#+title: FY23Q3 Report
#+subtitle: logs goes 4 months back
#+date: 2023-05-03
#+options: H:6 ^:nil
* IROH
** lead


*** Guillaume Buisson [25]

**** ctia [5]

- Fixed Riemann ES configuration [[https://github.com/advthreat/ctia/pull/1360][#1360]]
- Allow setting ~allow_partial_search_results~ in ES queries [[https://github.com/advthreat/ctia/pull/1359][#1359]]
- Bump CTIM to 1.3.6 [[https://github.com/advthreat/ctia/pull/1355][#1355]]
- Note Entity API changes [[https://github.com/advthreat/ctia/pull/1342][#1342]]

_between 3 and 4 months old_

- CTIM Note entity Support [[https://github.com/advthreat/ctia/pull/1330][#1330]]
**** iroh [16]

- Initial Incident Response Design Draft [[https://github.com/advthreat/iroh/pull/7398][#7398]]
- Fix Target enrichment feature flag check [[https://github.com/advthreat/iroh/pull/7740][#7740]]
- Bump clj-momo to 0.4.0 [[https://github.com/advthreat/iroh/pull/7723][#7723]]
- Update Orchestration Workflow Event fixtures [[https://github.com/advthreat/iroh/pull/7677][#7677]]
- Observe-Targets route Enhancements [[https://github.com/advthreat/iroh/pull/7668][#7668]]
- Temporary implementation of observe-targets in the Relay module [[https://github.com/advthreat/iroh/pull/7656][#7656]]
- Revert "Enrich WebService route"
- Revert "Initial WebService for testing"
- Initial WebService for testing
- Enrich WebService route
- Additional Note/Event sample data [[https://github.com/advthreat/iroh/pull/7654][#7654]]
- Support the Note Entity in Private Intel [[https://github.com/advthreat/iroh/pull/7605][#7605]]
- Mitre and Risk Score based Incidents Review [[https://github.com/advthreat/iroh/pull/6990][#6990]]
- Properly define the OpenAPI metadata for the Enrich API [[https://github.com/advthreat/iroh/pull/7532][#7532]]
- Unhide Swagger UI Responses [[https://github.com/advthreat/iroh/pull/7529][#7529]]
- Updated Note designs [[https://github.com/advthreat/iroh/pull/7508][#7508]]
**** tenzin-config [4]

- Add the SXO clients to the High Impact allowed sources [[https://github.com/advthreat/tenzin-config/pull/876][#876]]

_between 3 and 4 months old_

- CTIA Note Entity setup [[https://github.com/advthreat/tenzin-config/pull/836][#836]]
- Disable the Kafka Event Hook for Private Intel [[https://github.com/advthreat/tenzin-config/pull/835][#835]]
- Double the rate limit of the dcloud organization [[https://github.com/advthreat/tenzin-config/pull/824][#824]]
** data


*** Mario Aquino [30]

**** iroh [17]

- Add audiences to client [[https://github.com/advthreat/iroh/pull/7812][#7812]]
- OrgTokenProviderService [[https://github.com/advthreat/iroh/pull/7731][#7731]]
- Handle additional variation on mitre-attack source_name [[https://github.com/advthreat/iroh/pull/7755][#7755]]
- Match on mitre-attack as source_name to find variations [[https://github.com/advthreat/iroh/pull/7754][#7754]]
- Remove high impact severity checking [[https://github.com/advthreat/iroh/pull/7580][#7580]]
- Iterate over all orgs for threat hunt execution [[https://github.com/advthreat/iroh/pull/7601][#7601]]
- Check authorization header [[https://github.com/advthreat/iroh/pull/7597][#7597]]
- Fix test broken by missing auth header [[https://github.com/advthreat/iroh/pull/7588][#7588]]
- Use mk-int-request-context for calls that may go to modules [[https://github.com/advthreat/iroh/pull/7587][#7587]]
- Improve logging for risk score asset resolution [[https://github.com/advthreat/iroh/pull/7581][#7581]]
- Update CTIM to align w version used by CTIA [[https://github.com/advthreat/iroh/pull/7576][#7576]]
- Reduce threat hunt ctia investigate module timeouts [[https://github.com/advthreat/iroh/pull/7527][#7527]]
- Error handling around risk score calculation attempt [[https://github.com/advthreat/iroh/pull/7512][#7512]]

_between 3 and 4 months old_

- Replace unsupported trojan source detector [[https://github.com/advthreat/iroh/pull/7481][#7481]]
- Service interface tech-debt [[https://github.com/advthreat/iroh/pull/7475][#7475]]
- One iroh-async session queue for all tasks [[https://github.com/advthreat/iroh/pull/7472][#7472]]
- CTIM v1.2.0 [[https://github.com/advthreat/iroh/pull/7459][#7459]]
**** tenzin-config [13]

- Enable config for incident enrichment [[https://github.com/advthreat/tenzin-config/pull/880][#880]]
- Removes AWS Auth credentials no longer needed by queue-monitor [[https://github.com/advthreat/tenzin-config/pull/867][#867]]
- Update async worker count for new server specs [[https://github.com/advthreat/tenzin-config/pull/861][#861]]
- AWS Credentials for CloudWatch interaction [[https://github.com/advthreat/tenzin-config/pull/842][#842]]
- Remove configs to allow threat hunting for all orgs [[https://github.com/advthreat/tenzin-config/pull/853][#853]]
- Make all incidents imported via Swagger UI high impact [[https://github.com/advthreat/tenzin-config/pull/847][#847]]
- Remove iroh-investigate and iroh-incident configs [[https://github.com/advthreat/tenzin-config/pull/837][#837]]

_between 3 and 4 months old_

- Use correct urls for PROD iroh [[https://github.com/advthreat/tenzin-config/pull/832][#832]]
- Updates sessions-config for iroh-investigate and iroh-incident [[https://github.com/advthreat/tenzin-config/pull/826][#826]]
- iroh-queue-monitor config update [[https://github.com/advthreat/tenzin-config/pull/820][#820]]
- Increases number of threat hunt orgs [[https://github.com/advthreat/tenzin-config/pull/812][#812]]
- Redis for iroh-async [[https://github.com/advthreat/tenzin-config/pull/815][#815]]
- Adds config for iroh-async deployment group

*** Guillaume Erétéo [16]

**** ctia [6]

- add total-hits headers to metric responses [[https://github.com/advthreat/ctia/pull/1363][#1363]]
- add tactics/techniques to incident search filters [[https://github.com/advthreat/ctia/pull/1356][#1356]]
- Incident score schema check [[https://github.com/advthreat/ctia/pull/1353][#1353]]
- Relationships: add target_ref and source_ref as enumerable field [[https://github.com/advthreat/ctia/pull/1354][#1354]]

_between 3 and 4 months old_

- verdict fix [[https://github.com/advthreat/ctia/pull/1333][#1333]]
- add techniques to enumerable fields [[https://github.com/advthreat/ctia/pull/1331][#1331]]
**** iroh [5]

- introduce aggregation in crud store [[https://github.com/advthreat/iroh/pull/7734][#7734]]
- Add Scott to CODEOWNERS [[https://github.com/advthreat/iroh/pull/7782][#7782]]
- first stats [[https://github.com/advthreat/iroh/pull/7765][#7765]]
- Incident summary design [[https://github.com/advthreat/iroh/pull/7704][#7704]]
- threat hunt status incident status Open [[https://github.com/advthreat/iroh/pull/7709][#7709]]
**** tenzin-config [5]

- Activate scoring in TEST and PROD for 1.116 [[https://github.com/advthreat/tenzin-config/pull/851][#851]]
- Add PCTIA as high impact by default [[https://github.com/advthreat/tenzin-config/pull/849][#849]]

_between 3 and 4 months old_

- update incident mappings [[https://github.com/advthreat/tenzin-config/pull/822][#822]]
- IROH Swagger UI to high impact sources [[https://github.com/advthreat/tenzin-config/pull/830][#830]]
- prepare actor migration [[https://github.com/advthreat/tenzin-config/pull/814][#814]]

*** Ambrose Bonnaire-Sergeant [11]

**** ctia [7]

- Push sighting store's coercion pattern into def-es-store [[https://github.com/advthreat/ctia/pull/1361][#1361]]
- Remove log4j [[https://github.com/advthreat/ctia/pull/1347][#1347]]
- Fix bulk relationships between transient asset mappings/fields [[https://github.com/advthreat/ctia/pull/1343][#1343]]
- Filter by scores test [[https://github.com/advthreat/ctia/pull/1341][#1341]]
- Scores dynamic mapping [[https://github.com/advthreat/ctia/pull/1340][#1340]]
- Don't mix user params with internal extensions [[https://github.com/advthreat/ctia/pull/1339][#1339]]

_between 3 and 4 months old_

- Sort on incident score [[https://github.com/advthreat/ctia/pull/1327][#1327]]
**** iroh [4]

- new incident scores format [[https://github.com/advthreat/iroh/pull/7578][#7578]]
- Strip ctia keys [[https://github.com/advthreat/iroh/pull/7521][#7521]]

_between 3 and 4 months old_

- Improve stubservice error messages [[https://github.com/advthreat/iroh/pull/7478][#7478]]
- Prep Mia for incident scoring impl [[https://github.com/advthreat/iroh/pull/7397][#7397]]
** integrations


*** Matthieu Sprunck [32]

**** iroh [17]

- E7469: Event API extension design [[https://github.com/advthreat/iroh/pull/7462][#7462]]
- Implements OR, AND, NOT boolean combinators for ElasticSearch [[https://github.com/advthreat/iroh/pull/7752][#7752]]
- Add a dedicated IROH Auth configuration to Swagger [[https://github.com/advthreat/iroh/pull/7738][#7738]]
- Remote: Return an error when tiles/data is not supported [[https://github.com/advthreat/iroh/pull/7732][#7732]]
- Remove support for access token in Swagger UI [[https://github.com/advthreat/iroh/pull/7729][#7729]]
- Remote: IROH Proxy handler should not be called in case of errors [[https://github.com/advthreat/iroh/pull/7717][#7717]]
- Add missing dependency to int-web-service [[https://github.com/advthreat/iroh/pull/7712][#7712]]
- Configures ModuleRecords with a map [[https://github.com/advthreat/iroh/pull/7690][#7690]]
- Bump to CTIM 1.3.7 [[https://github.com/advthreat/iroh/pull/7696][#7696]]
- Create High Impact incident event [[https://github.com/advthreat/iroh/pull/7679][#7679]]
- Bump to CTIM 1.3.5 [[https://github.com/advthreat/iroh/pull/7642][#7642]]
- Add new High Impact Incident event types [[https://github.com/advthreat/iroh/pull/7606][#7606]]
- Bump to CTIM 1.3.4 [[https://github.com/advthreat/iroh/pull/7626][#7626]]
- Bump to CTIM 1.3.3 [[https://github.com/advthreat/iroh/pull/7616][#7616]]
- Allow settings prefixed by custom_ to be derived in proxy config [[https://github.com/advthreat/iroh/pull/7509][#7509]]

_between 3 and 4 months old_

- Fix client credentials auth for CrowdStrike integration [[https://github.com/advthreat/iroh/pull/7502][#7502]]
- Add API Key auth type to the Relay module [[https://github.com/advthreat/iroh/pull/7488][#7488]]
**** tenzin-config [15]

- Revert "Revert "Remove support for access token in Swagger UI (#868)" (#871)" [[https://github.com/advthreat/tenzin-config/pull/874][#874]]
- Allow SXO internal hosts for webhook calls [[https://github.com/advthreat/tenzin-config/pull/872][#872]]
- Revert "Remove support for access token in Swagger UI (#868)" [[https://github.com/advthreat/tenzin-config/pull/871][#871]]
- Remove invalid module configuration keys [[https://github.com/advthreat/tenzin-config/pull/870][#870]]
- Remove support for access token in Swagger UI [[https://github.com/advthreat/tenzin-config/pull/868][#868]]
- Remove one-click-module services from iroh application [[https://github.com/advthreat/tenzin-config/pull/865][#865]]
- Change the IROH modules configuration format [[https://github.com/advthreat/tenzin-config/pull/864][#864]]
- Change Orbital URL in TEST [[https://github.com/advthreat/tenzin-config/pull/848][#848]]
- Remove the tiles APIs from the Orbital module record [[https://github.com/advthreat/tenzin-config/pull/845][#845]]
- Add CrowdStrike proxy configuration [[https://github.com/advthreat/tenzin-config/pull/841][#841]]

_between 3 and 4 months old_

- Fix SentinelOne module record conf [[https://github.com/advthreat/tenzin-config/pull/834][#834]]
- Support of IROH Proxy for SentinelOne [[https://github.com/advthreat/tenzin-config/pull/828][#828]]
- Revert connection manager changes in PROD (2nd attempt) [[https://github.com/advthreat/tenzin-config/pull/827][#827]]
- Revert changes in PROD and reduce nb of threads in INT and TEST [[https://github.com/advthreat/tenzin-config/pull/825][#825]]
- Increase the number of threads used by the connection manager of the Relay module [[https://github.com/advthreat/tenzin-config/pull/823][#823]]

*** Kirill Chernyshov [11]

**** ctia [2]

- Exception handling for bundle export [[https://github.com/advthreat/ctia/pull/1351][#1351]]

_between 3 and 4 months old_

- Default "no-pagination" for feed [[https://github.com/advthreat/ctia/pull/1336][#1336]]
**** iroh [9]

- Fix configuration option for event signer [[https://github.com/advthreat/iroh/pull/7777][#7777]]
- Add signer options for EventService [[https://github.com/advthreat/iroh/pull/7776][#7776]]
- Simplify kafka-producer integration test [[https://github.com/advthreat/iroh/pull/7769][#7769]]
- Send event from EventService to kafka topic [[https://github.com/advthreat/iroh/pull/7552][#7552]]
- Return promise after sending event to kafka [[https://github.com/advthreat/iroh/pull/7556][#7556]]
- IROH-crypto lib [[https://github.com/advthreat/iroh/pull/7544][#7544]]
- KafkaProducerService [[https://github.com/advthreat/iroh/pull/7524][#7524]]
- Introduce iroh-kafka library [[https://github.com/advthreat/iroh/pull/7505][#7505]]

_between 3 and 4 months old_

- Remove Onyx and Aeron services [[https://github.com/advthreat/iroh/pull/7489][#7489]]

*** Shafiq [5]

**** iroh [4]

- Add create-event HTTP API [[https://github.com/advthreat/iroh/pull/7557][#7557]]
- Add search endpoint for iroh-events [[https://github.com/advthreat/iroh/pull/7528][#7528]]
- Add integration test-case for iroh-events search [[https://github.com/advthreat/iroh/pull/7513][#7513]]

_between 3 and 4 months old_

- Separate event-handlers from EventNotifierService [[https://github.com/advthreat/iroh/pull/7437][#7437]]
**** tenzin-config [1]

- Configure internal-event-web-service [[https://github.com/advthreat/tenzin-config/pull/844][#844]]
** auth


*** Olivier Barbeau [23]

**** iroh [22]

- fix http status code [[https://github.com/advthreat/iroh/pull/7838][#7838]]
- Rework of the script ~check-changelog-update-time~ [[https://github.com/advthreat/iroh/pull/7658][#7658]]
- RBAC: additional XDR tests [[https://github.com/advthreat/iroh/pull/7634][#7634]]
- GitHub Actions: do test coverage only once [[https://github.com/advthreat/iroh/pull/7607][#7607]]
- Increase Java Heap size for code coverage - Github Actions workflow [[https://github.com/advthreat/iroh/pull/7585][#7585]]
- add workdir for the check [[https://github.com/advthreat/iroh/pull/7573][#7573]]
- disable test [[https://github.com/advthreat/iroh/pull/7566][#7566]]
- Fail build if html not updated [[https://github.com/advthreat/iroh/pull/7559][#7559]]
- RBAC: enable the new XDR role 'Security Analyst Tier 2' [[https://github.com/advthreat/iroh/pull/7545][#7545]]
- Issue 7538 refactor of role retrieval [[https://github.com/advthreat/iroh/pull/7540][#7540]]
- automated 'revert role' operation with test [[https://github.com/advthreat/iroh/pull/7537][#7537]]
- RBAC: Retrocompatibility of the Provisioning API [[https://github.com/advthreat/iroh/pull/7507][#7507]]

_between 3 and 4 months old_

- Refactor around ~ifn-pred~ [[https://github.com/advthreat/iroh/pull/7491][#7491]]
- set job timeouts to 90 minutes [[https://github.com/advthreat/iroh/pull/7506][#7506]]
- set job timeouts to 60 minutes [[https://github.com/advthreat/iroh/pull/7504][#7504]]
- Test coverage v2 [[https://github.com/advthreat/iroh/pull/7498][#7498]]
- wait for hook to be finished before testing [[https://github.com/advthreat/iroh/pull/7497][#7497]]
- Add test coverage report to the Iroh GitHub Actions workflow [[https://github.com/advthreat/iroh/pull/7453][#7453]]
- RBAC for Org Access Request [[https://github.com/advthreat/iroh/pull/7465][#7465]]
- Issue 7333 rbac invitation service [[https://github.com/advthreat/iroh/pull/7454][#7454]]
- RBAC: new XDR tests for login and oauth-clients [[https://github.com/advthreat/iroh/pull/7418][#7418]]
- Issue 7413 move steps out of setup job [[https://github.com/advthreat/iroh/pull/7414][#7414]]
**** tenzin-config [1]

- sets the ~:xdr-roles~ feature flag in INT and TEST [[https://github.com/advthreat/tenzin-config/pull/840][#840]]

*** (Yogsototh) [5]

**** xdr-provisioning [5]

- Improve help regarding setting env vars
- Improve the command line parsing
- rename script to .sh
- Add onboarding of DI and CSC
- Initial provisioning Script

*** bartuka [15]

**** iroh [13]

- [IROH Auth] introducing ~TimeService~ in ~AuthService~ [[https://github.com/advthreat/iroh/pull/7806][#7806]]
- [IROH Auth] allow only ~iroh-core.time~ in oauth2.core ns [[https://github.com/advthreat/iroh/pull/7793][#7793]]
- [IROH Auth] - Update IROH Web middleware to build short JWTs with profile data [[https://github.com/advthreat/iroh/pull/7671][#7671]]
- [IROH Auth] - update ~check-refresh-token~ function [[https://github.com/advthreat/iroh/pull/7669][#7669]]
- [IROH Auth] - Update Design docs for Short JWT Epic [[https://github.com/advthreat/iroh/pull/7670][#7670]]
- [IROH Auth] ~/profile/permissions~ endpoint  [[https://github.com/advthreat/iroh/pull/7562][#7562]]
- Patch ~compojure-api~ to allow endpoints with string-keys (without keywordize the request ~:body~) [[https://github.com/advthreat/iroh/pull/7574][#7574]]
- [IROH Auth] Include route ~/profile/scopes~ [[https://github.com/advthreat/iroh/pull/7553][#7553]]
- [IROH Auth] - Store Short JWTs [[https://github.com/advthreat/iroh/pull/7476][#7476]]

_between 3 and 4 months old_

- [IROH Auth] refactor ~gen-short-tokens~ to avoid code duplication [[https://github.com/advthreat/iroh/pull/7485][#7485]]
- Allow wildcard login origin in TEST env [[https://github.com/advthreat/iroh/pull/7474][#7474]]
- [IROH Auth] Generate Short JWT tokens [[https://github.com/advthreat/iroh/pull/7450][#7450]]
- [IROH Auth] Short JWT design [[https://github.com/advthreat/iroh/pull/7436][#7436]]
**** tenzin [1]


_between 3 and 4 months old_

- Update GPG Wanderson Ferreira [[https://github.com/advthreat/tenzin/pull/2648][#2648]]
**** tenzin-config [1]

- add postgres and redis-cache store for IROH Auth JWTs [[https://github.com/advthreat/tenzin-config/pull/839][#839]]

*** Yann Esposito [44]

**** ctia [1]

- bump snakeyaml to address CVE-2022-38751 [[https://github.com/advthreat/ctia/pull/1346][#1346]]
**** iroh [30]

- Add a missing option to disable default configs [[https://github.com/advthreat/iroh/pull/7805][#7805]]
- Add a script to init tokens without login in [[https://github.com/advthreat/iroh/pull/7794][#7794]]
- Fix schema for Response [[https://github.com/advthreat/iroh/pull/7804][#7804]]
- Add support to onboard a single app [[https://github.com/advthreat/iroh/pull/7796][#7796]]
- Add a role instrospection route to help the UI and other clients [[https://github.com/advthreat/iroh/pull/7785][#7785]]
- Fix scopes declaration for execute-workflow route [[https://github.com/advthreat/iroh/pull/7799][#7799]]
- Fix a Swagger bug due to schema name conflict [[https://github.com/advthreat/iroh/pull/7790][#7790]]
- Web api search improvements [[https://github.com/advthreat/iroh/pull/7728][#7728]]
- add profile and notification to ao-jwt [[https://github.com/advthreat/iroh/pull/7726][#7726]]
- Tk store combinator search queries (AND, OR, NOT) [[https://github.com/advthreat/iroh/pull/7691][#7691]]
- Fix a case where the body is =nil= [[https://github.com/advthreat/iroh/pull/7685][#7685]]
- Add xdr-instance-id field to the orgs [[https://github.com/advthreat/iroh/pull/7707][#7707]]
- PIAM: Provisioning onboard endpoint [[https://github.com/advthreat/iroh/pull/7659][#7659]]
- Add ff scope script [[https://github.com/advthreat/iroh/pull/7680][#7680]]
- added a script to add feature-flag scopes from command line [[https://github.com/advthreat/iroh/pull/7676][#7676]]
- prefer to use client from DB than client from config [[https://github.com/advthreat/iroh/pull/7672][#7672]]
- Align scopes to SXO behaviour [[https://github.com/advthreat/iroh/pull/7673][#7673]]
- fix lein start [[https://github.com/advthreat/iroh/pull/7663][#7663]]
- PIAM provisioning no idp-mapping for create user [[https://github.com/advthreat/iroh/pull/7655][#7655]]
- Default bootstrap & config [[https://github.com/advthreat/iroh/pull/6868][#6868]]
- Add Entitlements to Orgs [[https://github.com/advthreat/iroh/pull/7631][#7631]]
- Remove yaml to supported format for profile API [[https://github.com/advthreat/iroh/pull/7632][#7632]]
- Fix a flaky test in either_test.clj [[https://github.com/advthreat/iroh/pull/7610][#7610]]
- Role Matrix representation in the code. [[https://github.com/advthreat/iroh/pull/7583][#7583]]
- fix some wording only for admin users view [[https://github.com/advthreat/iroh/pull/7579][#7579]]
- Improve User login logs situation [[https://github.com/advthreat/iroh/pull/7555][#7555]]
- Added a composable redis.nix [[https://github.com/advthreat/iroh/pull/7535][#7535]]

_between 3 and 4 months old_

- Fix template rendering during invite confirmation [[https://github.com/advthreat/iroh/pull/7480][#7480]]
- Display virtual users in the batch get users [[https://github.com/advthreat/iroh/pull/7473][#7473]]
- Add the UI session logout into IROH-Auth [[https://github.com/advthreat/iroh/pull/7431][#7431]]
**** tenzin [2]

- use iroh.main for all nodes types [[https://github.com/advthreat/tenzin/pull/2862][#2862]]
- Update iroh.job.jinja [[https://github.com/advthreat/tenzin/pull/2861][#2861]]
**** tenzin-config [6]

- fix missing iroh-async web-services [[https://github.com/advthreat/tenzin-config/pull/884][#884]]
- align iroh and iroh-async confs [[https://github.com/advthreat/tenzin-config/pull/883][#883]]
- Add CSC onboarding URLs [[https://github.com/advthreat/tenzin-config/pull/875][#875]]
- fix provisioning service [[https://github.com/advthreat/tenzin-config/pull/863][#863]]
- PIAM config change (+ boostrap cleanup) [[https://github.com/advthreat/tenzin-config/pull/677][#677]]
- add perf.orbital.threatgrid.com to allowed login origin [[https://github.com/advthreat/tenzin-config/pull/854][#854]]
**** xdr-provisioning [5]

- Improve help regarding setting env vars
- Improve the command line parsing
- rename script to .sh
- Add onboarding of DI and CSC
- Initial provisioning Script
** iroh-ops


*** Patrick Patat [19]

**** iroh-ops [18]

- Merge pull request #69 from advthreat/riemann-asg
- Merge pull request #66 from advthreat/pg-cname
- Merge pull request #65 from advthreat/minor-fix
- Merge pull request #64 from advthreat/vector-docker
- Merge pull request #63 from advthreat/asg-refresh
- Merge pull request #61 from advthreat/auto-deploy
- Merge pull request #60 from advthreat/webex-notif
- Merge pull request #57 from advthreat/qualys
- Merge pull request #56 from advthreat/dynamodb_backup
- Merge pull request #55 from advthreat/iroh-queue
- Merge pull request #52 from advthreat/nomad-job
- Merge pull request #54 from advthreat/vault-stats
- Merge pull request #48 from advthreat/vault-pki
- Merge pull request #47 from advthreat/nomad-docker-config

_between 3 and 4 months old_

- Merge pull request #41 from advthreat/codebuild-fix
- Merge pull request #40 from advthreat/ansible-codebuild
- Merge pull request #37 from advthreat/fix-host
- Merge pull request #35 from advthreat/instances_route53
**** tenzin [1]

- allows iroh-ops dev platform to access redis [[https://github.com/advthreat/tenzin/pull/2755][#2755]]

*** Jerome Schneider [81]

**** iroh-ops [24]

- render s3 artefacts generic and create a releases bucket
- datadog: improve logging
- add vector support for os logging
- tf peering: don't peering public subnets
- Add Datadog agent on all instances and specific setup for Nomad and Consul

_between 3 and 4 months old_

- vpnator: remove cloudtrail support for the moment
- ansible: migrate jerschne on master
- iam_lambda_ec2_route53: re-add rights on EC2
- improve iam management and adapt Ansible for it
- tfw: manage correctly workspaces
- switch jerschne on ansible master
- Create a new env and manage terraform workspaces
- dev: cleaning configuration
- only one s3 bucket and dynamodb table per account for tfstates
- Ansible: add Mitogen to improve performances (issue #26)
- requirements.txt: add missing dependencies
- vim: add a vimrc example
- scripts/tfw: fixed json debugging message and exit message when it failed
- README is a markdown file
- README.md: fix path
- Migrate iroh-ops TF to Terraform Wrapper (tfw)
- Add a Terraform Wrapper (tfw) that improve Terraform var files
- ansible add a quick readme and a requirements.txt
- TF: add kafka support
**** tenzin [57]

- Upgrade TF AWS provider
- iroh-async: resize ASG and add downscaling support
- iroh: add iroh signer certificates
- ASG: Drain Nomad nodes before terminating instances
- PROD AP: allows iroh-queue-monitor to put metric in Cloudwatch
- PROD EU: allows iroh-queue-monitor to put metric in Cloudwatch
- PROD US: allows iroh-queue-monitor to put metric in Cloudwatch
- STAGE: allows iroh-queue-monitor to put metric in Cloudwatch
- TEST: allows iroh-queue-monitor to put metric in Cloudwatch
- INT: allows iroh-queue-monitor to put metric in Cloudwatch
- Terraform: configure vault provider
- iroh-async: resize instances and memory usage
- PROD EU: Conure add IAM policy
- PROD APJC: Conure add IAM policy
- PROD NAM: Conure add IAM policy
- STAGE: add Conure support
- TEST: add new Conure IAM role
- INT: add new Conure IAM role
- iroh allows iroh-internal.*.iroh.site domains
- add private-ctia-update-index-state on TEST,STAGE and PROD
- STAGE: add iroh-internal support
- PROD US: add iroh-internal support
- PROD EU: add iroh-internal support
- PROD APJC: add iroh-internal support
- TEST: add iroh-internal support
- INT: add iroh-internal support
- RDS PostgreSQL: force SSL connections by default
- add private-ctia-update-index-state job to update ES index mapping
- Iroh Async use custom metrics to scale
- remove iroh-tooling
- iroh-admin INT: revert breaking instance change
- Caddy private: allow es-metrics for iroh-ops
- allows iroh-ops dev platform to access to private caddy
- PostgreSQL Conure change instances for PROD and TEST
- add Conure RDS PostgreSQL on PROD and TEST
- PROD EU: destroy iroh-investigate and iroh-incident
- PROD APJC: destroy iroh-incident and iroh-investigate
- PROD NAM: remove iroh-incident and iroh-investigate
- TEST: destroy iroh-incident and iroh-investigate
- improve
- iroh-async: add downscaling!
- INT/TEST: fixed iroh-admin conf to allow iroh-queue-monitor
- INT: new RDS PostgreSQL for Conure
- INT: remove iroh-incident and iroh-investigate

_between 3 and 4 months old_

- Nomad jobs: fix MaxParallel when auto scaling is enabled!
- iroh job: change the grace period from 120s to 180s
- iroh-queue-monitor: migrate it on full https and allow access from private rp
- elasticache: change creation timeout
- add dedicated Elasticache Redis for iroh-async
- PROD APJC: add iroh-async support
- PROD EU: add iroh-async support
- PROD US: add iroh-async support
- TEST: add iroh-async support
- add a new iroh-async to replace iroh-investigate and iroh-incident
- iroh-admin nomad job: extend grace delay and add one more status check
- prod US: this PR allows tier3 engineers to manage SES suppression list
- allow iroh-tooling to access to RDS PostgreSQL
* Other
** Other


*** krishna Ganugapenta [32]

**** tenzin [31]

- Mia Lehrer(milhrer) gpg key updated [[https://github.com/advthreat/tenzin/pull/2725][#2725]]
- Securex-news decommission from tenzin [[https://github.com/advthreat/tenzin/pull/2876][#2876]]
- ASG size bumped to negate excessive CPU useage [[https://github.com/advthreat/tenzin/pull/2869][#2869]]
- updated SG rules count for iroh-front-end [[https://github.com/advthreat/tenzin/pull/2866][#2866]]
- IAM policy to access cloudtrail logs s3 bucket [[https://github.com/advthreat/tenzin/pull/2840][#2840]]
- Fixing asea modules not in sync with AWS infra [[https://github.com/advthreat/tenzin/pull/2828][#2828]]
- logstash-cloudtrail versions updated in jobs.sls [[https://github.com/advthreat/tenzin/pull/2812][#2812]]
- IROH_ASYNC asg capacity increase [[https://github.com/advthreat/tenzin/pull/2813][#2813]]
- Logstash-cloudtrail filter settings have modified [[https://github.com/advthreat/tenzin/pull/2808][#2808]]
- Asea services tf modules removed from TEST to sync with AWS infra [[https://github.com/advthreat/tenzin/pull/2800][#2800]]
- tenzin-config files updated to intelligence app [[https://github.com/advthreat/tenzin/pull/2779][#2779]]
- Fixing logstash config file permission issue [[https://github.com/advthreat/tenzin/pull/2765][#2765]]
- Added read and write permission to logstash.yml [[https://github.com/advthreat/tenzin/pull/2763][#2763]]
- prestart task added to prevent permissions error [[https://github.com/advthreat/tenzin/pull/2762][#2762]]
- Added a new set variable for logstash-cloudtrail [[https://github.com/advthreat/tenzin/pull/2760][#2760]]
- Fixing logstash-cloudtrail nomad job config temp [[https://github.com/advthreat/tenzin/pull/2759][#2759]]
- Added a missing template for logstash-cloudtrail [[https://github.com/advthreat/tenzin/pull/2757][#2757]]
- Logstash-cloudtrail job to collect logs [[https://github.com/advthreat/tenzin/pull/2756][#2756]]
- XDR decommission from nomad cluster [[https://github.com/advthreat/tenzin/pull/2684][#2684]]
- SQS queue url fixed for logstash-cloudtrail nomad job [[https://github.com/advthreat/tenzin/pull/2710][#2710]]
- SQS queue url has got updated to logstash-cloudtrail job [[https://github.com/advthreat/tenzin/pull/2709][#2709]]
- filebeat and beats configuration updated [[https://github.com/advthreat/tenzin/pull/2707][#2707]]

_between 3 and 4 months old_

- Removal of accesskey/secret key from logstash-cloudtrail job [[https://github.com/advthreat/tenzin/pull/2702][#2702]]
- Added vault policy to oss nodes to fix logstash-cloudtrail nomad job issue [[https://github.com/advthreat/tenzin/pull/2700][#2700]]
- Caddy port lable fix for logstash-cloudtrail job [[https://github.com/advthreat/tenzin/pull/2698][#2698]]
- Logstash job to retrieve cloudtrail logs from S3 [[https://github.com/advthreat/tenzin/pull/2696][#2696]]
- Enabled securex-ui-incidents for PROD [[https://github.com/advthreat/tenzin/pull/2650][#2650]]
- XDR shell app PROD config added [[https://github.com/advthreat/tenzin/pull/2624][#2624]]
- Conure DB access policy updated [[https://github.com/advthreat/tenzin/pull/2627][#2627]]
- xdr-apps configuration removed form caddy public [[https://github.com/advthreat/tenzin/pull/2649][#2649]]
- Caddy Path based routing changes reverted [[https://github.com/advthreat/tenzin/pull/2623][#2623]]
**** tenzin-config [1]

- Securex-news removal from tenzin and tenzin-config [[https://github.com/advthreat/tenzin-config/pull/869][#869]]

*** Tancredi Orlando [1]

**** easy-purescript-nix [1]

- purs-tidy: 0.9.0 -> 0.9.2

*** milehrer [15]

**** iroh-engine [15]

- move forward if no new targets or asset
- prepare for 0.15.4
- decouple first asset check from asset enrichment
- change ->instant to parse
- write asset-enrich pipeline v1
- Prepare for v0.14.6
- update iroh service-wrapper to expect resolve-latest
- add resolve-latest-assets iroh protocol and endpoint

_between 3 and 4 months old_

- prepare for v0.14.5
- the less we talk about this, the better
- prepare for version 0.14.4
- make data in enrichment bundles align with real life
- prepare for 0.14.3
- remove deprecated trojansource step from github workflow
- remove transient id generation from assets as DI now does it instead

*** Joel Holdbrooks [2]

**** iroh-engine [2]

- Merge pull request #1373 from advthreat/noprompt-patch-1
- Update unit_test.yml

*** Michael Whitley [3]

**** response [3]

- Update access-request.md
- Update access-request.md
- Update access-request.md

*** Sofiia Mykytiuk [43]

**** tenzin [43]

- Update VPNator in TEST, STAGE and PROD [[https://github.com/advthreat/tenzin/pull/2932][#2932]]
- Update STAGE docs S3 bucket [[https://github.com/advthreat/tenzin/pull/2938][#2938]]
- Update VPNator lambda functions in INT [[https://github.com/advthreat/tenzin/pull/2929][#2929]]
- Update min capacity for ASG in backup regions [[https://github.com/advthreat/tenzin/pull/2917][#2917]]
- Update readme in terraform folders for backup regions [[https://github.com/advthreat/tenzin/pull/2896][#2896]]
- Saltstack changes for backup regions [[https://github.com/advthreat/tenzin/pull/2822][#2822]]
- ROAdmin role for STAGE and PROD [[https://github.com/advthreat/tenzin/pull/2909][#2909]]
- Update saml in terraform to sync with AWS STAGE and PROD accounts [[https://github.com/advthreat/tenzin/pull/2910][#2910]]
- ROAdmin role for INT [[https://github.com/advthreat/tenzin/pull/2903][#2903]]
- Add nodes to ES-metrics cluster in EU [[https://github.com/advthreat/tenzin/pull/2905][#2905]]
- Remove Data VPNator from PROD [[https://github.com/advthreat/tenzin/pull/2868][#2868]]
- Terraform changes for backup regions [[https://github.com/advthreat/tenzin/pull/2882][#2882]]
- Remove modules needed for S3 batch operations [[https://github.com/advthreat/tenzin/pull/2884][#2884]]
- Disable replication for es-metrics [[https://github.com/advthreat/tenzin/pull/2850][#2850]]
- Update infrastructure diagram with second VPN [[https://github.com/advthreat/tenzin/pull/2871][#2871]]
- Remove data-vpnator from INT [[https://github.com/advthreat/tenzin/pull/2855][#2855]]
- PKI update for backup regions [[https://github.com/advthreat/tenzin/pull/2842][#2842]]
- Update vpnator script for new OPS setup [[https://github.com/advthreat/tenzin/pull/2817][#2817]]
- Fix module deletition [[https://github.com/advthreat/tenzin/pull/2825][#2825]]
- Remove cleaner lambda setup from INT, TEST [[https://github.com/advthreat/tenzin/pull/2823][#2823]]
- Module to setup new vpnator for OPS VPN in INT [[https://github.com/advthreat/tenzin/pull/2816][#2816]]
- Modules to setup VPNator for OPS VPN in PROD [[https://github.com/advthreat/tenzin/pull/2814][#2814]]
- BCP: Update readme with bastion info [[https://github.com/advthreat/tenzin/pull/2456][#2456]]
- Terraform modules update for TEST backup region [[https://github.com/advthreat/tenzin/pull/2796][#2796]]
- New PROD VPNator setup for non-ops VPN setup [[https://github.com/advthreat/tenzin/pull/2748][#2748]]
- Remove not needed permissions for kms-ssm in STAGE [[https://github.com/advthreat/tenzin/pull/2733][#2733]]
- Changing KMS key in Vault unseal config in STAGE [[https://github.com/advthreat/tenzin/pull/2732][#2732]]
- Adding permissions to kms-vault key [[https://github.com/advthreat/tenzin/pull/2712][#2712]]
- Remove permissions for kms-ssm from hashistack policy INT and TEST [[https://github.com/advthreat/tenzin/pull/2719][#2719]]
- Terraform modules update for TEST backup region [[https://github.com/advthreat/tenzin/pull/2724][#2724]]
- Changing unseal configuration for Vault in INT [[https://github.com/advthreat/tenzin/pull/2718][#2718]]
- Permissions for kms-vault key in INT and STAGE [[https://github.com/advthreat/tenzin/pull/2706][#2706]]
- KMS vault key material for INT and STAGE [[https://github.com/advthreat/tenzin/pull/2705][#2705]]
- New kms-vault key material [[https://github.com/advthreat/tenzin/pull/2711][#2711]]

_between 3 and 4 months old_

- Permissions for new kms-vault key in TEST backup region [[https://github.com/advthreat/tenzin/pull/2695][#2695]]
- Fix permissions for kms-vault key [[https://github.com/advthreat/tenzin/pull/2692][#2692]]
- Changing kms key in autounseal Vault config for TEST [[https://github.com/advthreat/tenzin/pull/2680][#2680]]
- Update README.md [[https://github.com/advthreat/tenzin/pull/2686][#2686]]
- Update salt to read datadog api key from SSM [[https://github.com/advthreat/tenzin/pull/2679][#2679]]
- Adding permissions for new kms-vault key for hashistack nodes in TEST env [[https://github.com/advthreat/tenzin/pull/2670][#2670]]
- Adding permissions for datadog ssm parameter [[https://github.com/advthreat/tenzin/pull/2663][#2663]]
- Comment not needed references [[https://github.com/advthreat/tenzin/pull/2656][#2656]]
- KMS Vault key [[https://github.com/advthreat/tenzin/pull/2668][#2668]]

*** Will Lorand [1]

**** iroh [1]

- Update summary.org [[https://github.com/advthreat/iroh/pull/7603][#7603]]

*** Dmytro Budko [5]

**** tenzin [5]

- SXOPS-630 Invalidate a CloudFront cache for INT/TEST after push changes [[https://github.com/advthreat/tenzin/pull/2897][#2897]]
- SXOPS-191 Terraform: Bring INT and Test into sync with AWS (DOCS INT/TEST) [[https://github.com/advthreat/tenzin/pull/2889][#2889]]
- SXOPS-616 DataDog agent not able to collect metrics (SLM) from ES [[https://github.com/advthreat/tenzin/pull/2878][#2878]]
- SXOPS-539 EC2 Keypair rotation for INT and TEST [[https://github.com/advthreat/tenzin/pull/2787][#2787]]
- SXOPS-539 Offboard Vadym Kiz [[https://github.com/advthreat/tenzin/pull/2784][#2784]]

*** Cisco Boz [1]

**** tenzin [1]

- Replace Threat Response -> XDR for 502 pages on caddy-* public & private [[https://github.com/advthreat/tenzin/pull/2934][#2934]]

*** Patrick Patat [72]

**** iroh-ops [71]

- install and config riemann on asg
- add riemann & reimann_telemetry servers
- add vault token for ansible
- add rds pg cname and bump tf min version to 1.4
- install vector after all (due to app log deps)
- add vector config for docker with nomad
- add auto instance refresh
- disable notready service add the end of ansible run
- remove unattended-upgrades pkg and ignore qualys server
- setup a lambda that run ansible nomad-jobs when a new app version is pushed to s3
- override nomad jobs version with versions.json from s3 bucket artefacts (needed for auto deployement)
- add codebuild fail notification via webex
- simplify sg rule and rename a boolean var
- add doc for qualys setup
- add qualys instances and extends customasation of instances, asg & sgs
- create an aws backup vault and plan for dynamodb backup
- create redis-async.iroh.dev.sh cname to tenzin's redis
- add add iroh-queue-monitor, add http check for nomad jobs
- config vault telemetry to send data to datadog
- add role nomad-jobs with exemple job iroh & hello, add related caddy config for private rp
- add python-nomad to manage job, add dogstatsd as volume & add metadata from docker
- add iroh-ro vault policy
- add vault ca to ssm, put vault ca on caddy vm & update nomad config for vault and docker
- create custom modules for vault and aws private acm & configure vault internal pki
- allow vault servers to query aws private acm
- add docker registry and app_server role for docker registry use
- move docker repo conf to linux base & update nomad config
- add .yml to group_vars files

_between 3 and 4 months old_

- create one codebuild job per env
- change codebuild default env var to '' and fix missing env var in user_data
- create codebuild ansible-run and replace user_data local ansible with codebuild trigger
- push new admin key in user admin authorized keys
- fix hostname config
- add lambda to create/delete ec2 dns record on start and terminate
- centralize apt config & set hostname and prompt
- configure vault server & add caddy vault config
- refactor route53 lb cnames creation
- upgrade vault instances config
- split iam in mutliple file and add iam for vault instances
- add dynamodb for vault
- add CODEOWNERS file
- remove openvpn push dns (useless with iroh.sh)
- upgrade tf and ansible for caddy https with letsencrypt
- upgrade dns config with iroh.sh & iroh.services
- secure all comunications between consul nomad and rps
- do not redeploy instances on ami upgrade
- refactor pki
- fix: encode in base64 ssm parameters
- Revert "temporaly disable encrypt communication for nomad and consul"
- pki for internal certs
- use ansible-pull in user_data to config vm at first boot
- use t4.small instead of t4.nano
- add linux users config
- fix: add hashicorp apt in vaul role
- upgrade for private rp
- add role and playbook for caddy private rp
- move hashicorp's apt config to role nomad & consul (do need it on all vms)
- add bastion and openvpn role, playbook and group_vars
- temporaly disable encrypt communication for nomad and consul
- replace _ with - in node name (need to be dns compatible)
- add python3-boto3 to linux_base_pkgs
- temporary allow everything from vpn
- disable source_dest_check for vpn and add bastion dns name
- upgrade for vpn server
- ansible typos and code style
- refactoring asgs & security groups
- refactor terraform asgs
- use boolean value instead of strings, add tags in tasks and other minor fixes
- improve ansible.cfg, remove debug, fix unbound config
- add load_balancer, app_server private_rp, remove caps from ressource names
- ansible bootstrap
**** tenzin [1]

- allows iroh-ops dev platform to access rds

*** Yurii Ivanisenko [12]

**** tenzin [11]

- Add muhammad imran (muhammim) gpg key [[https://github.com/advthreat/tenzin/pull/2899][#2899]]
- Give Muhammad Imran (muhammim) SSH access [[https://github.com/advthreat/tenzin/pull/2898][#2898]]
- removed walkme-ci tf module files and vpn users [[https://github.com/advthreat/tenzin/pull/2841][#2841]]
- removed all saltstack entries with user vilakkak [[https://github.com/advthreat/tenzin/pull/2818][#2818]]
- removed TF module CloudWatch-lambda-sca-whitelist-testing [[https://github.com/advthreat/tenzin/pull/2804][#2804]]
- added diagrams for CTR_AWS and TAC-portal [[https://github.com/advthreat/tenzin/pull/2717][#2717]]
- align with INT lambda settings for Thousendeyes WL and TEST R53 recor… [[https://github.com/advthreat/tenzin/pull/2715][#2715]]

_between 3 and 4 months old_

- fix CSP directives for visibility.amp in APJC and EU regions [[https://github.com/advthreat/tenzin/pull/2689][#2689]]
- fixed tab instead of spaces in caddy.yaml NAM [[https://github.com/advthreat/tenzin/pull/2681][#2681]]
- Caddy public job - added templates for TAC certificates [[https://github.com/advthreat/tenzin/pull/2674][#2674]]
- Added configs for TAC portal prod [[https://github.com/advthreat/tenzin/pull/2666][#2666]]
**** tenzin-config [1]


_between 3 and 4 months old_

- Added config.json for Tactical-portal in PROD regions [[https://github.com/advthreat/tenzin-config/pull/817][#817]]

*** Robert Levy [5]

**** iroh [5]

- fix dev-resources config to use the correct key signer-ops instead of signer [[https://github.com/advthreat/iroh/pull/7778][#7778]]
- Add registered trademark to MITRE tile title [[https://github.com/advthreat/iroh/pull/7775][#7775]]
- Incidents' Detection Sources Tile [[https://github.com/advthreat/iroh/pull/7725][#7725]]
- top-targeted assets tile for control center (ctia investigate module) [[https://github.com/advthreat/iroh/pull/7689][#7689]]
- MITRE Attack incidents tile [[https://github.com/advthreat/iroh/pull/7523][#7523]]

*** Mia [36]

**** iroh [22]

- Update risk score docs to include overview of enrich-targets process [[https://github.com/advthreat/iroh/pull/7773][#7773]]
- log asset retrieval failure [[https://github.com/advthreat/iroh/pull/7743][#7743]]
- Separate risk score engine calls [[https://github.com/advthreat/iroh/pull/7742][#7742]]
- log bundle [[https://github.com/advthreat/iroh/pull/7737][#7737]]
- Flag observe targets [[https://github.com/advthreat/iroh/pull/7697][#7697]]
- remove verbose logs from risk score calculation [[https://github.com/advthreat/iroh/pull/7618][#7618]]
- FIXME temp log bundle-import-payload [[https://github.com/advthreat/iroh/pull/7609][#7609]]
- handle explicit nil cases for asset value [[https://github.com/advthreat/iroh/pull/7604][#7604]]
- Correct describe assets [[https://github.com/advthreat/iroh/pull/7600][#7600]]
- adjust logging [[https://github.com/advthreat/iroh/pull/7596][#7596]]
- Resolve latest asset log params [[https://github.com/advthreat/iroh/pull/7594][#7594]]
- add asset:read scope to token used for engine-service [[https://github.com/advthreat/iroh/pull/7571][#7571]]
- Iroh engine latest assets [[https://github.com/advthreat/iroh/pull/7554][#7554]]
- Update bundle import [[https://github.com/advthreat/iroh/pull/7542][#7542]]
- Fix risk score bundle import [[https://github.com/advthreat/iroh/pull/7534][#7534]]
- fix a typo in engine config introduce default consistent with engine [[https://github.com/advthreat/iroh/pull/7525][#7525]]
- Fix risk score auth [[https://github.com/advthreat/iroh/pull/7517][#7517]]
- Fix risk score auth [[https://github.com/advthreat/iroh/pull/7516][#7516]]
- Fix risk score auth with tests this time [[https://github.com/advthreat/iroh/pull/7515][#7515]]
- add auth token to bundle export header in risk score [[https://github.com/advthreat/iroh/pull/7514][#7514]]

_between 3 and 4 months old_

- implement final risk score [[https://github.com/advthreat/iroh/pull/7486][#7486]]
- 7342 preliminary risk score [[https://github.com/advthreat/iroh/pull/7460][#7460]]
**** iroh-engine [13]

- Merge pull request #1385 from advthreat/v0.15.4-rc
- Merge pull request #1384 from advthreat/separate-add-assets-and-enrich-targets
- Merge pull request #1371 from advthreat/testy-tests
- Merge pull request #1367 from advthreat/v0.14.6-rc
- Merge pull request #1366 from advthreat/add-resolve-latest-assets

_between 3 and 4 months old_

- Merge pull request #1365 from advthreat/v0.14.5-rc
- Merge pull request #1364 from advthreat/change-test-again
- Merge branch 'main' into change-test-again
- Merge pull request #1363 from advthreat/v0.14.4-rc
- Merge pull request #1362 from advthreat/calculate-preliminary-risk-score
- Merge pull request #1360 from advthreat/v0.14.3-rc
- Merge pull request #1359 from advthreat/remove-trojansource
- Merge pull request #1358 from advthreat/remove-transient-ids
**** tenzin-config [1]


_between 3 and 4 months old_

- flip feature flag in INT for score-based incident enrichment [[https://github.com/advthreat/tenzin-config/pull/833][#833]]

*** Devin Walters [5]

**** iroh-engine [5]

- Prepare 0.15.2
- Coerce to instant after reading as ZDT
- Assert sightings
- Let up
- Use investigable-observables, promises delivered, add verdict

*** Vadym Kiz [3]

**** tenzin [3]

- SXOPS-361 GitHub self-hosted runners for SecureX UI monorepo [[https://github.com/advthreat/tenzin/pull/2635][#2635]]
- Datadog: enable slm_stats [[https://github.com/advthreat/tenzin/pull/2778][#2778]]
- SSH access - jbusboom [[https://github.com/advthreat/tenzin/pull/2738][#2738]]

*** Ag Ibragimov [8]

**** iroh [4]

- Unassigned Incidents Tile should show relative time [[https://github.com/advthreat/iroh/pull/7824][#7824]]
- Control center: Navigate to Incidents page from tile [[https://github.com/advthreat/iroh/pull/7760][#7760]]
- Control Center -- Detection Sources Tile: Fixes query parenthesizing [[https://github.com/advthreat/iroh/pull/7759][#7759]]
- API work for unassigned incidents  [[https://github.com/advthreat/iroh/pull/7682][#7682]]
**** tenzin-config [4]

- adds :xdr-site-url [[https://github.com/advthreat/tenzin-config/pull/885][#885]]
- adds detection sources config for PROD [[https://github.com/advthreat/tenzin-config/pull/881][#881]]
- additional client_id for incident sources [[https://github.com/advthreat/tenzin-config/pull/877][#877]]
- adds incident sources: test, int [[https://github.com/advthreat/tenzin-config/pull/873][#873]]

*** Justin Woo [2]

**** easy-purescript-nix [2]

- Merge pull request #219 from turlando/purs-tidy-0.9.2
- Merge pull request #218 from paluh/master

*** dependabot[bot] [0]


*** Sam Waggoner [4]

**** ctia [1]


_between 3 and 4 months old_

- threatgrid/ctim/#381 Migrate actor 1.2.0 [[https://github.com/advthreat/ctia/pull/1323][#1323]]
**** tenzin-config [3]

- Add hydrant es-metrics configs for events.
- Fix hydrant-talos-ta-blog misnamed http-options.
- advthreat/hydrant#721 update talos blog http-options.

*** II [9]

**** iroh [7]

- Issue 7455 - Minor cleanup from XDR tiles merge [[https://github.com/advthreat/iroh/pull/7695][#7695]]
- 6963 implements one-click module wrapper endpoint [[https://github.com/advthreat/iroh/pull/7315][#7315]]
- Issue 7647 AMP observe targets [[https://github.com/advthreat/iroh/pull/7661][#7661]]
- Issue 7647 - IObserveTargetModule protocol [[https://github.com/advthreat/iroh/pull/7651][#7651]]
- Ao shortcut use unique names [[https://github.com/advthreat/iroh/pull/7627][#7627]]
- Ao docs formatting fixes [[https://github.com/advthreat/iroh/pull/7625][#7625]]
- Issue 7550 ao workflow exec shortcut [[https://github.com/advthreat/iroh/pull/7617][#7617]]
**** tenzin-config [2]

- Adds one-click service to bootstrap.cfg files [[https://github.com/advthreat/tenzin-config/pull/862][#862]]

_between 3 and 4 months old_

- Tac portal PROD login origins [[https://github.com/advthreat/tenzin-config/pull/821][#821]]

*** Eric Gierach [10]

**** iroh [3]

- Fix attack graph simplification [[https://github.com/advthreat/iroh/pull/7747][#7747]]
- latest simplification logic (edges not considered) [[https://github.com/advthreat/iroh/pull/7662][#7662]]
- update notable events to match what the Engine client is producing for CTR [[https://github.com/advthreat/iroh/pull/7614][#7614]]
**** iroh-engine [7]

- Merge pull request #1387 from advthreat/v0.15.5-rc
- Prepare for 0.15.5 release.
- Merge pull request #1386 from advthreat/enrich-all-targets
- Fix typo in log
- Merge pull request #1370 from advthreat/dependabot/npm_and_yarn/webpack-5.76.0
- Merge branch 'main' into dependabot/npm_and_yarn/webpack-5.76.0
- Merge pull request #1368 from advthreat/dependabot/npm_and_yarn/xmldom/xmldom-and-mountebank-0.8.4

*** Adam Sayer [26]

**** tenzin [25]

- webexbox fix on saltmaster [[https://github.com/advthreat/tenzin/pull/2937][#2937]]
- increase ES storage iops/throughput [[https://github.com/advthreat/tenzin/pull/2927][#2927]]
- Vercel CICD accept 409 and watch http state
- Add Vercel CI/CD to Saltmaster [[https://github.com/advthreat/tenzin/pull/2920][#2920]]
- Update hydrant container version [[https://github.com/advthreat/tenzin/pull/2891][#2891]]
- snort filename fix [[https://github.com/advthreat/tenzin/pull/2890][#2890]]
- Update hydrant container to 1.36 in INT [[https://github.com/advthreat/tenzin/pull/2888][#2888]]
- remove jq verify usage [[https://github.com/advthreat/tenzin/pull/2885][#2885]]
- Fix - Extract Talos Snort Rule files for Importer [[https://github.com/advthreat/tenzin/pull/2880][#2880]]
- github runner salt and terraform [[https://github.com/advthreat/tenzin/pull/2875][#2875]]
- update securex-ui in INT for latest NVM profiles [[https://github.com/advthreat/tenzin/pull/2873][#2873]]
- Route53 Module refactor [[https://github.com/advthreat/tenzin/pull/2851][#2851]]
- Revert "SXOPS-361 GitHub self-hosted runners for SecureX UI monorepo (#2635)" [[https://github.com/advthreat/tenzin/pull/2859][#2859]]
- github-runner ASG [[https://github.com/advthreat/tenzin/pull/2852][#2852]]
- Update r53 module to allow geolocation [[https://github.com/advthreat/tenzin/pull/2844][#2844]]
- Cloud9 ami APJC EU [[https://github.com/advthreat/tenzin/pull/2803][#2803]]
- Cloud9 AMI to NAM [[https://github.com/advthreat/tenzin/pull/2792][#2792]]
- Bash to replace ES instances [[https://github.com/advthreat/tenzin/pull/2777][#2777]]
- Upgrade 6th gen ec2 and cloud9 AMI for TEST [[https://github.com/advthreat/tenzin/pull/2775][#2775]]
- Int cloud9 ami refresh [[https://github.com/advthreat/tenzin/pull/2768][#2768]]
- Allow instance refresh on ASG module [[https://github.com/advthreat/tenzin/pull/2766][#2766]]
- VPC peer TEST-STAGE for qa-macos instance [[https://github.com/advthreat/tenzin/pull/2734][#2734]]
- Stage salt [[https://github.com/advthreat/tenzin/pull/2716][#2716]]

_between 3 and 4 months old_

- Allow ingress from IROH to ES private storage [[https://github.com/advthreat/tenzin/pull/2652][#2652]]
- Allow ingress from IROH to es private storage INT [[https://github.com/advthreat/tenzin/pull/2630][#2630]]
**** tenzin-config [1]

- Stage env configs [[https://github.com/advthreat/tenzin-config/pull/785][#785]]

*** Tomasz Rybarczyk [1]

**** easy-purescript-nix [1]

- purs: 0.15.7 -> 0.15.8

*** Chris Duane [2]

**** response [2]

- Update access-request.md
- Create security-event.md

***  [9]

**** iroh [7]

- Issue 7455 - Minor cleanup from XDR tiles merge [[https://github.com/advthreat/iroh/pull/7695][#7695]]
- 6963 implements one-click module wrapper endpoint [[https://github.com/advthreat/iroh/pull/7315][#7315]]
- Issue 7647 AMP observe targets [[https://github.com/advthreat/iroh/pull/7661][#7661]]
- Issue 7647 - IObserveTargetModule protocol [[https://github.com/advthreat/iroh/pull/7651][#7651]]
- Ao shortcut use unique names [[https://github.com/advthreat/iroh/pull/7627][#7627]]
- Ao docs formatting fixes [[https://github.com/advthreat/iroh/pull/7625][#7625]]
- Issue 7550 ao workflow exec shortcut [[https://github.com/advthreat/iroh/pull/7617][#7617]]
**** tenzin-config [2]

- Adds one-click service to bootstrap.cfg files [[https://github.com/advthreat/tenzin-config/pull/862][#862]]

_between 3 and 4 months old_

- Tac portal PROD login origins [[https://github.com/advthreat/tenzin-config/pull/821][#821]]

*** John Jardine [30]

**** tenzin [30]

- Update SW versions, sort changes to the top [[https://github.com/advthreat/tenzin/pull/2864][#2864]]
- Add instances to handle new 3rd party integrations [[https://github.com/advthreat/tenzin/pull/2870][#2870]]
- Add capacity in OSS to support logstash-cloudtrail [[https://github.com/advthreat/tenzin/pull/2865][#2865]]
- Terraform edits to deconflict some values and make more generic [[https://github.com/advthreat/tenzin/pull/2853][#2853]]
- Create S3 Bucket, user, group, policy [[https://github.com/advthreat/tenzin/pull/2839][#2839]]
- Update integrations-crowdstrike to 1.0.2 in all regions [[https://github.com/advthreat/tenzin/pull/2833][#2833]]
- Move all Hydrant jobs to v1.35 (adds coas support) [[https://github.com/advthreat/tenzin/pull/2826][#2826]]
- Bash defaults: Remove TMOUT, assign set -o vi & dir [[https://github.com/advthreat/tenzin/pull/2829][#2829]]
- Check single certificate [[https://github.com/advthreat/tenzin/pull/2830][#2830]]
- Align hydrant jobs on 4 minute multiples. [[https://github.com/advthreat/tenzin/pull/2821][#2821]]
- Updated ssh keypairs for EU NAM and APJC [[https://github.com/advthreat/tenzin/pull/2791][#2791]]
- SXOPS-529: SSH Default configuration changes [[https://github.com/advthreat/tenzin/pull/2774][#2774]]
- Check if integrations-healthcheck is working. [[https://github.com/advthreat/tenzin/pull/2772][#2772]]
- Update sumram.gpg
- Make script outputs comparable by using same sort order [[https://github.com/advthreat/tenzin/pull/2761][#2761]]
- SXOPS-435: Add hydrant-talos-coas fixes for other regions [[https://github.com/advthreat/tenzin/pull/2751][#2751]]
- Quote cron entry to prevent YAML interpolation [[https://github.com/advthreat/tenzin/pull/2750][#2750]]
- Default Jason Busboom to absent to prevent global access [[https://github.com/advthreat/tenzin/pull/2743][#2743]]
- Updated rev-proxy for securex-ui-automate.test.iroh.site [[https://github.com/advthreat/tenzin/pull/2744][#2744]]
- Added gpg key for Atul Anand
- SXOPS-491 Add securex ui automate support for TEST [[https://github.com/advthreat/tenzin/pull/2729][#2729]]
- Need to add securex-ui-automate.int.iroh.site to ACME [[https://github.com/advthreat/tenzin/pull/2723][#2723]]
- SXOPS-491 Add securex ui automate support [[https://github.com/advthreat/tenzin/pull/2722][#2722]]

_between 3 and 4 months old_

- Fix comment, fix error file content check [[https://github.com/advthreat/tenzin/pull/2683][#2683]]
- Backport v1.112 fixes to master [[https://github.com/advthreat/tenzin/pull/2682][#2682]]
- Initial commit [[https://github.com/advthreat/tenzin/pull/2671][#2671]]
- Add error handling to cert check [[https://github.com/advthreat/tenzin/pull/2651][#2651]]
- Initial Vercel Postman API [[https://github.com/advthreat/tenzin/pull/2633][#2633]]
- INT: Merge Consul overrides into jobs.sls [[https://github.com/advthreat/tenzin/pull/2646][#2646]]
- SXOPS-412: Trend Micro XDR Integration Relay INT and TEST [[https://github.com/advthreat/tenzin/pull/2617][#2617]]

*** Michael Pendergrass [4]

**** iroh [4]

- Engine 0.15.5 [[https://github.com/advthreat/iroh/pull/7768][#7768]]
- add more attribute relation types [[https://github.com/advthreat/iroh/pull/7660][#7660]]
- More graph changes [[https://github.com/advthreat/iroh/pull/7643][#7643]]
- add graph output to incident summary [[https://github.com/advthreat/iroh/pull/7549][#7549]]

*** Scott McLeod [4]

**** iroh [4]

- Improve performance of IncidentReportService [[https://github.com/advthreat/iroh/pull/7745][#7745]]
- Add filters to Incident Report [[https://github.com/advthreat/iroh/pull/7727][#7727]]
- Add test to verify paging [[https://github.com/advthreat/iroh/pull/7564][#7564]]
- Use search_after paging for incident report (#7461) [[https://github.com/advthreat/iroh/pull/7539][#7539]]

*** Matthieu Sprunck [3]

**** ctia [3]

- Bump CTIM to 1.3.7 [[https://github.com/advthreat/ctia/pull/1357][#1357]]
- Bump to CTIM 1.3.5 [[https://github.com/advthreat/ctia/pull/1349][#1349]]
- Bump to CTIM 1.3.4 [[https://github.com/advthreat/ctia/pull/1345][#1345]]

*** Jerome Schneider [10]

**** iroh-ops [9]

- Merge pull request #68 from advthreat/split-releases-artefacts
- Merge pull request #51 from advthreat/logging-vector
- Merge pull request #46 from advthreat/datadog

_between 3 and 4 months old_

- Merge pull request #42 from advthreat/vpnator-rm-cloudtrail
- Merge pull request #36 from advthreat/stricter-iam
- Merge pull request #34 from advthreat/fix-tfw
- Merge pull request #16 from advthreat/tfw-fixes
- Merge pull request #13 from advthreat/tf-wrapper
- Merge pull request #12 from advthreat/ansible
**** tenzin [1]


_between 3 and 4 months old_

- iroh(-async): improve memory management to avoid memory cgroup oom [[https://github.com/advthreat/tenzin/pull/2693][#2693]]

*** t2sw [1]

**** iroh [1]

- modify get-tiles and get-tiles-data endpoints for xdr query parameter [[https://github.com/advthreat/iroh/pull/7757][#7757]]

*** bswanson [81]

**** iroh [10]

- Engine version bump. [[https://github.com/advthreat/iroh/pull/7730][#7730]]
- Asset correlation [[https://github.com/advthreat/iroh/pull/7708][#7708]]
- READY FOR REVIEW: observe-targets to iroh engine. [[https://github.com/advthreat/iroh/pull/7683][#7683]]
- Fix empty source breaking schema. [[https://github.com/advthreat/iroh/pull/7687][#7687]]
- BUG FIX: events were pulled from wrong key. [[https://github.com/advthreat/iroh/pull/7678][#7678]]
- Add Assets to Summary and Events incident endpoints [[https://github.com/advthreat/iroh/pull/7666][#7666]]

_between 3 and 4 months old_

- Add Eric and Mia to codeowners. [[https://github.com/advthreat/iroh/pull/7501][#7501]]
- Add extra fields to summary events [[https://github.com/advthreat/iroh/pull/7482][#7482]]
- Add optional keys owner and groups to :incident-id/events schema. [[https://github.com/advthreat/iroh/pull/7449][#7449]]
- Allow port key in the private-intel service context [[https://github.com/advthreat/iroh/pull/7435][#7435]]
**** iroh-engine [68]

- Merge pull request #1383 from advthreat/v0.15.3-rc
- Update changelog.
- Prepare for 0.15.3 release
- Merge pull request #1381 from advthreat/proper-no-op
- Merge branch 'main' into proper-no-op
- Merge pull request #1382 from advthreat/codeowners
- Add folks to codeowners, remove our previous humans.
- Update release to remove unused project.clj
- Cleanup tests.
- Update tests to reflect passthrough behavior.
- failing tests, but no-op.
- Merge pull request #1380 from advthreat/v0.15.2-rc
- Merge pull request #1379 from advthreat/superstitious-p
- Merge pull request #1378 from advthreat/v0.15.1-rc
- Release v0.15.1.
- Merge pull request #1377 from advthreat/remove-original-sightings
- Don't print 100s of sightings :D
- Add logging.
- Remove CTIM dependency.
- Data for you and data for me
- Cabinet of curiosities be gone.
- Datums test.
- new asset responses.
- Check no-op case for assets-for-new-targets.
- Add assets and asset mappings.
- Remove fake test that described itself as real.
- Use add-latest-asset-info from enrich ns.
- Add failing observe-target-observables-test.
- Do not pass back the relationships or sightings from the original bundle.
- Merge pull request #1374 from advthreat/v0.15.0-rc
- Release candidate 0.15.0
- Merge pull request #1372 from advthreat/asset-enrich
- Merge branch 'main' into asset-enrich
- Only need to wrap around exception.
- Magic sauce for cljs vs clj.
- Add test for ->instant.
- Fix let<.
- promesify everything.
- PR feedback, add p/let.
- PR feedback.
- map observable keys (this shouldn't matter, but for consistency and safety sake.)
- Refactor exists? because it's a function.
- Update src/iroh/engine/asset/enrich.cljc
- Fix IrohServiceWrapper call.
- move time fns into time ns.
- A bit more function now.
- IT LIVESSSS.
- Add emit_observe_targets_enrich.js
- Wiring through observable call.
- mountebank.
- Getting farther through the pipeline.
- Resolve linter errors.
- more promises for us.
- cleanup nested whens.
- Try to call targets.
- it puts the promise on the code.
- Smaller functions.
- Clean up more test ns.
- Cleanup tests.
- Merge branch 'main' into asset-enrich
- Move logic into previous function.
- Add resolve latest mountebank test.
- Some unit tests.
- prepare for the sightening.
- extract targets from enriched response.
- Break out a couple more small functions.
- Implement some small helper functions.
- Pull in used sighting ns and reference observable var.
**** tenzin-config [3]

- Add config for prod and fix test typo. [[https://github.com/advthreat/tenzin-config/pull/846][#846]]

_between 3 and 4 months old_

- Add iroh base url to conure config. [[https://github.com/advthreat/tenzin-config/pull/829][#829]]
- Add necessary conure config. [[https://github.com/advthreat/tenzin-config/pull/811][#811]]

*** Pawan Bahuguna [31]

**** tenzin [31]

- Sxops 191 - custom_response_body [[https://github.com/advthreat/tenzin/pull/2933][#2933]]
- Added health check header [[https://github.com/advthreat/tenzin/pull/2921][#2921]]
- Added Health check header to crowdstrike for testing [[https://github.com/advthreat/tenzin/pull/2916][#2916]]
- Increased the Max size to 6 [[https://github.com/advthreat/tenzin/pull/2908][#2908]]
- Updated the version to 7.0.7 to sync with AWS [[https://github.com/advthreat/tenzin/pull/2907][#2907]]
- SXOPS-621 - Enable IAM Access Advisor in all envs [[https://github.com/advthreat/tenzin/pull/2894][#2894]]
- Removed Event Processor Role [[https://github.com/advthreat/tenzin/pull/2881][#2881]]
- SXOPS 191 Update TEST VPC Peering [[https://github.com/advthreat/tenzin/pull/2879][#2879]]
- Changed version to 7.0.5, already present in aws [[https://github.com/advthreat/tenzin/pull/2877][#2877]]
- Updated desired capacity, min and max size [[https://github.com/advthreat/tenzin/pull/2874][#2874]]
- SXOPS-490 Docker version health check [[https://github.com/advthreat/tenzin/pull/2837][#2837]]
- Added CU, IR, KP, SY [[https://github.com/advthreat/tenzin/pull/2854][#2854]]
- Added artifacts and XDR to ordered_cache_behavior - Already in AWS [[https://github.com/advthreat/tenzin/pull/2848][#2848]]
- SXOPS-191-Updated VPC peering connection [[https://github.com/advthreat/tenzin/pull/2835][#2835]]
- Added docker container version check [[https://github.com/advthreat/tenzin/pull/2815][#2815]]
- SAML sync with AWS [[https://github.com/advthreat/tenzin/pull/2824][#2824]]
- enabled intelligence in prod [[https://github.com/advthreat/tenzin/pull/2807][#2807]]
- SXOPS-535 Micro Frontend Ribbon [[https://github.com/advthreat/tenzin/pull/2806][#2806]]
- int-iroh-registration-ui User is already present in AWS [[https://github.com/advthreat/tenzin/pull/2801][#2801]]
- Removed CloudWatch-CSIRT.tf [[https://github.com/advthreat/tenzin/pull/2788][#2788]]
- updated the asg_max_size to 6 [[https://github.com/advthreat/tenzin/pull/2781][#2781]]
- Added instance refresh [[https://github.com/advthreat/tenzin/pull/2780][#2780]]
- Enabling watchdog check on Crowdstrike [[https://github.com/advthreat/tenzin/pull/2773][#2773]]
- SXOPS-490 Add/Update 3rd Party Integrations health checks [[https://github.com/advthreat/tenzin/pull/2767][#2767]]
- Added TLS - automate MFE [[https://github.com/advthreat/tenzin/pull/2753][#2753]]
- PROD automate MFE [[https://github.com/advthreat/tenzin/pull/2752][#2752]]
- [SXOPS-497] Create 3rd Party Integrations for Cybereason & Crowdstrike (INT/TEST) [[https://github.com/advthreat/tenzin/pull/2747][#2747]]
- Added dbudko pabahugu to VPN list [[https://github.com/advthreat/tenzin/pull/2728][#2728]]
- Sxops 484 onboard dmytro dbudko [[https://github.com/advthreat/tenzin/pull/2727][#2727]]
- SXOPS-476 Decom Nomad task securex-ui-incidents from Tenzin [[https://github.com/advthreat/tenzin/pull/2699][#2699]]

_between 3 and 4 months old_

- enable prod [[https://github.com/advthreat/tenzin/pull/2662][#2662]]

*** Trent Boyd [2]

**** tenzin-config [2]

- chore: add https dev urls to xdr projects [[https://github.com/advthreat/tenzin-config/pull/886][#886]]
- feat: add configs for securex-ui-intelligence job [[https://github.com/advthreat/tenzin-config/pull/852][#852]]

*** Devin Walters [12]

**** tenzin [7]

- Set tmpdir to /local for conure task [[https://github.com/advthreat/tenzin/pull/2930][#2930]]
- Mount datadog socket in conure task [[https://github.com/advthreat/tenzin/pull/2922][#2922]]
- Remove Conure access to IROH RDS instance [[https://github.com/advthreat/tenzin/pull/2742][#2742]]

_between 3 and 4 months old_

- Capture the rest of a log message as 'message_text' for clj stack logs [[https://github.com/advthreat/tenzin/pull/2660][#2660]]
- Grok pattern which captures message for the clj stack [[https://github.com/advthreat/tenzin/pull/2658][#2658]]
- Add RMI server hostname [[https://github.com/advthreat/tenzin/pull/2640][#2640]]
- Include configuration for hikari monitoring via JMX [[https://github.com/advthreat/tenzin/pull/2639][#2639]]
**** tenzin-config [5]

- Specify JWK per environment [[https://github.com/advthreat/tenzin-config/pull/866][#866]]
- Update conure username in prod environments [[https://github.com/advthreat/tenzin-config/pull/860][#860]]
- Update conure db username in TEST [[https://github.com/advthreat/tenzin-config/pull/856][#856]]
- Update conure configuration [[https://github.com/advthreat/tenzin-config/pull/843][#843]]
- Test out dedicated conure postgres instance [[https://github.com/advthreat/tenzin-config/pull/838][#838]]

*** Martin Bruchanov [20]

**** tenzin [20]

- Adding data nodes to lower file system utilization [[https://github.com/advthreat/tenzin/pull/2940][#2940]]
- Adding vercel deploy to sudo for consul [[https://github.com/advthreat/tenzin/pull/2936][#2936]]
- Increasing number of data nodes to the current state [[https://github.com/advthreat/tenzin/pull/2935][#2935]]
- Security groups for OPS VPN in INT [[https://github.com/advthreat/tenzin/pull/2924][#2924]]
- Added CLI parameters for ES administration tools [[https://github.com/advthreat/tenzin/pull/2915][#2915]]
- Removing salt references for terminated OPs instance [[https://github.com/advthreat/tenzin/pull/2900][#2900]]
- Updated contacts of EDF team [[https://github.com/advthreat/tenzin/pull/2895][#2895]]
- Fixed JSON validation for IROH query [[https://github.com/advthreat/tenzin/pull/2887][#2887]]
- Fixed correct hostname and SSM keys [[https://github.com/advthreat/tenzin/pull/2893][#2893]]
- OPS OpenVPN salt deployment [[https://github.com/advthreat/tenzin/pull/2883][#2883]]
- Renaming data-openvpn to ops-openvpn [[https://github.com/advthreat/tenzin/pull/2845][#2845]]
- Increasing edf-reporting and iops-reporting memory allocation [[https://github.com/advthreat/tenzin/pull/2838][#2838]]
- Added list of Consul UI hostnames [[https://github.com/advthreat/tenzin/pull/2789][#2789]]
- Tool for quick SSH to Consul leader [[https://github.com/advthreat/tenzin/pull/2785][#2785]]
- Cleaning up intel2x hostname [[https://github.com/advthreat/tenzin/pull/2654][#2654]]
- Second VPN server for Non-OPS access [[https://github.com/advthreat/tenzin/pull/2735][#2735]]
- Fixed duplicated uid in user profile [[https://github.com/advthreat/tenzin/pull/2740][#2740]]

_between 3 and 4 months old_

- NAM ElasticSearch clean up: DNS, S3 bucket for snapshots [[https://github.com/advthreat/tenzin/pull/2697][#2697]]
- Updating hostnames, fixed error with missing authentication [[https://github.com/advthreat/tenzin/pull/2637][#2637]]
- Tranfer of existing roles from one ES cluter to another [[https://github.com/advthreat/tenzin/pull/2634][#2634]]

*** Michael Simonson [3]

**** tenzin [2]

- Adds input buckets for non-int envs [[https://github.com/advthreat/tenzin/pull/2863][#2863]]
- SXOPs-hydrant-talos-coa-importer [[https://github.com/advthreat/tenzin/pull/2741][#2741]]
**** tenzin-config [1]

- Issue SXOPs-562: Hydrant Manual Removal Importer [[https://github.com/advthreat/tenzin-config/pull/859][#859]]

*** John Jardine [5]

**** tenzin [4]

- Revert "Move all Hydrant jobs to v1.35 (adds coas support)"
- Revert "Include STAGE in hydrant container version update"
- Include STAGE in hydrant container version update
- Move all Hydrant jobs to v1.35 (adds coas support)
**** tenzin-config [1]

- Importer was missing the config files [[https://github.com/advthreat/tenzin-config/pull/850][#850]]

*** Gayan Jayasundara [7]

**** tenzin [7]

- Bump crowdstrike and SentinalOne - Ian requested [[https://github.com/advthreat/tenzin/pull/2904][#2904]]
- Bump crowdstrike into 1.0.2a - Bug fix from Ian [[https://github.com/advthreat/tenzin/pull/2846][#2846]]
- SXOPS-512 Bump crowdstrike and sentinelone versions [[https://github.com/advthreat/tenzin/pull/2802][#2802]]

_between 3 and 4 months old_

- Migrate securex-ui-incidents from Nomad to Vercel - non-prod - DNS [[https://github.com/advthreat/tenzin/pull/2691][#2691]]
- securex-ui-control-center - non-prod vercel [[https://github.com/advthreat/tenzin/pull/2690][#2690]]
- Update cyberprotect integration to latest (2.0.6) [[https://github.com/advthreat/tenzin/pull/2673][#2673]]
- Redirect XDR int to Vercel [[https://github.com/advthreat/tenzin/pull/2667][#2667]]