#+title: Code Weekly Report 23 #+subtitle: logs goes 2 weeks back #+date: 2023-06-06 #+options: H:6 * IROH ** lead *** [0] ** data *** Mario Aquino [1] **** iroh [1] - Issue 7823/incident summary mapping [[https://github.com/advthreat/iroh/pull/7907][#7907]] *** Guillaume Erétéo [1] **** iroh [1] #+BEGIN_QUOTE _>1w_ - Mean tiles avg fixtures [[https://github.com/advthreat/iroh/pull/7791][#7791]] #+END_QUOTE *** Ambrose Bonnaire-Sergeant [4] **** ctia [4] #+BEGIN_QUOTE _>1w_ - Fix X-Total-Hits in incident average metric [[https://github.com/advthreat/ctia/pull/1371][#1371]] - Remove unused creds [[https://github.com/advthreat/ctia/pull/1370][#1370]] - Remove old deps scanner [[https://github.com/advthreat/ctia/pull/1369][#1369]] - Average aggregations for incidents [[https://github.com/advthreat/ctia/pull/1358][#1358]] #+END_QUOTE ** integrations *** Matthieu Sprunck [3] **** tenzin-config [3] - Share the same module configurations in iroh and iroh-async in PROD [[https://github.com/advthreat/tenzin-config/pull/905][#905]] - Disable HTTP Proxy in IROH proxy (PROD)[[https://github.com/advthreat/tenzin-config/pull/903][#903]] - Configure the Microsoft Defender module record [[https://github.com/advthreat/tenzin-config/pull/897][#897]] *** Kirill Chernyshov [2] **** iroh [2] - Use event id for the key of kafka record [[https://github.com/advthreat/iroh/pull/7923][#7923]] #+BEGIN_QUOTE _>1w_ - Generate DataStream names [[https://github.com/advthreat/iroh/pull/7903][#7903]] #+END_QUOTE *** [0] ** auth *** [0] *** Yann Esposito [7] **** iroh [3] - Fix SCSO rebrand name. [[https://github.com/advthreat/iroh/pull/7937][#7937]] - Rebrand from SecureX Sign-On to Secure Cloud Sign-on [[https://github.com/advthreat/iroh/pull/7935][#7935]] - A few additional helpers [[https://github.com/advthreat/iroh/pull/7914][#7914]] **** tenzin-config [4] - Factorisation iroh/iroh-async confs [[https://github.com/advthreat/tenzin-config/pull/904][#904]] - Tree config structures to prevent config duplication. [[https://github.com/advthreat/tenzin-config/pull/901][#901]] - Fix SCSO name [[https://github.com/advthreat/tenzin-config/pull/898][#898]] - rebrand from SecureX Sign-On to Secure Cloud Sign-on [[https://github.com/advthreat/tenzin-config/pull/896][#896]] *** Olivier Barbeau [1] **** iroh [1] #+BEGIN_QUOTE _>1w_ - Code coverage in GitHub Pages [[https://github.com/advthreat/iroh/pull/7924][#7924]] #+END_QUOTE *** [0] ** iroh-ops *** Jerome Schneider [11] **** tenzin [11] - IROH-async: improve auto scaling - Fixed TF MSK configuration - TEST IROH Async: increase maximum instances to 12 - PROD NAM: add Kafka and Kafka Connect support - PROD EU: add Kafka and kafka Connect - PROD APJC: add Kafka and kafka Connect support - STAGE: add Kafka and Kafka Connect - TEST: add Kafka and Kafka Connect support - INT: add kafka Connect support - Add kafka connect support - new terraform module to gen and send credential *** [0] * Other ** Other *** Robert Levy [3] **** iroh [1] - user and team mean time tiles [[https://github.com/advthreat/iroh/pull/7873][#7873]] **** tenzin-config [2] - add migration for iroh issue #7819 to TEST and PROD environments [[https://github.com/advthreat/tenzin-config/pull/902][#902]] - add migration for iroh issue #7819 [[https://github.com/advthreat/tenzin-config/pull/895][#895]] *** II [2] **** iroh [2] - Issue 7819 - Rename SecureX Orchestrator module instances to Automation [[https://github.com/advthreat/iroh/pull/7927][#7927]] #+BEGIN_QUOTE _>1w_ - Adds orbital to the list of allowed AO token scopes [[https://github.com/advthreat/iroh/pull/7919][#7919]] #+END_QUOTE *** Devin Walters [2] **** tenzin-config [2] - Reduce conure-distributor worker count [[https://github.com/advthreat/tenzin-config/pull/906][#906]] - Init conure-distributor config.edn [[https://github.com/advthreat/tenzin-config/pull/900][#900]] *** Mia [3] **** iroh [1] - update risk score calculation based on #7915 [[https://github.com/advthreat/iroh/pull/7931][#7931]] **** iroh-engine [2] - Merge pull request #1394 from advthreat/v0.15.6-rc - Merge pull request #1393 from advthreat/save-asset-snapshot *** Scott McLeod [1] **** tenzin-config [1] - Config changes supporting IROH PR #7934 [[https://github.com/advthreat/tenzin-config/pull/899][#899]] *** Adam Sayer [1] **** tenzin [1] #+BEGIN_QUOTE _>1w_ - Nomad version upgrade to 1.5.6 [[https://github.com/advthreat/tenzin/pull/3003][#3003]] #+END_QUOTE *** krishna Ganugapenta [7] **** tenzin [7] - Conure_distrib listen port changed to 8088 [[https://github.com/advthreat/tenzin/pull/3030][#3030]] - conure distributor vault roles modified [[https://github.com/advthreat/tenzin/pull/3029][#3029]] - Conure node target fix [[https://github.com/advthreat/tenzin/pull/3026][#3026]] - Conure Target nodes excluded distributor nodes [[https://github.com/advthreat/tenzin/pull/3025][#3025]] - Conure Distributor Infra set up [[https://github.com/advthreat/tenzin/pull/3013][#3013]] #+BEGIN_QUOTE _>1w_ - S3 permissions allowed for datadog-java-agent [[https://github.com/advthreat/tenzin/pull/3008][#3008]] - Conure task dd-java-agent version update [[https://github.com/advthreat/tenzin/pull/3001][#3001]] #+END_QUOTE *** milehrer [2] **** iroh-engine [2] - prepare for v0.15.6 - Remove sightings from asset enrichment response, save snapshot instead *** [2] **** iroh [2] - Issue 7819 - Rename SecureX Orchestrator module instances to Automation [[https://github.com/advthreat/iroh/pull/7927][#7927]] #+BEGIN_QUOTE _>1w_ - Adds orbital to the list of allowed AO token scopes [[https://github.com/advthreat/iroh/pull/7919][#7919]] #+END_QUOTE *** John Jardine [2] **** tenzin [2] - Update PROD sw component versions, resequence. [[https://github.com/advthreat/tenzin/pull/3006][#3006]] - Remove zeronorth specific configurations [[https://github.com/advthreat/tenzin/pull/2976][#2976]] *** Sofiia Mykytiuk [7] **** tenzin [7] - Consul fix for ops vpn [[https://github.com/advthreat/tenzin/pull/3032][#3032]] - Add jyoverma to ops vpnator list [[https://github.com/advthreat/tenzin/pull/3021][#3021]] - Update backup retention period for RDS conure [[https://github.com/advthreat/tenzin/pull/3014][#3014]] #+BEGIN_QUOTE _>1w_ - Clean up securex-news from backup regions [[https://github.com/advthreat/tenzin/pull/3015][#3015]] - Revert "Remove datadog-ro vault policy (#2999)" [[https://github.com/advthreat/tenzin/pull/3010][#3010]] - Remove cleaner lambda setup from PROD [[https://github.com/advthreat/tenzin/pull/2996][#2996]] - Remove datadog-ro vault policy [[https://github.com/advthreat/tenzin/pull/2999][#2999]] #+END_QUOTE *** muhammad-xdr-ops [4] **** tenzin [4] - SXOPS-748 - remove public access to SNS topics [[https://github.com/advthreat/tenzin/pull/3020][#3020]] #+BEGIN_QUOTE _>1w_ - SXOPS-745 - aws ec2 keys rotated for all prod envs [[https://github.com/advthreat/tenzin/pull/3018][#3018]] - SXOPS-703 remove public access to SNS topics [[https://github.com/advthreat/tenzin/pull/3011][#3011]] - SXOPS-740 - int/test/stage aws ec2 default key rotation [[https://github.com/advthreat/tenzin/pull/3007][#3007]] #+END_QUOTE *** Dmytro Budko [1] **** tenzin [1] #+BEGIN_QUOTE _>1w_ - SXOPS-716 [ACTION REQUIRED] Changes to AWS Billing, Cost Management, and Account access control policies [[https://github.com/advthreat/tenzin/pull/2995][#2995]] #+END_QUOTE *** Scott McLeod [1] **** iroh [1] - Use filter-map-search directly from CRUDStoreService [[https://github.com/advthreat/iroh/pull/7934][#7934]] *** Yurii Ivanisenko [3] **** tenzin [2] #+BEGIN_QUOTE _>1w_ - add WAF ipv6 lists [[https://github.com/advthreat/tenzin/pull/2991][#2991]] - linter tool master branch [[https://github.com/advthreat/tenzin/pull/2998][#2998]] #+END_QUOTE **** tenzin-config [1] #+BEGIN_QUOTE _>1w_ - woke tool added [[https://github.com/advthreat/tenzin-config/pull/894][#894]] #+END_QUOTE *** Gayan Jayasundara [1] **** tenzin [1] - SXOPS-472 & SXOPS-498 - Enable sentinelone and crowdstrike in Production for v1.122 Release [[https://github.com/advthreat/tenzin/pull/3031][#3031]] *** Pawan Bahuguna [4] **** tenzin [4] - SXOPS-752 multi az redis iroh async [[https://github.com/advthreat/tenzin/pull/3017][#3017]] #+BEGIN_QUOTE _>1w_ - SXOPS-29 [PROD] Added multi_az_enabled [[https://github.com/advthreat/tenzin/pull/3012][#3012]] - Removing duo-cloudmapper as it is not supported now [[https://github.com/advthreat/tenzin/pull/3005][#3005]] - Updated the desired capacity to match AWS [[https://github.com/advthreat/tenzin/pull/3000][#3000]] #+END_QUOTE *** vjayakody [1] **** tenzin [1] #+BEGIN_QUOTE _>1w_ - ssh key update [[https://github.com/advthreat/tenzin/pull/3002][#3002]] #+END_QUOTE