374][#8374]]
- Add :client-credentials-basic-rfc auth type [[https://github.com/advthreat/iroh/pull/8367][#8367]]
- Add new authentication scheme [[https://github.com/advthreat/iroh/pull/8353][#8353]]
- Add automation events and adjust filters [[https://github.com/advthreat/iroh/pull/8349][#8349]]
- Add ~include~ query parameter to incident events [[https://github.com/advthreat/iroh/pull/8331][#8331]]
- Fix sorting for incident events [[https://github.com/advthreat/iroh/pull/8317][#8317]]
- Revert changes to events/search endpoint [[https://github.com/advthreat/iroh/pull/8292][#8292]]
- Deduplicate incident events + note events [[https://github.com/advthreat/iroh/pull/8282][#8282]]
- Trim incident keys to match response schema [[https://github.com/advthreat/iroh/pull/8273][#8273]]
- Fix double uri encoding during passing through parameter to PrivateIntel [[https://github.com/advthreat/iroh/pull/8269][#8269]]
- Add PrivateIntelEventService to default-bootstrap.cfg [[https://github.com/advthreat/iroh/pull/8267][#8267]]
- Add API endpoint to combine events from IROH and PrivateIntel [[https://github.com/advthreat/iroh/pull/8245][#8245]]

_between 3 and 4 months old_

- Create events for incidents [[https://github.com/advthreat/iroh/pull/8162][#8162]]
- Replace kpow with akhq for kafka cluster ops [[https://github.com/advthreat/iroh/pull/8206][#8206]]
**** tenzin-config [4]

- Use strict rfc auth method for ExtraHop module [[https://github.com/advthreat/tenzin-config/pull/977][#977]]
- Fix typo [[https://github.com/advthreat/tenzin-config/pull/976][#976]]
- Configure Palo Alto Cortex proxy [[https://github.com/advthreat/tenzin-config/pull/975][#975]]

_between 3 and 4 months old_

- [TEST, PROD] Enable Kafka services [[https://github.com/advthreat/tenzin-config/pull/944][#944]]

*** Shafiq [11]

**** iroh [9]

- Update iroh-event developer doc [[https://github.com/advthreat/iroh/pull/8596][#8596]]
- Add x-sort header to support search_after pagination [[https://github.com/advthreat/iroh/pull/8586][#8586]]
- Identify trusted service to service req for SE [[https://github.com/advthreat/iroh/pull/8495][#8495]]
- Add error log for unsuccessful proxy health checks [[https://github.com/advthreat/iroh/pull/8442][#8442]]
- Include module flags with proxy-endpoints-metadata response [[https://github.com/advthreat/iroh/pull/8439][#8439]]
- Support Darktrace authentication for IROH-Proxy [[https://github.com/advthreat/iroh/pull/8385][#8385]]
- Generate error message with applied url-template  [[https://github.com/advthreat/iroh/pull/8332][#8332]]
- Generate appropriate errors for invalid url template [[https://github.com/advthreat/iroh/pull/8322][#8322]]
- Implement proxy health checks for Relay modules [[https://github.com/advthreat/iroh/pull/8250][#8250]]
**** tenzin-config [2]

- Add darktrace module [[https://github.com/advthreat/tenzin-config/pull/985][#985]]

_between 3 and 4 months old_

- Update rollover settings for iroh-event datastream [[https://github.com/advthreat/tenzin-config/pull/946][#946]]
** auth


*** bartuka [41]

**** iroh [23]

- [IROH Auth] Add support to accept IROH Auth JWTs and External JWTs in a WebService [[https://github.com/advthreat/iroh/pull/8528][#8528]]
- [IROH Auth] bump ~ring-jwt-middleware~ to ~1.1.5~ [[https://github.com/advthreat/iroh/pull/8568][#8568]]
- [IROH Auth] check entitlements schema in universal piam flow [[https://github.com/advthreat/iroh/pull/8560][#8560]]
- [IROH Auth] fix check of ~allowed-origins~ for ~registration_redirect~ query param [[https://github.com/advthreat/iroh/pull/8559][#8559]]
- [IROH Auth] move ~oauth2-jwkset~ to ~jwks-svc~ [[https://github.com/advthreat/iroh/pull/8534][#8534]]
- [IROH Auth] - Expose ~universal-provisioning-web-service~ [[https://github.com/advthreat/iroh/pull/8499][#8499]]
- [IROH Auth] move ~is-trusted-clients?~ to ~OAuth2ClientService~ [[https://github.com/advthreat/iroh/pull/8502][#8502]]
- [IROH Auth] add ~UniversalProvisioningService~ [[https://github.com/advthreat/iroh/pull/8459][#8459]]
- [IROH Auth] Add support to use ~jwt-pubkey-fn~ to IROH Web [[https://github.com/advthreat/iroh/pull/8450][#8450]]
- [IROH Auth] add ~JWKSService~ with ~cache-jwks~ and ~get-public-keys~ methods [[https://github.com/advthreat/iroh/pull/8449][#8449]]
- [IROH Auth] Universal Provisioning Flow - Design [[https://github.com/advthreat/iroh/pull/8300][#8300]]
- fix webhook schemas for GET search [[https://github.com/advthreat/iroh/pull/8379][#8379]]
- [IROH Auth] Add ~allow-all-role-to-login~ to ~/profile/accounts~ [[https://github.com/advthreat/iroh/pull/8271][#8271]]
- [IROH Auth] Get ~create_org~ query-param from ~origin~ at the ~/login~ endpoint [[https://github.com/advthreat/iroh/pull/8316][#8316]]
- [IROH Auth] Add ~create-org~ query-param to show Create org options in Reg UI [[https://github.com/advthreat/iroh/pull/8308][#8308]]
- [IROH Auth] make ~AO~ scope public [[https://github.com/advthreat/iroh/pull/8223][#8223]]

_between 3 and 4 months old_

- Revert "[IROH Auth] Add ~insights:read~ scope to be visible to Admin … [[https://github.com/advthreat/iroh/pull/8225][#8225]]
- [IROH Auth] Add ~insights:read~ scope to be visible to Admin and Master users [[https://github.com/advthreat/iroh/pull/8186][#8186]]
- [IROH Auth] add ~insights~ root scope [[https://github.com/advthreat/iroh/pull/8185][#8185]]
- [IROH Auth] emit event on entitlement change [[https://github.com/advthreat/iroh/pull/8164][#8164]]
- Design doc to webhook support on Entitlement create/update [[https://github.com/advthreat/iroh/pull/8112][#8112]]
- NewEvent ~:created-at~ is optional for IROH internal calls and mandatory to HTTP events [[https://github.com/advthreat/iroh/pull/8121][#8121]]
- [IROH Auth] Support XDR ~signup-url~ [[https://github.com/advthreat/iroh/pull/8117][#8117]]
**** iroh-offsite-fy24 [4]

- Merge remote-tracking branch 'refs/remotes/origin/main'
- sync
- fix
- retro
**** ring-jwt-middleware [11]

- add test case
- update readme
- fix schema
- log the full jwt when error
- use the default value
- fix tests by adding ~post-jwt-format-fn-arg-fn~ to config and schema
- fix all tests by changing the output of ~decode~
- Merge pull request #28 from threatgrid/pubkey-fn-arg-fn
- fix config_test
- add test case
- initial commit
**** tenzin-config [3]

- add new automation hosts to webhook runner [[https://github.com/advthreat/tenzin-config/pull/979][#979]]
- update help-url [[https://github.com/advthreat/tenzin-config/pull/967][#967]]

_between 3 and 4 months old_

- config to support signup-url xdr [[https://github.com/advthreat/tenzin-config/pull/955][#955]]

*** Yann Esposito [63]

**** iroh [22]

- Generalize default indexes for data retention [[https://github.com/advthreat/iroh/pull/8598][#8598]]
- [Data Retention Policy]: Delete incident summaries along incident [[https://github.com/advthreat/iroh/pull/8576][#8576]]
- [Provisioning] Introduce ~product-instance-id~ [[https://github.com/advthreat/iroh/pull/8577][#8577]]
- Simply wait a lot more for ES to sync [[https://github.com/advthreat/iroh/pull/8553][#8553]]
- Quick fix on the IROH login page [[https://github.com/advthreat/iroh/pull/8564][#8564]]
- Prevent org duplication during provisioning [[https://github.com/advthreat/iroh/pull/8556][#8556]]
- Declared scopes tree [[https://github.com/advthreat/iroh/pull/8537][#8537]]
- Improve constraints against Entitlements [[https://github.com/advthreat/iroh/pull/8525][#8525]]
- Fix admin route to support combinators [[https://github.com/advthreat/iroh/pull/8377][#8377]]
- Data Retention endpoint returns immediately [[https://github.com/advthreat/iroh/pull/8486][#8486]]
- Data retention policy enforcement [[https://github.com/advthreat/iroh/pull/8431][#8431]]
- PIAM: Support filtered out onboardings [[https://github.com/advthreat/iroh/pull/8275][#8275]]
- Improved entitlement doc [[https://github.com/advthreat/iroh/pull/8261][#8261]]
- Expose XDR-enabled? SX-enabled? on whoami [[https://github.com/advthreat/iroh/pull/8274][#8274]]

_between 3 and 4 months old_

- Fix a URL detection from HTML [[https://github.com/advthreat/iroh/pull/8165][#8165]]
- Revert "Incident Summary Migration" [[https://github.com/advthreat/iroh/pull/8163][#8163]]
- [Monetization]: Fix business logic of data retention [[https://github.com/advthreat/iroh/pull/8142][#8142]]
- Allow braces with iroh-core/strint [[https://github.com/advthreat/iroh/pull/8051][#8051]]
- Remove SecureX branding and attempt to match SCSO branding for invitation and OAuth2 authorization [[https://github.com/advthreat/iroh/pull/8111][#8111]]
- [Registration UI]: Reword to remove SX reference [[https://github.com/advthreat/iroh/pull/8110][#8110]]
- Entitlement summary technical values [[https://github.com/advthreat/iroh/pull/8094][#8094]]
- [PIAM] Make enterprise id mandatory for piam [[https://github.com/advthreat/iroh/pull/8069][#8069]]
**** iroh-offsite-fy24 [2]

- Update content + reveal
- Initial commit
**** iroh-scripts [21]

- add scope to a client
- Help support cider
- add admin to org
- Improved descriptions
- promote-to-master script
- Fix and small improvements
- Improve robustness
- Scripts for admin
- client-pass
- Improve scripting lib
- improve error message
- small rename improved search
- add search
- improve + new scripts
- Provision orgs for developers with some fixed entitlements
- attempt 2
- Attempt to fix links in README
- Improve README.org
- create an admin util ns
- add a nice example with get-client.sh
- initial commit with an example
**** ring-jwt-middleware [4]

- Version 1.1.6-SNAPSHOT
- Version 1.1.5
- v1.1.5-SNAPSHOT
- Version 1.1.4
**** tenzin-config [4]

- increase rate limit for lab [[https://github.com/advthreat/tenzin-config/pull/992][#992]]
- Typo fix #989 [[https://github.com/advthreat/tenzin-config/pull/991][#991]]
- Declare missing service [[https://github.com/advthreat/tenzin-config/pull/990][#990]]
- Configure Enforce Entitlement Jobs service [[https://github.com/advthreat/tenzin-config/pull/989][#989]]
**** xdr-provisioning [10]

- fix exit
- prevent duplicate onboard calls

_between 3 and 4 months old_

- Add a script to cleanup test accounts
- rename script and improve error
- minor improvement
- fix ISO code to use 2 chars only
- use the env from the table
- fix tsv-to-commands.sh
- add tsv-to-commands.sh
- add an option to force di and csc onboarding even for org upgrade

*** Olivier Barbeau [29]

**** iroh [27]

- Implement ~Module Instance service~ event handler [[https://github.com/advthreat/iroh/pull/8592][#8592]]
- Updates to the design 'entitlement changes for integration modules' [[https://github.com/advthreat/iroh/pull/8541][#8541]]
- E8388: add new module-instance events, register Module Instance service as handler [[https://github.com/advthreat/iroh/pull/8547][#8547]]
- E8388: Issue 8531 add state to module instance schema [[https://github.com/advthreat/iroh/pull/8544][#8544]]
- Issue 8389 design entitlement changes for integration modules [[https://github.com/advthreat/iroh/pull/8510][#8510]]
- More modules restrictions tests [[https://github.com/advthreat/iroh/pull/8411][#8411]]
- Modules restrictions: Fix missing known exception [[https://github.com/advthreat/iroh/pull/8380][#8380]]
- Apply entitlements to the IntService [[https://github.com/advthreat/iroh/pull/8350][#8350]]
- Apply entitlements to the ModuleInstance API [[https://github.com/advthreat/iroh/pull/8327][#8327]]
- Clear reason of error when creating a module instance with wrong module type [[https://github.com/advthreat/iroh/pull/8320][#8320]]
- Apply entitlements to the ModuleType API [[https://github.com/advthreat/iroh/pull/8303][#8303]]
- Update ~search-module-types-response~ with combinator search query [[https://github.com/advthreat/iroh/pull/8290][#8290]]
- Stores optimization: Update search-module-instances-internal with combinator search query [[https://github.com/advthreat/iroh/pull/8287][#8287]]
- fix test: use two stores [[https://github.com/advthreat/iroh/pull/8285][#8285]]
- Stores optimization: modify ~load-module-instances~ and ~load-module-types~ [[https://github.com/advthreat/iroh/pull/8281][#8281]]
- [Cleanup] Remove the ~:xdr-roles~ feature flag [[https://github.com/advthreat/iroh/pull/8205][#8205]]
- [Cleanup] Remove the ~:merge-users-by-email~ feature flag [[https://github.com/advthreat/iroh/pull/8198][#8198]]
- [Cleanup] Remove the ~:registration~ feature flag [[https://github.com/advthreat/iroh/pull/8199][#8199]]

_between 3 and 4 months old_

- Annotated diagram for ~check_node_types.clj~ [[https://github.com/advthreat/iroh/pull/8133][#8133]]
- Increases the time allocated to node start-up [[https://github.com/advthreat/iroh/pull/8125][#8125]]
- [IROH configuration]: Checks that each IROH node type starts correctly [[https://github.com/advthreat/iroh/pull/8043][#8043]]
- fix format-style args logs [[https://github.com/advthreat/iroh/pull/8119][#8119]]
- Adapt OrgAccessRequest to XDR [[https://github.com/advthreat/iroh/pull/8108][#8108]]
- Redirect invited user to XDR [[https://github.com/advthreat/iroh/pull/8105][#8105]]
- Duplicate ~one-click-module-service~ in bootstrap [[https://github.com/advthreat/iroh/pull/8071][#8071]]
- Start node with type and env [[https://github.com/advthreat/iroh/pull/8085][#8085]]
- matrix config for ~in-isolation~ tests [[https://github.com/advthreat/iroh/pull/8082][#8082]]
**** iroh-offsite-fy24 [1]

- Olivier's retro
**** tenzin-config [1]


_between 3 and 4 months old_

- add first-url for both SX and XDR [[https://github.com/advthreat/tenzin-config/pull/952][#952]]

*** (Yogsototh) [37]

**** iroh-offsite-fy24 [2]

- Update content + reveal
- Initial commit
**** iroh-scripts [21]

- add scope to a client
- Help support cider
- add admin to org
- Improved descriptions
- promote-to-master script
- Fix and small improvements
- Improve robustness
- Scripts for admin
- client-pass
- Improve scripting lib
- improve error message
- small rename improved search
- add search
- improve + new scripts
- Provision orgs for developers with some fixed entitlements
- attempt 2
- Attempt to fix links in README
- Improve README.org
- create an admin util ns
- add a nice example with get-client.sh
- initial commit with an example
**** ring-jwt-middleware [4]

- Version 1.1.6-SNAPSHOT
- Version 1.1.5
- v1.1.5-SNAPSHOT
- Version 1.1.4
**** xdr-provisioning [10]

- fix exit
- prevent duplicate onboard calls

_between 3 and 4 months old_

- Add a script to cleanup test accounts
- rename script and improve error
- minor improvement
- fix ISO code to use 2 chars only
- use the env from the table
- fix tsv-to-commands.sh
- add tsv-to-commands.sh
- add an option to force di and csc onboarding even for org upgrade
** iroh-ops


*** Jerome Schneider [3]

**** iroh-offsite-fy24 [3]

- Jerome: last minute changes
- add percentages for my day look like
- add personal presentation

***  [0]

* Other
** Other


*** Robert Levy [5]

**** iroh [4]

- change description, title, etc on incident status tile [[https://github.com/advthreat/iroh/pull/8362][#8362]]
- change format of incident-status tile to horizontal bar chart [[https://github.com/advthreat/iroh/pull/8345][#8345]]

_between 3 and 4 months old_

- null the top-level data key when no rows in ctia datatable tiles [[https://github.com/advthreat/iroh/pull/8143][#8143]]
- when rows null, data.data should be null [[https://github.com/advthreat/iroh/pull/8130][#8130]]
**** tenzin-config [1]

- Revert "Adds cache configuration for CrowdStrike (#1002)" [[https://github.com/advthreat/tenzin-config/pull/1005][#1005]]

*** Eric Gierach [6]

**** iroh [6]

- bumping iroh-engine to 0.15.13 [[https://github.com/advthreat/iroh/pull/8520][#8520]]
- bumping iroh-engine to 0.15.12 [[https://github.com/advthreat/iroh/pull/8509][#8509]]
- Update iroh-engine dep to 0.15.11 [[https://github.com/advthreat/iroh/pull/8460][#8460]]
- updating iroh-engine to 0.15.10 [[https://github.com/advthreat/iroh/pull/8295][#8295]]

_between 3 and 4 months old_

- updating to iroh-engine 0.15.9 to fix query params [[https://github.com/advthreat/iroh/pull/8232][#8232]]
- updating iroh-engine to 0.15.8 to fix wait_for query param [[https://github.com/advthreat/iroh/pull/8224][#8224]]

*** II [9]

**** ctia [1]

- Bumps CTIM version to 1.3.10 [[https://github.com/advthreat/ctia/pull/1385][#1385]]
**** iroh [7]

- 8496 - relay module token cache [[https://github.com/advthreat/iroh/pull/8580][#8580]]
- Issue 8456 - Uses string instead of regex fake route to fix flaky test [[https://github.com/advthreat/iroh/pull/8462][#8462]]
- Only returns proxy endpoint metadata when v2 is configured [[https://github.com/advthreat/iroh/pull/8447][#8447]]
- 8239 migrate umbrella routes [[https://github.com/advthreat/iroh/pull/8247][#8247]]
- Issue 8383 ao header ids [[https://github.com/advthreat/iroh/pull/8433][#8433]]
- Issue 8429 bump ctim version darktrace [[https://github.com/advthreat/iroh/pull/8430][#8430]]

_between 3 and 4 months old_

- 8114 - API proxy for Umbrella v2 routes [[https://github.com/advthreat/iroh/pull/8228][#8228]]
**** tenzin-config [1]

- Adds cache configuration for CrowdStrike [[https://github.com/advthreat/tenzin-config/pull/1002][#1002]]

*** Devin Walters [4]

**** tenzin-config [4]

- Add port 443 to ctia base urls [[https://github.com/advthreat/tenzin-config/pull/996][#996]]
- Add the rest of playbook environment configs [[https://github.com/advthreat/tenzin-config/pull/981][#981]]
- Add TEST config for playbook service [[https://github.com/advthreat/tenzin-config/pull/980][#980]]
- Initial playbook config [[https://github.com/advthreat/tenzin-config/pull/972][#972]]

*** Cisco [1]

**** iroh-offsite-fy24 [1]

- Olivier's retro

*** Ag Ibragimov [1]

**** ctia [1]

- Filter incidents on timestamp not created [[https://github.com/advthreat/ctia/pull/1377][#1377]]

***  [9]

**** ctia [1]

- Bumps CTIM version to 1.3.10 [[https://github.com/advthreat/ctia/pull/1385][#1385]]
**** iroh [7]

- 8496 - relay module token cache [[https://github.com/advthreat/iroh/pull/8580][#8580]]
- Issue 8456 - Uses string instead of regex fake route to fix flaky test [[https://github.com/advthreat/iroh/pull/8462][#8462]]
- Only returns proxy endpoint metadata when v2 is configured [[https://github.com/advthreat/iroh/pull/8447][#8447]]
- 8239 migrate umbrella routes [[https://github.com/advthreat/iroh/pull/8247][#8247]]
- Issue 8383 ao header ids [[https://github.com/advthreat/iroh/pull/8433][#8433]]
- Issue 8429 bump ctim version darktrace [[https://github.com/advthreat/iroh/pull/8430][#8430]]

_between 3 and 4 months old_

- 8114 - API proxy for Umbrella v2 routes [[https://github.com/advthreat/iroh/pull/8228][#8228]]
**** tenzin-config [1]

- Adds cache configuration for CrowdStrike [[https://github.com/advthreat/tenzin-config/pull/1002][#1002]]

*** Andrew Parisi [3]

**** tenzin-config [3]

- [data-retention/update-entitlement-route-information] [[https://github.com/advthreat/tenzin-config/pull/1004][#1004]]
- [gh-607/mark-sightings-internal-based-on-module-type-map-fix-mistake] [[https://github.com/advthreat/tenzin-config/pull/984][#984]]
- conure-607/mark-sightings-internal-based-on-module-type-map [[https://github.com/advthreat/tenzin-config/pull/982][#982]]

*** shafjama [1]

**** iroh-offsite-fy24 [1]

- Last minute

*** Scott McLeod [8]

**** iroh [8]

- Filter out empty xdr-org summary reports [[https://github.com/advthreat/iroh/pull/8472][#8472]]
- XDR Org Incident Stats Summaries [[https://github.com/advthreat/iroh/pull/8441][#8441]]
- Tansform aggregate service to accept a list of AggQuery [[https://github.com/advthreat/iroh/pull/8387][#8387]]
- Add summary stats [[https://github.com/advthreat/iroh/pull/8348][#8348]]
- Add enterprise-id to incident report [[https://github.com/advthreat/iroh/pull/8258][#8258]]

_between 3 and 4 months old_

- Add percentiles aggregation [[https://github.com/advthreat/iroh/pull/8197][#8197]]
- Add stats aggregation [[https://github.com/advthreat/iroh/pull/8189][#8189]]
-  Update Incident Report Service schemas [[https://github.com/advthreat/iroh/pull/8159][#8159]]

*** Matthieu Sprunck [1]

**** iroh-offsite-fy24 [1]

- Matthieu's retro

*** Patrick Patat [1]

**** iroh-offsite-fy24 [1]

- add presentation

*** t2sw [2]

**** ctia [1]

- Update CODEOWNERS [[https://github.com/advthreat/ctia/pull/1390][#1390]]
**** iroh [1]

- add new endpoint for role service to query roles by an org id; update… [[https://github.com/advthreat/iroh/pull/8364][#8364]]

*** Jerome Schneider [1]

**** iroh [1]

- Upgrade riemann server (#8253) [[https://github.com/advthreat/iroh/pull/8254][#8254]]

*** Brooke Swanson [1]

**** tenzin-config [1]

- Up distributor worker counts for test and prod. [[https://github.com/advthreat/tenzin-config/pull/993][#993]]

*** Jillian Flook [1]

**** tenzin-config [1]

- update dashboard UserResearchCTA [[https://github.com/advthreat/tenzin-config/pull/997][#997]]

*** (msprunck) [1]

**** iroh-offsite-fy24 [1]

- Matthieu's retro

*** Pawan Bahuguna [2]

**** tenzin-config [2]

- Updated Playbook URL in all regions [[https://github.com/advthreat/tenzin-config/pull/998][#998]]
- SXOPS-937 Add New Services [[https://github.com/advthreat/tenzin-config/pull/995][#995]]

*** James Brock [1]

**** easy-purescript-nix [1]

- Upgrades