#+title: FY24Q3 Report
#+subtitle: logs goes 7 month back
#+date: 2024-05-13
#+options: H:6 ^:nil
* IROH
** lead


*** Guillaume Buisson [12]

**** ctia [2]

- Properly filter Relationships to assemble a Feed View [[https://github.com/threatgrid/ctia/pull/1421][#1421]]
- Filter out some infrastructure details from Error API Responses [[https://github.com/threatgrid/ctia/pull/1412][#1412]]
**** iroh [8]

- fix a flaky test in iroh-web [[https://github.com/advthreat/iroh/pull/9250][#9250]]
- Don't use pp-str to log the request in the rate limiter service [[https://github.com/advthreat/iroh/pull/9249][#9249]]
- Fix iroh-kafka* logs [[https://github.com/advthreat/iroh/pull/9240][#9240]]
- Update the json appender to rename the output level key [[https://github.com/advthreat/iroh/pull/9187][#9187]]
- update the logstash-v2 logging preset [[https://github.com/advthreat/iroh/pull/9178][#9178]]
- Don't fire disabled webhooks [[https://github.com/advthreat/iroh/pull/8741][#8741]]
- upgrade ctia-investigate to use transit+json instead of edn [[https://github.com/advthreat/iroh/pull/8623][#8623]]

_between 6 month and 7 month old_

- A new script to update a record :created in ES [[https://github.com/advthreat/iroh/pull/8574][#8574]]
**** tenzin-config [2]

- setup the IROH json logging appender
- Re-apply the default rate limit for the NGFW Incident promotion client [[https://github.com/advthreat/tenzin-config/pull/1063][#1063]]
** data


*** Mario Aquino [41]

**** iroh [33]

- Threat hunt integration tests [[https://github.com/advthreat/iroh/pull/9218][#9218]]
- Threat hunt module instance pagination [[https://github.com/advthreat/iroh/pull/9200][#9200]]
- iroh-async Telemetry Identity Data [[https://github.com/advthreat/iroh/pull/9166][#9166]]
- Xdr 1086/crud store fields filtering [[https://github.com/advthreat/iroh/pull/9147][#9147]]
- iroh-async task (metric) tag [[https://github.com/advthreat/iroh/pull/9123][#9123]]
- iroh-metrics in default bootstrap [[https://github.com/advthreat/iroh/pull/9118][#9118]]
- Metrics Service (micrometer) [[https://github.com/advthreat/iroh/pull/9029][#9029]]
- Disable color logging for test execution [[https://github.com/advthreat/iroh/pull/9097][#9097]]
- Carmine & Timbre upgrade v2 [[https://github.com/advthreat/iroh/pull/9005][#9005]]
- Loosen Risk Score Incident validation [[https://github.com/advthreat/iroh/pull/9013][#9013]]
- Apply risk score valid ranges to incident schemas [[https://github.com/advthreat/iroh/pull/8976][#8976]]
- Revert "Upgrade carmine version (#8888)" [[https://github.com/advthreat/iroh/pull/9003][#9003]]
- Log Tuning [[https://github.com/advthreat/iroh/pull/8978][#8978]]
- Upgrade carmine version [[https://github.com/advthreat/iroh/pull/8888][#8888]]
- Fix flaky test [[https://github.com/advthreat/iroh/pull/8956][#8956]]
- iroh-async high-traffic adjustments [[https://github.com/advthreat/iroh/pull/8835][#8835]]
- Fix disabled threat-hunt test [[https://github.com/advthreat/iroh/pull/8814][#8814]]
- Update incident_time when updating incident status [[https://github.com/advthreat/iroh/pull/8801][#8801]]
- incident enrichment activity diagram [[https://github.com/advthreat/iroh/pull/8712][#8712]]
- Separate Risk score & incident enrichment [[https://github.com/advthreat/iroh/pull/8751][#8751]]
- Improve safe-filtering [[https://github.com/advthreat/iroh/pull/8731][#8731]]
- iroh-async: Flatten Datadog context [[https://github.com/advthreat/iroh/pull/8706][#8706]]
- iroh-async logging & tracing context [[https://github.com/advthreat/iroh/pull/8705][#8705]]
- Socket timeout milliseconds (not seconds) [[https://github.com/advthreat/iroh/pull/8690][#8690]]
- Risk Score socket-timeout [[https://github.com/advthreat/iroh/pull/8687][#8687]]
- Threat Hunt Module Exclusion [[https://github.com/advthreat/iroh/pull/8646][#8646]]
- Remove dead code [[https://github.com/advthreat/iroh/pull/8626][#8626]]
- Incident Summary migration re-run [[https://github.com/advthreat/iroh/pull/8597][#8597]]
- Notification request uses paginated user search [[https://github.com/advthreat/iroh/pull/8606][#8606]]

_between 6 month and 7 month old_

- Add support for role-targetted notification [[https://github.com/advthreat/iroh/pull/8557][#8557]]
- Issue 8438/notification request phase 1 [[https://github.com/advthreat/iroh/pull/8470][#8470]]
- Fix flaky test [[https://github.com/advthreat/iroh/pull/8521][#8521]]
- Use int-req-ctx when calling post-bundle-import [[https://github.com/advthreat/iroh/pull/8500][#8500]]
**** tenzin-config [8]

- Exclude CTIA modules from threat hunt execution [[https://github.com/advthreat/tenzin-config/pull/1122][#1122]]
- Add iroh-async client-id to rate unlimited list [[https://github.com/advthreat/tenzin-config/pull/1053][#1053]]
- Increase conn-manager thread count after PROD performance monitoring [[https://github.com/advthreat/tenzin-config/pull/1042][#1042]]
- Increase thread pool size for EU private intel conn mgr [[https://github.com/advthreat/tenzin-config/pull/1039][#1039]]
- Increase connection mgr thread pool for NAM/EU/TEST [[https://github.com/advthreat/tenzin-config/pull/1030][#1030]]
- Increase thread pool size for engine connection manager [[https://github.com/advthreat/tenzin-config/pull/1012][#1012]]
- Config for skipping Private Intel during investigation threat hunt [[https://github.com/advthreat/tenzin-config/pull/1009][#1009]]
- Rerun incident summary migration and update ES index [[https://github.com/advthreat/tenzin-config/pull/1001][#1001]]

*** Guillaume Erétéo [55]

**** ctia [11]

- remove ES5 support [[https://github.com/threatgrid/ctia/pull/1419][#1419]]
- Optimize lucene searches [[https://github.com/threatgrid/ctia/pull/1420][#1420]]
- bump ctim / remove status disposition [[https://github.com/threatgrid/ctia/pull/1417][#1417]]
- ctim 1.3.15 [[https://github.com/threatgrid/ctia/pull/1415][#1415]]
- silent this too noisy log [[https://github.com/threatgrid/ctia/pull/1414][#1414]]
- ctim-1.3.14 [[https://github.com/threatgrid/ctia/pull/1413][#1413]]
- remove un-store [[https://github.com/threatgrid/ctia/pull/1410][#1410]]
- fix wait_for for delete search [[https://github.com/threatgrid/ctia/pull/1399][#1399]]
- incident meta [[https://github.com/threatgrid/ctia/pull/1391][#1391]]
- Incident status disposition [[https://github.com/threatgrid/ctia/pull/1389][#1389]]

_between 6 month and 7 month old_

- Update CODEOWNERS [[https://github.com/threatgrid/ctia/pull/1387][#1387]]
**** iroh [41]

- Dump events with dump metrics script [[https://github.com/advthreat/iroh/pull/9180][#9180]]
- Sca clean phase 2 [[https://github.com/advthreat/iroh/pull/9176][#9176]]
- add backup clusters for delete [[https://github.com/advthreat/iroh/pull/9173][#9173]]
- Scripts for SCA issue cleaning [[https://github.com/advthreat/iroh/pull/9161][#9161]]
- simplify sorting in telemetry reports [[https://github.com/advthreat/iroh/pull/9144][#9144]]
- Add logs to better monitor reports [[https://github.com/advthreat/iroh/pull/9142][#9142]]
- Report service: consider missing user/org ids [[https://github.com/advthreat/iroh/pull/9134][#9134]]
- filter ids on search [[https://github.com/advthreat/iroh/pull/9130][#9130]]
- Generate statistics about modules [[https://github.com/advthreat/iroh/pull/9108][#9108]]
- Refactor iops report generation [[https://github.com/advthreat/iroh/pull/9099][#9099]]
- bump ctim / remove status disposition [[https://github.com/advthreat/iroh/pull/9114][#9114]]
- fix flaky ES test: wait some more [[https://github.com/advthreat/iroh/pull/9089][#9089]]
- telemetry report: fix search iteration for batch size 10000 [[https://github.com/advthreat/iroh/pull/9082][#9082]]
- reduce logs by adding user-scopes [[https://github.com/advthreat/iroh/pull/9078][#9078]]
- tk store: update ES index state [[https://github.com/advthreat/iroh/pull/8664][#8664]]
- Add admin maintenance route to load MITRE stix [[https://github.com/advthreat/iroh/pull/8967][#8967]]
- ctim 1.3.15 [[https://github.com/advthreat/iroh/pull/9068][#9068]]
- limit walk entities to the necessary exports [[https://github.com/advthreat/iroh/pull/9039][#9039]]
- ctim 1.3.14 [[https://github.com/advthreat/iroh/pull/9016][#9016]]
- Dump ES metrics telemetry events [[https://github.com/advthreat/iroh/pull/8999][#8999]]
- script to clean SE false positive incidents and sightings [[https://github.com/advthreat/iroh/pull/8846][#8846]]
- MITRE Matrix: dynamic components design [[https://github.com/advthreat/iroh/pull/8973][#8973]]
- fix Talos threat hunt [[https://github.com/advthreat/iroh/pull/8969][#8969]]
- update the design of static MITRE matrix rendering [[https://github.com/advthreat/iroh/pull/8949][#8949]]
- replace lazyseq by iteration in reports [[https://github.com/advthreat/iroh/pull/8957][#8957]]
- For Jeetu by G2 [[https://github.com/advthreat/iroh/pull/8920][#8920]]
- Some more incident stats [[https://github.com/advthreat/iroh/pull/8861][#8861]]
- import mitre matrix backbone [[https://github.com/advthreat/iroh/pull/8899][#8899]]
- Mitre coverage static matrix [[https://github.com/advthreat/iroh/pull/8882][#8882]]
- add created and modified to IROH CTIM entities [[https://github.com/advthreat/iroh/pull/8810][#8810]]
- bundle import activity diagrams [[https://github.com/advthreat/iroh/pull/8708][#8708]]
- scoring at bundle import [[https://github.com/advthreat/iroh/pull/8694][#8694]]
- Meta incident field [[https://github.com/advthreat/iroh/pull/8617][#8617]]
- entitlement-enforcement-jobs-service in default [[https://github.com/advthreat/iroh/pull/8612][#8612]]
- incident status_disposition [[https://github.com/advthreat/iroh/pull/8587][#8587]]

_between 6 month and 7 month old_

- introduce admin common web service for cisco services [[https://github.com/advthreat/iroh/pull/8573][#8573]]
- speed up listing of entilements [[https://github.com/advthreat/iroh/pull/8516][#8516]]
- Update CODEOWNERS [[https://github.com/advthreat/iroh/pull/8524][#8524]]
- Add entitlement summaries endpoint for external policy enforcement jobs [[https://github.com/advthreat/iroh/pull/8508][#8508]]
- ductile 0.4.8 [[https://github.com/advthreat/iroh/pull/8453][#8453]]
- XDR intel retention design [[https://github.com/advthreat/iroh/pull/8153][#8153]]
**** tenzin-config [3]

- configure / tune private intel proxy cm [[https://github.com/advthreat/tenzin-config/pull/1074][#1074]]
- increase bundle-batch-size [[https://github.com/advthreat/tenzin-config/pull/1071][#1071]]

_between 6 month and 7 month old_

- fix config path in README.md [[https://github.com/advthreat/tenzin-config/pull/1000][#1000]]

*** Ambrose Bonnaire-Sergeant [43]

**** ctia [15]

- Bump ring-swagger with proof of memory leak fix [[https://github.com/threatgrid/ctia/pull/1423][#1423]]
- Clojure 1.11.1 -> 1.11.2 [[https://github.com/threatgrid/ctia/pull/1416][#1416]]
- Revert patch bundle commits [[https://github.com/threatgrid/ctia/pull/1411][#1411]]
- Fix 2XX response swagger/coercion, ban ~:return~ [[https://github.com/threatgrid/ctia/pull/1407][#1407]]
- Remove asset properties/mapping merging during bundle patch [[https://github.com/threatgrid/ctia/pull/1408][#1408]]
- Fix :body descriptions [[https://github.com/threatgrid/ctia/pull/1409][#1409]]
- Fix POST /bulk schema checking [[https://github.com/threatgrid/ctia/pull/1406][#1406]]
- Use prn instead of pprint for logs [[https://github.com/threatgrid/ctia/pull/1401][#1401]]
- Eval routes and options given to ~context~ at initialization time [[https://github.com/threatgrid/ctia/pull/1394][#1394]]
- Use ~st/merge~ to merge schemas instead of ~into~ [[https://github.com/threatgrid/ctia/pull/1398][#1398]]
- Never match existing asset-* entities when patch-existing=false [[https://github.com/threatgrid/ctia/pull/1395][#1395]]
- Re-enable incident tests [[https://github.com/threatgrid/ctia/pull/1393][#1393]]
- Add external_ids to investigation select fields [[https://github.com/threatgrid/ctia/pull/1392][#1392]]

_between 6 month and 7 month old_

- New bundle/import option: merge previous incident tactics/techniques [[https://github.com/threatgrid/ctia/pull/1388][#1388]]
- Patch existing entities in ~POST /bundle/import~ [[https://github.com/threatgrid/ctia/pull/1383][#1383]]
**** iroh [24]

- Bump ring-swagger and prove it fixes the memory leak [[https://github.com/advthreat/iroh/pull/9244][#9244]]
- Fix typo in debug log [[https://github.com/advthreat/iroh/pull/9228][#9228]]
- Debug logs to investigate person assets not being imported [[https://github.com/advthreat/iroh/pull/9227][#9227]]
- Update status endpoint to keep conure updated [[https://github.com/advthreat/iroh/pull/9209][#9209]]
- Update test for new carmine non-FIFO queues: ~queue-status-report-test~ [[https://github.com/advthreat/iroh/pull/9103][#9103]]
- Make generated tk meta easier to review using pprint [[https://github.com/advthreat/iroh/pull/8805][#8805]]
- Restrict possible values for updated asset properties [[https://github.com/advthreat/iroh/pull/9022][#9022]]
- Don't forward response headers from CTIA to IROH [[https://github.com/advthreat/iroh/pull/9014][#9014]]
- Only subscribe incidents with supported observables [[https://github.com/advthreat/iroh/pull/9000][#9000]]
- Fix flaky test [[https://github.com/advthreat/iroh/pull/9001][#9001]]
- Redis: Set NX / XX [[https://github.com/advthreat/iroh/pull/8970][#8970]]
- Bulk asset update + rescoring route [[https://github.com/advthreat/iroh/pull/8963][#8963]]
- Fix logf call [[https://github.com/advthreat/iroh/pull/8925][#8925]]
- Fix incident subscription args, and only subscribe incident if observables/identities are non-empty [[https://github.com/advthreat/iroh/pull/8921][#8921]]
- Fix DI subscription URL [[https://github.com/advthreat/iroh/pull/8914][#8914]]
- Revert patch bundle commits [[https://github.com/advthreat/iroh/pull/8903][#8903]]
- Fix swagger description [[https://github.com/advthreat/iroh/pull/8905][#8905]]
- Asset properties update and incident rescoring route [[https://github.com/advthreat/iroh/pull/8843][#8843]]
- Rescoring task [[https://github.com/advthreat/iroh/pull/8869][#8869]]
- Generate valid DI auth tokens for incident subscriptions [[https://github.com/advthreat/iroh/pull/8804][#8804]]
- Fix ~(reset)~ [[https://github.com/advthreat/iroh/pull/8799][#8799]]
- Subscribe to incident asset rescoring via DI [[https://github.com/advthreat/iroh/pull/8699][#8699]]
- Only pass default patch-existing query params in bundle/import proxy if patch-existing=true [[https://github.com/advthreat/iroh/pull/8725][#8725]]

_between 6 month and 7 month old_

- Enable entity patching in POST /private-intel/bundle/import [[https://github.com/advthreat/iroh/pull/8492][#8492]]
**** tenzin-config [4]

- Bulk asset update limits [[https://github.com/advthreat/tenzin-config/pull/1059][#1059]]
- Add Conure url to Private intel config [[https://github.com/advthreat/tenzin-config/pull/1052][#1052]]
- Add config for DI client in iroh-engine [[https://github.com/advthreat/tenzin-config/pull/1036][#1036]]
- Add device insights url to iroh-engine config [[https://github.com/advthreat/tenzin-config/pull/1014][#1014]]
** integrations


*** Matthieu Sprunck [22]

**** iroh [18]

- Rename automation_workflow_disabled to automation_workflow_definition [[https://github.com/advthreat/iroh/pull/9196][#9196]]
- Revert "Update the json appender to rename the output level key (#9187)" [[https://github.com/advthreat/iroh/pull/9191][#9191]]
- Change Incident Assignment Notification wording [[https://github.com/advthreat/iroh/pull/9189][#9189]]
- Add title and link to the incident in the incident assignment notification [[https://github.com/advthreat/iroh/pull/9188][#9188]]
- Add a log when an unexpected status is returned from KafkaConnect [[https://github.com/advthreat/iroh/pull/9153][#9153]]
- IROH Proxy: Correct handling for path with spaces (%20) [[https://github.com/advthreat/iroh/pull/9149][#9149]]
- Build notification type name from notification type [[https://github.com/advthreat/iroh/pull/9140][#9140]]
- JMX metrics for clj-http connection manager [[https://github.com/advthreat/iroh/pull/8765][#8765]]
- Always decompress the body when status is not 2xx [[https://github.com/advthreat/iroh/pull/8527][#8527]]
- Restore default expiration (24h) for the local session token [[https://github.com/advthreat/iroh/pull/8747][#8747]]
- Workflow event schema changes [[https://github.com/advthreat/iroh/pull/8656][#8656]]
- IROH Proxy: remove headers set by the reverse proxy [[https://github.com/advthreat/iroh/pull/8655][#8655]]
- More log context to investigate #8638 [[https://github.com/advthreat/iroh/pull/8654][#8654]]
- Add logging info to investigate #8638 [[https://github.com/advthreat/iroh/pull/8653][#8653]]
- StackOverflowError temporary fix [[https://github.com/advthreat/iroh/pull/8607][#8607]]

_between 6 month and 7 month old_

- Allow any header name in the remote module auth configuration [[https://github.com/advthreat/iroh/pull/8529][#8529]]
- Add ciscoxdr as a valid Feedback source [[https://github.com/advthreat/iroh/pull/8515][#8515]]
- Fix Duo Admin API Auth (sigv2) for POST requests [[https://github.com/advthreat/iroh/pull/8330][#8330]]
**** tenzin-config [4]

- Configure XDR URL in the PrivateIntel service for the Assignment notification [[https://github.com/advthreat/tenzin-config/pull/1116][#1116]]
- Create a module record for Microsoft Graph API [[https://github.com/advthreat/tenzin-config/pull/1050][#1050]]
- Fix settings names for JAMF auth upgrade [[https://github.com/advthreat/tenzin-config/pull/1048][#1048]]
- Use Token Auth with the JAMF Classic API [[https://github.com/advthreat/tenzin-config/pull/1038][#1038]]

*** Kirill Chernyshov [46]

**** iroh [39]

- Draft design [[https://github.com/advthreat/iroh/pull/9201][#9201]]
- Format redirect url for email notification [[https://github.com/advthreat/iroh/pull/9211][#9211]]
- Use static string 'Cisco' as a subtitle [[https://github.com/advthreat/iroh/pull/9210][#9210]]
- Coerce incoming notification before email format [[https://github.com/advthreat/iroh/pull/9204][#9204]]
- [REFACTORING] Standardize trapperkeeper usage [[https://github.com/advthreat/iroh/pull/9177][#9177]]
- Use ~notify!~ to create notification via API call [[https://github.com/advthreat/iroh/pull/9162][#9162]]
- Fix copyright notice in email template [[https://github.com/advthreat/iroh/pull/9159][#9159]]
- Add simple template for notification email [[https://github.com/advthreat/iroh/pull/9150][#9150]]
- Allow nil as a correlation id [[https://github.com/advthreat/iroh/pull/9143][#9143]]
- Fix for EventService initialization [[https://github.com/advthreat/iroh/pull/9141][#9141]]
- Respect user notification preferences [[https://github.com/advthreat/iroh/pull/9133][#9133]]
- Add default config for NotificationInDelivery [[https://github.com/advthreat/iroh/pull/9128][#9128]]
- 8938 e8811 process email notification delivery [[https://github.com/advthreat/iroh/pull/9127][#9127]]
- Fix config key [[https://github.com/advthreat/iroh/pull/9115][#9115]]
- Fix dev config for NotificationInDeliveryService [[https://github.com/advthreat/iroh/pull/9113][#9113]]
- On recieving NotificationRequest notify users according to their preference [[https://github.com/advthreat/iroh/pull/9087][#9087]]
- Upgrade clojure 1.11.1 -> 1.11.2 [[https://github.com/advthreat/iroh/pull/9072][#9072]]
- Remove maintenance notification type [[https://github.com/advthreat/iroh/pull/9069][#9069]]
- 8933 e8811 create notificationindeliveryservice persistence only [[https://github.com/advthreat/iroh/pull/9025][#9025]]
- "In App" -> "In-App" [[https://github.com/advthreat/iroh/pull/9020][#9020]]
- Add correct :name and :description to notification type meta [[https://github.com/advthreat/iroh/pull/9012][#9012]]
- NotificationPreference API real endpoint [[https://github.com/advthreat/iroh/pull/8995][#8995]]
- NotificationPreference Service [[https://github.com/advthreat/iroh/pull/8982][#8982]]
- Fixes for notification endpoint [[https://github.com/advthreat/iroh/pull/8964][#8964]]
- Add notification preference api endpoints [[https://github.com/advthreat/iroh/pull/8947][#8947]]
- Initial draft design of notifications delivery [[https://github.com/advthreat/iroh/pull/8844][#8844]]
- Refactor data streams service [[https://github.com/advthreat/iroh/pull/8793][#8793]]
- DRY'ed out client-creds-token namespace [[https://github.com/advthreat/iroh/pull/8783][#8783]]
- Kafka connect monitoring [[https://github.com/advthreat/iroh/pull/8278][#8278]]
- Handle undelivered records [[https://github.com/advthreat/iroh/pull/8634][#8634]]
- Events data retention enforcement job [[https://github.com/advthreat/iroh/pull/8722][#8722]]
- Iroh events data retention implementation [[https://github.com/advthreat/iroh/pull/8666][#8666]]
- Iroh events postgres data retention [[https://github.com/advthreat/iroh/pull/8693][#8693]]
- Use timbre for logging [[https://github.com/advthreat/iroh/pull/8651][#8651]]
- Add draft design for IROH Events data retention [[https://github.com/advthreat/iroh/pull/8585][#8585]]

_between 6 month and 7 month old_

- Fix shutdown process of Kafka Consumer [[https://github.com/advthreat/iroh/pull/8558][#8558]]
- Fixes for CTIA Transfer service [[https://github.com/advthreat/iroh/pull/8552][#8552]]
- Transfer CTIA Events [[https://github.com/advthreat/iroh/pull/8514][#8514]]
- Tiny fix for EventWebservice router [[https://github.com/advthreat/iroh/pull/8493][#8493]]
**** tenzin-config [7]

- Add KafkaProducerService to all envs [[https://github.com/advthreat/tenzin-config/pull/1107][#1107]]
- Add email kafka consumer to all envs [[https://github.com/advthreat/tenzin-config/pull/1106][#1106]]
- Enable kafka consumer for email notifications [[https://github.com/advthreat/tenzin-config/pull/1099][#1099]]
- Add new kafka topics for IROH notifications [[https://github.com/advthreat/tenzin-config/pull/1070][#1070]]
- Add ES sink connector v2 to test full migration [[https://github.com/advthreat/tenzin-config/pull/1035][#1035]]
- Fix broken data stream on TEST [[https://github.com/advthreat/tenzin-config/pull/1034][#1034]]
- Config for DataStreams service [[https://github.com/advthreat/tenzin-config/pull/1033][#1033]]

*** Shafiq [31]

**** iroh [28]

- Design Automation-Remote target for iroh-proxy [[https://github.com/advthreat/iroh/pull/9190][#9190]]
- Trim whitespace when interpolating pipe transforms [[https://github.com/advthreat/iroh/pull/9121][#9121]]
- Support for GoogleAPI Authorization [[https://github.com/advthreat/iroh/pull/9106][#9106]]
- Refactor proxy health check [[https://github.com/advthreat/iroh/pull/9066][#9066]]
- Data retention cleanup of notification services [[https://github.com/advthreat/iroh/pull/9064][#9064]]
- Apply data retention policy on iroh-notifications [[https://github.com/advthreat/iroh/pull/9054][#9054]]
- Add ~:remote~ type in configuration spec fields [[https://github.com/advthreat/iroh/pull/9046][#9046]]
- Refactor proxy-health-check [[https://github.com/advthreat/iroh/pull/9033][#9033]]
- Update proxy-health-check logging [[https://github.com/advthreat/iroh/pull/9028][#9028]]
- Update proxy health check logging [[https://github.com/advthreat/iroh/pull/9024][#9024]]
- Perform relay-api request based on observable-types [[https://github.com/advthreat/iroh/pull/9017][#9017]]
- Add selection of settings for configuration-token auth [[https://github.com/advthreat/iroh/pull/9007][#9007]]
- Support for dedicated url setting for iroh-proxy requests  [[https://github.com/advthreat/iroh/pull/8998][#8998]]
- Route for patching module-type documentation [[https://github.com/advthreat/iroh/pull/8981][#8981]]
- Add filtering of notifications using multiple statuses [[https://github.com/advthreat/iroh/pull/8974][#8974]]
- Support for transforming interpolated strings. [[https://github.com/advthreat/iroh/pull/8945][#8945]]
- Construct token url from base-url setting [[https://github.com/advthreat/iroh/pull/8923][#8923]]
- [IROH Proxy] Support for Rubrik and Commvault API services [[https://github.com/advthreat/iroh/pull/8902][#8902]]
- [iroh-proxy] Include POST method for proxy health check [[https://github.com/advthreat/iroh/pull/8878][#8878]]
- Update relay-module schemas for Checkpoint auth [[https://github.com/advthreat/iroh/pull/8875][#8875]]
- [iroh-proxy] Implement Checkpoint Smart-1 authentication [[https://github.com/advthreat/iroh/pull/8873][#8873]]
- Fix schema of proxy health check [[https://github.com/advthreat/iroh/pull/8827][#8827]]
- Add string matching for health check [[https://github.com/advthreat/iroh/pull/8815][#8815]]
- Fallback to iroh-events store when kafka send fails [[https://github.com/advthreat/iroh/pull/8786][#8786]]
- Fix mapping for incident events [[https://github.com/advthreat/iroh/pull/8703][#8703]]

_between 6 month and 7 month old_

- Update iroh-event developer doc [[https://github.com/advthreat/iroh/pull/8596][#8596]]
- Add x-sort header to support search_after pagination [[https://github.com/advthreat/iroh/pull/8586][#8586]]
- Identify trusted service to service req for SE [[https://github.com/advthreat/iroh/pull/8495][#8495]]
**** tenzin-config [3]

- Swtich to new sink-connector in INT [[https://github.com/advthreat/tenzin-config/pull/1024][#1024]]
- Add updated sink connector for all envs [[https://github.com/advthreat/tenzin-config/pull/1021][#1021]]
- Add sink connector for new iroh-event datastream [[https://github.com/advthreat/tenzin-config/pull/1019][#1019]]
** auth


*** bartuka [71]

**** iroh [52]

- add ~:content-type  :json~ explicitly to clj-http [[https://github.com/advthreat/iroh/pull/9090][#9090]]
- Brownfield Provisioning - make the ~region~ field available for TEST purposes only [[https://github.com/advthreat/iroh/pull/9079][#9079]]
- Improve logs for Brownfield provisioning [[https://github.com/advthreat/iroh/pull/9076][#9076]]
- [IROH Auth] update QA routes for Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/9053][#9053]]
- [IROH Auth] Fix access token brownfield provisioning [[https://github.com/advthreat/iroh/pull/9049][#9049]]
- [IROH Auth] bugfix - accept empty string as entitlement value for universal provisioning [[https://github.com/advthreat/iroh/pull/9021][#9021]]
- [IROH Auth] FMC add re-token proxy request [[https://github.com/advthreat/iroh/pull/9011][#9011]]
- [IROH Auth] fix FMC redirect call to ~/device~ [[https://github.com/advthreat/iroh/pull/8987][#8987]]
- [IROH Auth] fix device verification redirection [[https://github.com/advthreat/iroh/pull/8979][#8979]]
- fix proxy requests to FMC [[https://github.com/advthreat/iroh/pull/8972][#8972]]
- [IROH Auth] FMC OAuth2 and SSE proxies [[https://github.com/advthreat/iroh/pull/8840][#8840]]
- [IROH Auth] Improvements to universal provisioning callback [[https://github.com/advthreat/iroh/pull/8913][#8913]]
- [IROH Auth] bugfix #4: add ~:content-type :json~ to callback request [[https://github.com/advthreat/iroh/pull/8909][#8909]]
- [IROH Auth] fix payload sent to  PIAM callback_url after provisioning was complete [[https://github.com/advthreat/iroh/pull/8900][#8900]]
- [IROH Auth] bugfix Universal Provisioning created schema error [[https://github.com/advthreat/iroh/pull/8892][#8892]]
- [IROH Auth] bugfix parsing OKTA JWT scopes [[https://github.com/advthreat/iroh/pull/8880][#8880]]
- [IROH Auth] Brownfield provisioning - endpoint to attach existing tenant to a SBG product [[https://github.com/advthreat/iroh/pull/8806][#8806]]
- [IROH Auth] Support FMC in the ~jwks~ service [[https://github.com/advthreat/iroh/pull/8830][#8830]]
- [IROH Auth] Fix DI onboarding in Universal Provisioning Flow [[https://github.com/advthreat/iroh/pull/8813][#8813]]
- Revert "[IROH Auth] support for FMC token in JWKS Service" [[https://github.com/advthreat/iroh/pull/8816][#8816]]
- [IROH Auth] support for FMC token in JWKS Service [[https://github.com/advthreat/iroh/pull/8808][#8808]]
- [IROH Auth] Check QA ~callback_url~ to complete provisioning tests [[https://github.com/advthreat/iroh/pull/8763][#8763]]
- [IROH Auth] better swagger descriptions for Universal Provisioning [[https://github.com/advthreat/iroh/pull/8752][#8752]]
- [IROH Auth] remove empty strings from ~client-id~ got from Vault [[https://github.com/advthreat/iroh/pull/8760][#8760]]
- [IROH Auth] add missing scope to get OKTA JWT [[https://github.com/advthreat/iroh/pull/8759][#8759]]
- [IROH Auth] add logs to investigate get okta jwt [[https://github.com/advthreat/iroh/pull/8758][#8758]]
- [IROH Auth] bugfix - ~client/post~ should use ~:form-params~ instead of ~:body~ [[https://github.com/advthreat/iroh/pull/8753][#8753]]
- [IROH Auth] bugfixes - arity exception, change ~product-response~ datatype, change ~pmap~ to ~map~ [[https://github.com/advthreat/iroh/pull/8738][#8738]]
- [IROH Auth] bugfix - fix urls in ~POST /tenants~ returned value and payload field names [[https://github.com/advthreat/iroh/pull/8733][#8733]]
- [IROH Auth] Cache OKTA JWT used for provisioning callback [[https://github.com/advthreat/iroh/pull/8727][#8727]]
- [IROH Auth] Improvements on logs and error handling to UniversalProvisioning and JWKSService [[https://github.com/advthreat/iroh/pull/8707][#8707]]
- [IROH Auth] Duplicate ~universal-provisioning~ web routes to accept IROH JWTs [[https://github.com/advthreat/iroh/pull/8675][#8675]]
- [IROH Auth] Expose ~callbacks packages~ store to check Universal Provisioning status [[https://github.com/advthreat/iroh/pull/8702][#8702]]
- [IROH Auth] Improve 202 Accepted response for ~/universal-provisioning/create-tenants~ [[https://github.com/advthreat/iroh/pull/8701][#8701]]
- [IROH Auth] Fix name convention to callbacks route in  Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/8691][#8691]]
- [IROH Auth] Gen OKTA JWT to callback request in Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/8673][#8673]]
- bugfix - missing ~UniversalProvisioningCallbackService~ to deploy IROH nodes [[https://github.com/advthreat/iroh/pull/8680][#8680]]
- [IROH Auth] Check pending provisions from time-to-time. Endpoint that will be called by OPS tick [[https://github.com/advthreat/iroh/pull/8674][#8674]]
- [IROH Auth] Add callback handler to receive provisioning status from downstream apps [[https://github.com/advthreat/iroh/pull/8633][#8633]]
- [IROH Auth] Add support to UserIdentity JWTs in ~JWKSService~ [[https://github.com/advthreat/iroh/pull/8647][#8647]]
- [IROH Auth] Bugfix in JWKSService logic [[https://github.com/advthreat/iroh/pull/8659][#8659]]
- [IROH Auth] update docs for Universal Provisioning work [[https://github.com/advthreat/iroh/pull/8640][#8640]]
- [IROH Auth] Simplify IROH Web Core by leveraging ~JWKSService~ for all webservices [[https://github.com/advthreat/iroh/pull/8632][#8632]]
- [IROH Auth] Add structure to keep track of onboardings to support async flow in Universal Provisioning [[https://github.com/advthreat/iroh/pull/8599][#8599]]

_between 6 month and 7 month old_

- [IROH Auth] Add support to accept IROH Auth JWTs and External JWTs in a WebService [[https://github.com/advthreat/iroh/pull/8528][#8528]]
- [IROH Auth] bump ~ring-jwt-middleware~ to ~1.1.5~ [[https://github.com/advthreat/iroh/pull/8568][#8568]]
- [IROH Auth] check entitlements schema in universal piam flow [[https://github.com/advthreat/iroh/pull/8560][#8560]]
- [IROH Auth] fix check of ~allowed-origins~ for ~registration_redirect~ query param [[https://github.com/advthreat/iroh/pull/8559][#8559]]
- [IROH Auth] move ~oauth2-jwkset~ to ~jwks-svc~ [[https://github.com/advthreat/iroh/pull/8534][#8534]]
- [IROH Auth] - Expose ~universal-provisioning-web-service~ [[https://github.com/advthreat/iroh/pull/8499][#8499]]
- [IROH Auth] move ~is-trusted-clients?~ to ~OAuth2ClientService~ [[https://github.com/advthreat/iroh/pull/8502][#8502]]
- [IROH Auth] add ~UniversalProvisioningService~ [[https://github.com/advthreat/iroh/pull/8459][#8459]]
**** ring-jwt-middleware [11]


_between 6 month and 7 month old_

- add test case
- update readme
- fix schema
- log the full jwt when error
- use the default value
- fix tests by adding ~post-jwt-format-fn-arg-fn~ to config and schema
- fix all tests by changing the output of ~decode~
- Merge pull request #28 from threatgrid/pubkey-fn-arg-fn
- fix config_test
- add test case
- initial commit
**** tenzin-config [8]

- add fmc client id for each env [[https://github.com/advthreat/tenzin-config/pull/1065][#1065]]
- fix url for device verification [[https://github.com/advthreat/tenzin-config/pull/1058][#1058]]
- Add FMC Proxy configuration [[https://github.com/advthreat/tenzin-config/pull/1056][#1056]]
- fix okta links [[https://github.com/advthreat/tenzin-config/pull/1043][#1043]]
- FMC base-urls to configure JWKS [[https://github.com/advthreat/tenzin-config/pull/1040][#1040]]
- [IROH Auth] bugfix - add config to okta jwks [[https://github.com/advthreat/tenzin-config/pull/1017][#1017]]
- [IROH Auth] add OKTA config for Universal Provisioning flow #1010 [[https://github.com/advthreat/tenzin-config/pull/1013][#1013]]
- add universal_provisioning_callbacks store [[https://github.com/advthreat/tenzin-config/pull/1011][#1011]]

*** Yann Esposito [130]

**** iroh [55]

- improve Client credentials error message to help debug [[https://github.com/advthreat/iroh/pull/9213][#9213]]
- Attempt to provide a body to the onboarding with mustache [[https://github.com/advthreat/iroh/pull/9151][#9151]]
- provisioning API for Org apps [[https://github.com/advthreat/iroh/pull/9195][#9195]]
- Revert "add admin-ui to the gh-pages (#9222)" [[https://github.com/advthreat/iroh/pull/9223][#9223]]
- add admin-ui to the gh-pages [[https://github.com/advthreat/iroh/pull/9222][#9222]]
- Add sc-enabled? flag to profile API views [[https://github.com/advthreat/iroh/pull/9192][#9192]]
- [PIAM Brownfield Provisioning]: Provide a way to update link tenants [[https://github.com/advthreat/iroh/pull/9186][#9186]]
- Add apps field to Orgs [[https://github.com/advthreat/iroh/pull/9175][#9175]]
- improve response when PIAM returns an error [[https://github.com/advthreat/iroh/pull/9183][#9183]]
- fix flaky test invite-test paging [[https://github.com/advthreat/iroh/pull/9182][#9182]]
- Support aero configurations [[https://github.com/advthreat/iroh/pull/9170][#9170]]
- Fix invites pagination [[https://github.com/advthreat/iroh/pull/9138][#9138]]
- Support FMC returning Bearer instead of bearer [[https://github.com/advthreat/iroh/pull/9126][#9126]]
- composable jwks test helper [[https://github.com/advthreat/iroh/pull/9120][#9120]]
- Sync user-name during SCSO login [[https://github.com/advthreat/iroh/pull/9117][#9117]]
- Another IPv6 in URL fix [[https://github.com/advthreat/iroh/pull/9084][#9084]]
- Support IPv6 in URL for inspect service [[https://github.com/advthreat/iroh/pull/9083][#9083]]
- Update of the login doc [[https://github.com/advthreat/iroh/pull/9067][#9067]]
- optimize search user given a list of ids [[https://github.com/advthreat/iroh/pull/9018][#9018]]
- Fix link tenant bug [[https://github.com/advthreat/iroh/pull/8975][#8975]]
- Upgrade Org to XDR on first entitlement update. [[https://github.com/advthreat/iroh/pull/8881][#8881]]
- [IROH-Auth]: Auth Code Grant Client that do not generate any refresh token [[https://github.com/advthreat/iroh/pull/8927][#8927]]
- Specialize TAC routes access [[https://github.com/advthreat/iroh/pull/8884][#8884]]
- Remove legacy restriction of AO scopes [[https://github.com/advthreat/iroh/pull/8890][#8890]]
- Update deps to accept JWT without nbf claim [[https://github.com/advthreat/iroh/pull/8872][#8872]]
- New endpoint to ease impersonation usage [[https://github.com/advthreat/iroh/pull/8855][#8855]]
- Fix PIAM Universal Provisioning routes [[https://github.com/advthreat/iroh/pull/8828][#8828]]
- Should fix open impersonate flaky test [[https://github.com/advthreat/iroh/pull/8809][#8809]]
- Keep track of impersonators [[https://github.com/advthreat/iroh/pull/8736][#8736]]
- Restrict TAC routes to admins [[https://github.com/advthreat/iroh/pull/8794][#8794]]
- Remove with-tk  [[https://github.com/advthreat/iroh/pull/8779][#8779]]
- Code/Test Improvements [[https://github.com/advthreat/iroh/pull/8767][#8767]]
- add a test for matching schema [[https://github.com/advthreat/iroh/pull/8770][#8770]]
- Custom Role Design doc [[https://github.com/advthreat/iroh/pull/8497][#8497]]
- Attempt to improve error message of match? [[https://github.com/advthreat/iroh/pull/8769][#8769]]
- Use ~cid~ for ~trace_id~ when present [[https://github.com/advthreat/iroh/pull/8754][#8754]]
- Support public client for custom routes [[https://github.com/advthreat/iroh/pull/8749][#8749]]
- Add playbook scope [[https://github.com/advthreat/iroh/pull/8739][#8739]]
- Fix webhook race condition risk [[https://github.com/advthreat/iroh/pull/8728][#8728]]
- Call get-org only once for org-virtual user [[https://github.com/advthreat/iroh/pull/8724][#8724]]
- Use a cache for entitlement summaries [[https://github.com/advthreat/iroh/pull/8667][#8667]]
- upgrade jetty version [[https://github.com/advthreat/iroh/pull/8714][#8714]]
- Remove a forgotten pretty printer [[https://github.com/advthreat/iroh/pull/8713][#8713]]
- Fast Event Notifier dispatch using event-type [[https://github.com/advthreat/iroh/pull/8650][#8650]]
- Fix DI onboarding [[https://github.com/advthreat/iroh/pull/8657][#8657]]

_between 6 month and 7 month old_

- Generalize default indexes for data retention [[https://github.com/advthreat/iroh/pull/8598][#8598]]
- [Data Retention Policy]: Delete incident summaries along incident [[https://github.com/advthreat/iroh/pull/8576][#8576]]
- [Provisioning] Introduce ~product-instance-id~ [[https://github.com/advthreat/iroh/pull/8577][#8577]]
- Simply wait a lot more for ES to sync [[https://github.com/advthreat/iroh/pull/8553][#8553]]
- Quick fix on the IROH login page [[https://github.com/advthreat/iroh/pull/8564][#8564]]
- Prevent org duplication during provisioning [[https://github.com/advthreat/iroh/pull/8556][#8556]]
- Declared scopes tree [[https://github.com/advthreat/iroh/pull/8537][#8537]]
- Improve constraints against Entitlements [[https://github.com/advthreat/iroh/pull/8525][#8525]]
- Fix admin route to support combinators [[https://github.com/advthreat/iroh/pull/8377][#8377]]
- Data Retention endpoint returns immediately [[https://github.com/advthreat/iroh/pull/8486][#8486]]
**** iroh-scripts [43]

- fix a bug with trust client
- fix resend-invite
- script to remove flags
- fix a bug in create-super-org
- relink scc script
- prevent id collision
- cleaned-up get-org response
- Added add-flag script here
- CSE client and better patch
- resend-invite
- add SXP riles prod clients
- improve client manipulations
- Updated scripts
- use include
- use local clojure
- Added a better alias for sxo clients
- SXO rules
- added ai client with script
- Fix
- A few new scripts
- Super client should be part of XDR orgs
- Super org should have the XDR flag
- Add admin user
- updated and added scripts
- save and improve client aliases
- save improvements
- create dashboard clients
- Support client aliases in get-client
- Update client with client-aliases
- many new scripts
- added a 1-time script
- Add trusted to get-client
- Improve search and error messages
- Prepare TG to SCSO org migration

_between 6 month and 7 month old_

- add scope to a client
- Help support cider
- add admin to org
- Improved descriptions
- promote-to-master script
- Fix and small improvements
- Improve robustness
- Scripts for admin
- client-pass
**** oauth2-client-demo [3]

- pin packages
- reuse authorized url
- added Meraki client to the list
**** ring-jwt-middleware [7]

- Version 1.1.7-SNAPSHOT
- Version 1.1.6
- Support missing nbf JWT [[https://github.com/advthreat/ring-jwt-middleware/pull/30][#30]]

_between 6 month and 7 month old_

- Version 1.1.6-SNAPSHOT
- Version 1.1.5
- v1.1.5-SNAPSHOT
- Version 1.1.4
**** scopula [6]

- Version 0.3.3-SNAPSHOT
- Version 0.3.2
- real cljs support
- Version 0.3.2-SNAPSHOT
- Version 0.3.1
- support cljs
**** tenzin-config [12]

- add iroh gh-pages to allowed login origin [[https://github.com/advthreat/tenzin-config/pull/1123][#1123]]
- New SCA env for TEST/STAGING [[https://github.com/advthreat/tenzin-config/pull/1114][#1114]]
- configure automatio rules clients to not be rate limited [[https://github.com/advthreat/tenzin-config/pull/1111][#1111]]
- interpolation improvements [[https://github.com/advthreat/tenzin-config/pull/1112][#1112]]
- Add support for interpolation and self ref [[https://github.com/advthreat/tenzin-config/pull/1110][#1110]]
- Remove rate-limit for another SXO client on INT [[https://github.com/advthreat/tenzin-config/pull/1087][#1087]]
- Disable rate-limit SXO client for rules [[https://github.com/advthreat/tenzin-config/pull/1084][#1084]]
- Double threads dedicated for VirusTotal http calls [[https://github.com/advthreat/tenzin-config/pull/1051][#1051]]
- fix vault tpl transformations and checks [[https://github.com/advthreat/tenzin-config/pull/1041][#1041]]
- Remove rate-limit for automation [[https://github.com/advthreat/tenzin-config/pull/1044][#1044]]
- Check vault templating error [[https://github.com/advthreat/tenzin-config/pull/1023][#1023]]
- Add Universal Provisioning Services [[https://github.com/advthreat/tenzin-config/pull/1015][#1015]]
**** xdr-provisioning [4]

- improved re-onboarding script
- use local clojure
- Manage entitlements add-ons
- add a re-provisioning script that rerun onboardings

*** Olivier Barbeau [50]

**** iroh [34]

- Add number of incidents to each technique in the Mitre matrix [[https://github.com/advthreat/iroh/pull/9157][#9157]]
- Fix events and incidents ES stores for DEV [[https://github.com/advthreat/iroh/pull/9154][#9154]]
- E8851: XDR Native & detections [[https://github.com/advthreat/iroh/pull/9122][#9122]]
- E8851: Design of changes for XDR native detections [[https://github.com/advthreat/iroh/pull/9110][#9110]]
- E8851: Product ordering in the coverage of techniques [[https://github.com/advthreat/iroh/pull/9100][#9100]]
- E8851: Product ordering and SCA renaming [[https://github.com/advthreat/iroh/pull/9086][#9086]]
- E8851: Add Org's integrations to the Mitre matrix [[https://github.com/advthreat/iroh/pull/8993][#8993]]
- E8851: Sorting of Mitre elements [[https://github.com/advthreat/iroh/pull/8992][#8992]]
- E8851: Static matrix common to all Orgs [[https://github.com/advthreat/iroh/pull/8939][#8939]]
- E8851: Talos MITRE coverage files import [[https://github.com/advthreat/iroh/pull/8876][#8876]]
- Design of the Talos MITRE coverage files import [[https://github.com/advthreat/iroh/pull/8856][#8856]]
- 'iroh' node type and default services for all node types [[https://github.com/advthreat/iroh/pull/8817][#8817]]
- Check the list of services for a node type [[https://github.com/advthreat/iroh/pull/8800][#8800]]
- Fix merge error on PR 8784 [[https://github.com/advthreat/iroh/pull/8797][#8797]]
- [IROH configuration]: Move role-web-service config to default tk files [[https://github.com/advthreat/iroh/pull/8782][#8782]]
- [IROH configuration]: Universal Provisioning Services config refactor [[https://github.com/advthreat/iroh/pull/8784][#8784]]
- [IROH configuration]: explicit name for generated conf and meta [[https://github.com/advthreat/iroh/pull/8785][#8785]]
- Clean bootstrap.cfg; remove tmp file [[https://github.com/advthreat/iroh/pull/8781][#8781]]
- Add few additional tests to iroh services [[https://github.com/advthreat/iroh/pull/8762][#8762]]
- rewrite tests [[https://github.com/advthreat/iroh/pull/8773][#8773]]
- more info for debugging [[https://github.com/advthreat/iroh/pull/8717][#8717]]
- [IROH configuration]: general documentation [[https://github.com/advthreat/iroh/pull/8764][#8764]]
- update developer doc for api-gateway [[https://github.com/advthreat/iroh/pull/8723][#8723]]
- Some test clean-up [[https://github.com/advthreat/iroh/pull/8716][#8716]]
- High volume of SQL queries for a single observe/deliberate call [[https://github.com/advthreat/iroh/pull/8682][#8682]]
- Remove the state of module instances in ~obfuscate-module-instance~ [[https://github.com/advthreat/iroh/pull/8670][#8670]]
- E8388: update proxy-endpoints-metadata endpoint and metadata [[https://github.com/advthreat/iroh/pull/8663][#8663]]
- E8388: update x-proxy endpoint and IntService ACL filters [[https://github.com/advthreat/iroh/pull/8608][#8608]]
- E8388 : Simplifies upgrade/downgrade tests [[https://github.com/advthreat/iroh/pull/8635][#8635]]
- Implement ~Module Instance service~ event handler [[https://github.com/advthreat/iroh/pull/8592][#8592]]
- Updates to the design 'entitlement changes for integration modules' [[https://github.com/advthreat/iroh/pull/8541][#8541]]

_between 6 month and 7 month old_

- E8388: add new module-instance events, register Module Instance service as handler [[https://github.com/advthreat/iroh/pull/8547][#8547]]
- E8388: Issue 8531 add state to module instance schema [[https://github.com/advthreat/iroh/pull/8544][#8544]]
- Issue 8389 design entitlement changes for integration modules [[https://github.com/advthreat/iroh/pull/8510][#8510]]
**** tenzin-config [16]

- add XDR native module types for PROD [[https://github.com/advthreat/tenzin-config/pull/1115][#1115]]
- add SCA module-type-id for XDR Native on TEST [temp UI fix] [[https://github.com/advthreat/tenzin-config/pull/1109][#1109]]
- add SCA module-type-id for XDR Native [temp UI fix] [[https://github.com/advthreat/tenzin-config/pull/1108][#1108]]
- Mitre: Add detections for XDR Native [[https://github.com/advthreat/tenzin-config/pull/1098][#1098]]
- product ordering and SCA renaming [[https://github.com/advthreat/tenzin-config/pull/1079][#1079]]
- Config for Mitre covering products [[https://github.com/advthreat/tenzin-config/pull/1072][#1072]]
- Deep merge for vectors and sets with duplicates check [[https://github.com/advthreat/tenzin-config/pull/1032][#1032]]
- Reduce configuration duplicates - config.edn part [[https://github.com/advthreat/tenzin-config/pull/1031][#1031]]
- Reduce configuration duplicates - bootstrap.cfg part [[https://github.com/advthreat/tenzin-config/pull/1028][#1028]]
- Move role-web-service config to IROH [[https://github.com/advthreat/tenzin-config/pull/1026][#1026]]
- Move Universal Provisioning Services config to IROH [[https://github.com/advthreat/tenzin-config/pull/1027][#1027]]
- Clean bootstrap cfg [[https://github.com/advthreat/tenzin-config/pull/1025][#1025]]
- Remove the ~:registration~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/963][#963]]
- Remove the ~:merge-users-by-email~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/962][#962]]
- Remove the ~:account-activation-optim~ flag in all environments as it is now activated everywhere. [[https://github.com/advthreat/tenzin-config/pull/961][#961]]
- Remove the ~xdr-roles~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/964][#964]]

*** (Yogsototh) [62]

**** iroh-scripts [43]

- fix a bug with trust client
- fix resend-invite
- script to remove flags
- fix a bug in create-super-org
- relink scc script
- prevent id collision
- cleaned-up get-org response
- Added add-flag script here
- CSE client and better patch
- resend-invite
- add SXP riles prod clients
- improve client manipulations
- Updated scripts
- use include
- use local clojure
- Added a better alias for sxo clients
- SXO rules
- added ai client with script
- Fix
- A few new scripts
- Super client should be part of XDR orgs
- Super org should have the XDR flag
- Add admin user
- updated and added scripts
- save and improve client aliases
- save improvements
- create dashboard clients
- Support client aliases in get-client
- Update client with client-aliases
- many new scripts
- added a 1-time script
- Add trusted to get-client
- Improve search and error messages
- Prepare TG to SCSO org migration

_between 6 month and 7 month old_

- add scope to a client
- Help support cider
- add admin to org
- Improved descriptions
- promote-to-master script
- Fix and small improvements
- Improve robustness
- Scripts for admin
- client-pass
**** oauth2-client-demo [3]

- pin packages
- reuse authorized url
- added Meraki client to the list
**** ring-jwt-middleware [6]

- Version 1.1.7-SNAPSHOT
- Version 1.1.6

_between 6 month and 7 month old_

- Version 1.1.6-SNAPSHOT
- Version 1.1.5
- v1.1.5-SNAPSHOT
- Version 1.1.4
**** scopula [6]

- Version 0.3.3-SNAPSHOT
- Version 0.3.2
- real cljs support
- Version 0.3.2-SNAPSHOT
- Version 0.3.1
- support cljs
**** xdr-provisioning [4]

- improved re-onboarding script
- use local clojure
- Manage entitlements add-ons
- add a re-provisioning script that rerun onboardings
** iroh-ops


*** Jerome Schneider [1]

**** tenzin-config [1]

- IROH migrate to new MSK SASL/SCRAM cluster!

*** Patrick Patat [1]

**** tenzin-config [1]

- refactor ops config with new ref system [[https://github.com/advthreat/tenzin-config/pull/1113][#1113]]
* Other
** Other


*** Robert Levy [7]

**** iroh [6]

- Inherit properties from type in hierarchical modules [[https://github.com/advthreat/iroh/pull/9042][#9042]]
- Format hierarchical modules invalid-parent-id error with context and error type [[https://github.com/advthreat/iroh/pull/8901][#8901]]
- Update hardcoded source in Secure Endpoint module [[https://github.com/advthreat/iroh/pull/8874][#8874]]
- Expose pagination & search functionality in notifications api [[https://github.com/advthreat/iroh/pull/8803][#8803]]
- Fix bug in hierarchical module logic producing empty settings/settings_effective map [[https://github.com/advthreat/iroh/pull/8745][#8745]]
- Issue 8158 hierarchical module [[https://github.com/advthreat/iroh/pull/8469][#8469]]
**** tenzin-config [1]

- Revert "Adds cache configuration for CrowdStrike (#1002)" [[https://github.com/advthreat/tenzin-config/pull/1005][#1005]]

*** Eric Gierach [5]

**** iroh [2]


_between 6 month and 7 month old_

- bumping iroh-engine to 0.15.13 [[https://github.com/advthreat/iroh/pull/8520][#8520]]
- bumping iroh-engine to 0.15.12 [[https://github.com/advthreat/iroh/pull/8509][#8509]]
**** tenzin-config [3]

- removing duplicate entry [[https://github.com/advthreat/tenzin-config/pull/1078][#1078]]
- Swap stg and test configs for reporting. [[https://github.com/advthreat/tenzin-config/pull/1077][#1077]]
- Disabling reporting until Ops gets the infra set up. [[https://github.com/advthreat/tenzin-config/pull/1075][#1075]]

*** II [20]

**** iroh [16]

- Keeps Kondo from being run on dev start [[https://github.com/advthreat/iroh/pull/9220][#9220]]
- Xdr 1282 Adds new Umbrella service to default services [[https://github.com/advthreat/iroh/pull/9214][#9214]]
- Xdr 1282 add v 2 token cache to umbrella integration [[https://github.com/advthreat/iroh/pull/9208][#9208]]
- XDR-1411 Fixes inconsistent v1 v2 refer [[https://github.com/advthreat/iroh/pull/9197][#9197]]
- 9074 remove settings effective [[https://github.com/advthreat/iroh/pull/9075][#9075]]
- 8990 umbrella investigate v2 [[https://github.com/advthreat/iroh/pull/9030][#9030]]
- 8958 Adds Missing Umbrella v2 Sightings [[https://github.com/advthreat/iroh/pull/8960][#8960]]
- 8498 fix token cache [[https://github.com/advthreat/iroh/pull/8911][#8911]]
- 8798 create migration to add parents to existing microsoft defender modules [[https://github.com/advthreat/iroh/pull/8870][#8870]]
- Throws exception in parent validation on non-existent parent [[https://github.com/advthreat/iroh/pull/8850][#8850]]
- Merges module type props on create and update health check [[https://github.com/advthreat/iroh/pull/8845][#8845]]
- Implements v2 threat hunting [[https://github.com/advthreat/iroh/pull/8833][#8833]]
- This should fix issue with parent settings not used on create-patch [[https://github.com/advthreat/iroh/pull/8822][#8822]]
- Adds insights scope to allowed Automation scopes in gen-ao-jwt [[https://github.com/advthreat/iroh/pull/8678][#8678]]
- 8496 token cache fix [[https://github.com/advthreat/iroh/pull/8637][#8637]]

_between 6 month and 7 month old_

- 8496 - relay module token cache [[https://github.com/advthreat/iroh/pull/8580][#8580]]
**** tenzin-config [4]

- Disables Umbrella module auto load so service does it [[https://github.com/advthreat/tenzin-config/pull/1120][#1120]]
- Enables Umbrella token caches [[https://github.com/advthreat/tenzin-config/pull/1119][#1119]]
- Revert "Revert "Adds cache configuration for CrowdStrike (#1002)" (#1005)" [[https://github.com/advthreat/tenzin-config/pull/1008][#1008]]

_between 6 month and 7 month old_

- Adds cache configuration for CrowdStrike [[https://github.com/advthreat/tenzin-config/pull/1002][#1002]]

*** Devin Walters [9]

**** tenzin-config [9]

- Configure s3-http-client connection pool size for PROD environments [[https://github.com/advthreat/tenzin-config/pull/1105][#1105]]
- Turn on reporting pipeline in TEST [[https://github.com/advthreat/tenzin-config/pull/1097][#1097]]
- Up hikari pool size in INT for conure [[https://github.com/advthreat/tenzin-config/pull/1095][#1095]]
- Configure incident import bucket per PROD env for iroh and iroh-async [[https://github.com/advthreat/tenzin-config/pull/1092][#1092]]
- Configure incident pipeline [[https://github.com/advthreat/tenzin-config/pull/1091][#1091]]
- Fix bucket name [[https://github.com/advthreat/tenzin-config/pull/1083][#1083]]
- Match s3 bucket key [[https://github.com/advthreat/tenzin-config/pull/1082][#1082]]
- Add INT and TEST enrichment bucket names to relevant configs [[https://github.com/advthreat/tenzin-config/pull/1057][#1057]]

_between 6 month and 7 month old_

- Add port 443 to ctia base urls [[https://github.com/advthreat/tenzin-config/pull/996][#996]]

*** Mia [5]

**** iroh [5]

- create permanent logs to unobtrusively monitor bundle import results [[https://github.com/advthreat/iroh/pull/9242][#9242]]
- New iroh event docs [[https://github.com/advthreat/iroh/pull/9181][#9181]]
- iroh-engine 0.16.2 [[https://github.com/advthreat/iroh/pull/9125][#9125]]
- Engine 0.16.1 [[https://github.com/advthreat/iroh/pull/9116][#9116]]
- Engine 0.16.0 [[https://github.com/advthreat/iroh/pull/8997][#8997]]

*** Martin Bruchanov [1]

**** tenzin-config [1]

- XDRSRE-64: Authentication for public CTIA in INT [[https://github.com/advthreat/tenzin-config/pull/1081][#1081]]

*** James Moser [1]

**** tenzin-config [1]

- added QA domain to idps email domain whitelists [[https://github.com/advthreat/tenzin-config/pull/1085][#1085]]

***  [20]

**** iroh [16]

- Keeps Kondo from being run on dev start [[https://github.com/advthreat/iroh/pull/9220][#9220]]
- Xdr 1282 Adds new Umbrella service to default services [[https://github.com/advthreat/iroh/pull/9214][#9214]]
- Xdr 1282 add v 2 token cache to umbrella integration [[https://github.com/advthreat/iroh/pull/9208][#9208]]
- XDR-1411 Fixes inconsistent v1 v2 refer [[https://github.com/advthreat/iroh/pull/9197][#9197]]
- 9074 remove settings effective [[https://github.com/advthreat/iroh/pull/9075][#9075]]
- 8990 umbrella investigate v2 [[https://github.com/advthreat/iroh/pull/9030][#9030]]
- 8958 Adds Missing Umbrella v2 Sightings [[https://github.com/advthreat/iroh/pull/8960][#8960]]
- 8498 fix token cache [[https://github.com/advthreat/iroh/pull/8911][#8911]]
- 8798 create migration to add parents to existing microsoft defender modules [[https://github.com/advthreat/iroh/pull/8870][#8870]]
- Throws exception in parent validation on non-existent parent [[https://github.com/advthreat/iroh/pull/8850][#8850]]
- Merges module type props on create and update health check [[https://github.com/advthreat/iroh/pull/8845][#8845]]
- Implements v2 threat hunting [[https://github.com/advthreat/iroh/pull/8833][#8833]]
- This should fix issue with parent settings not used on create-patch [[https://github.com/advthreat/iroh/pull/8822][#8822]]
- Adds insights scope to allowed Automation scopes in gen-ao-jwt [[https://github.com/advthreat/iroh/pull/8678][#8678]]
- 8496 token cache fix [[https://github.com/advthreat/iroh/pull/8637][#8637]]

_between 6 month and 7 month old_

- 8496 - relay module token cache [[https://github.com/advthreat/iroh/pull/8580][#8580]]
**** tenzin-config [4]

- Disables Umbrella module auto load so service does it [[https://github.com/advthreat/tenzin-config/pull/1120][#1120]]
- Enables Umbrella token caches [[https://github.com/advthreat/tenzin-config/pull/1119][#1119]]
- Revert "Revert "Adds cache configuration for CrowdStrike (#1002)" (#1005)" [[https://github.com/advthreat/tenzin-config/pull/1008][#1008]]

_between 6 month and 7 month old_

- Adds cache configuration for CrowdStrike [[https://github.com/advthreat/tenzin-config/pull/1002][#1002]]

*** Martin Bruchanov [1]

**** iroh [1]

- XDR-1344: Final version of deletion script used for PROD change [[https://github.com/advthreat/iroh/pull/9174][#9174]]

*** Ruslan Yemelianov [2]

**** tenzin-config [2]

- Revert "enable ES auth private-ctia INT"
- enable ES auth private-ctia INT

*** Andrew Parisi [2]

**** tenzin-config [2]

- [data-retention/update-iroh-internal-for-prod] [[https://github.com/advthreat/tenzin-config/pull/1018][#1018]]
- [data-retention/update-entitlement-route-information] [[https://github.com/advthreat/tenzin-config/pull/1004][#1004]]

*** Scott McLeod [7]

**** iroh [6]

- Notification service timestamp filter [[https://github.com/advthreat/iroh/pull/9252][#9252]]
- Tk store half bounded intervals [[https://github.com/advthreat/iroh/pull/9158][#9158]]
- Extend tk search with range queries [[https://github.com/advthreat/iroh/pull/8912][#8912]]
- Resolves postgres driver sql-injection vulnerability #9091 [[https://github.com/advthreat/iroh/pull/9092][#9092]]
- Implement searching risk scores by score [[https://github.com/advthreat/iroh/pull/8907][#8907]]
- tk store: Add delete-search method #8213 [[https://github.com/advthreat/iroh/pull/8692][#8692]]
**** tenzin-config [1]

- Increase ReportService batch size to ES maximum [[https://github.com/advthreat/tenzin-config/pull/1055][#1055]]

*** Sam Waggoner [1]

**** tenzin-config [1]

- hydrant/912 add clean hashes importer.

*** t2sw [2]

**** ctia [1]


_between 6 month and 7 month old_

- Update CODEOWNERS [[https://github.com/threatgrid/ctia/pull/1390][#1390]]
**** iroh [1]

- add health endpoint to tac portal and update tests [[https://github.com/advthreat/iroh/pull/9002][#9002]]

*** Jerome Schneider [1]

**** iroh [1]

- Upgrade PostgreSQL to 12.15 [[https://github.com/advthreat/iroh/pull/8618][#8618]]

*** Brooke Swanson [24]

**** ctia [2]

- XDR-1769: bump CTIM to 1.3.17. [[https://github.com/threatgrid/ctia/pull/1422][#1422]]
- Add brookeswanson to codeowners. [[https://github.com/threatgrid/ctia/pull/1396][#1396]]
**** iroh [8]

- Maintain behavior for existing events, but also notify s3 if an incid… [[https://github.com/advthreat/iroh/pull/9172][#9172]]
- XDR-1769: bump CTIM to 1.3.17. [[https://github.com/advthreat/iroh/pull/9226][#9226]]
- Reformat bucket path [[https://github.com/advthreat/iroh/pull/9102][#9102]]
- Save to s3 on bundle import. [[https://github.com/advthreat/iroh/pull/8977][#8977]]
- Replace CTIA Crud with Conure Calls [[https://github.com/advthreat/iroh/pull/8924][#8924]]
- Limit risk score [[https://github.com/advthreat/iroh/pull/8906][#8906]]
- Set Limits around observe targets call [[https://github.com/advthreat/iroh/pull/8910][#8910]]
- Add no-doc true and prevent explosion due to mismatched types. [[https://github.com/advthreat/iroh/pull/8548][#8548]]
**** tenzin-config [14]

- Failure to configure correct url. [[https://github.com/advthreat/tenzin-config/pull/1100][#1100]]
- These were flipped in TEST and we would like to test reports. [[https://github.com/advthreat/tenzin-config/pull/1094][#1094]]
- One more time see if the report tab will work. [[https://github.com/advthreat/tenzin-config/pull/1088][#1088]]
- Toggle report feature until Infrastructure is stable. [[https://github.com/advthreat/tenzin-config/pull/1086][#1086]]
- update config. [[https://github.com/advthreat/tenzin-config/pull/1080][#1080]]
- Report in test. [[https://github.com/advthreat/tenzin-config/pull/1076][#1076]]
- conure -> base-url. [[https://github.com/advthreat/tenzin-config/pull/1073][#1073]]
- Temporary flip this to not spam logs. [[https://github.com/advthreat/tenzin-config/pull/1069][#1069]]
- Output buckets. [[https://github.com/advthreat/tenzin-config/pull/1068][#1068]]
- Distributor and Conure configs. [[https://github.com/advthreat/tenzin-config/pull/1067][#1067]]
- Add base-url for incident export (and incident report). [[https://github.com/advthreat/tenzin-config/pull/1064][#1064]]
- Add playbook to conure configs. [[https://github.com/advthreat/tenzin-config/pull/1060][#1060]]
- Add ouath2 config for all regions. [[https://github.com/advthreat/tenzin-config/pull/1020][#1020]]
- Playbook automation config. [[https://github.com/advthreat/tenzin-config/pull/1037][#1037]]

*** Yurii Ivanisenko [1]

**** tenzin-config [1]

- tactical-portal moved to vercel [[https://github.com/advthreat/tenzin-config/pull/1022][#1022]]

*** James Brock [1]

**** easy-purescript-nix [1]

- purs: 0.15.10 -> 0.15.15

*** ryemelia [6]

**** tenzin-config [6]

- XDRSRE-1150: [TEST] Enable ES auth iroh/iroh-async [[https://github.com/advthreat/tenzin-config/pull/1128][#1128]]
- Enable ES auth private-ctia TEST [[https://github.com/advthreat/tenzin-config/pull/1126][#1126]]
- Enable es auth CTIA test [[https://github.com/advthreat/tenzin-config/pull/1127][#1127]]
- fix kafka connector ES AUTH for INT [[https://github.com/advthreat/tenzin-config/pull/1129][#1129]]
- Enable ES auth private-ctia INT [[https://github.com/advthreat/tenzin-config/pull/1125][#1125]]
- XDRSRE-1273: [INT] Enable ES auth for iroh iroh-async [[https://github.com/advthreat/tenzin-config/pull/1124][#1124]]