#+title: Code Weekly Report 24
#+subtitle: logs goes 2 weeks back
#+date: 2023-06-16
#+options: H:6
* IROH
** lead


*** Guillaume Buisson [1]

**** iroh [1]

- Initial XDR Incident Manager Response 1.1 Draft Spec [[https://github.com/advthreat/iroh/pull/7847][#7847]]
** data


*** Mario Aquino [4]

**** iroh [4]

- Fix flaky test [[https://github.com/advthreat/iroh/pull/7971][#7971]]
- Partition and batch threat hunt observables [[https://github.com/advthreat/iroh/pull/7958][#7958]]
#+BEGIN_QUOTE

_>1w_

- Establish a task timeout option for async work [[https://github.com/advthreat/iroh/pull/7948][#7948]]
- Issue 7823/incident summary mapping [[https://github.com/advthreat/iroh/pull/7907][#7907]]
#+END_QUOTE

*** Guillaume Erétéo [2]

**** iroh [2]

- Update risk-score.md [[https://github.com/advthreat/iroh/pull/7974][#7974]]
#+BEGIN_QUOTE

_>1w_

- adding org mode for calculating data volume [[https://github.com/advthreat/iroh/pull/7941][#7941]]
#+END_QUOTE

*** Ambrose Bonnaire-Sergeant [1]

**** ctia [1]

#+BEGIN_QUOTE

_>1w_

- Disable /metric/average route for irrelevant entities [[https://github.com/advthreat/ctia/pull/1372][#1372]]
#+END_QUOTE
** integrations


*** Matthieu Sprunck [2]

**** tenzin-config [2]

#+BEGIN_QUOTE

_>1w_

- Share the same module configurations in iroh and iroh-async in PROD [[https://github.com/advthreat/tenzin-config/pull/905][#905]]
- Disable HTTP Proxy in IROH proxy (PROD)[[https://github.com/advthreat/tenzin-config/pull/903][#903]]
#+END_QUOTE

*** Kirill Chernyshov [8]

**** iroh [3]

- Remove try/catch for better error handling [[https://github.com/advthreat/iroh/pull/7980][#7980]]
- Fix NullPointerException [[https://github.com/advthreat/iroh/pull/7961][#7961]]
#+BEGIN_QUOTE

_>1w_

- Use event id for the key of kafka record [[https://github.com/advthreat/iroh/pull/7923][#7923]]
#+END_QUOTE
**** tenzin-config [5]

- Enable KafkaServices on INT [[https://github.com/advthreat/tenzin-config/pull/921][#921]]
- Disable KafkaServices once again [[https://github.com/advthreat/tenzin-config/pull/918][#918]]
- Enable Kafka related services on INT [[https://github.com/advthreat/tenzin-config/pull/916][#916]]
#+BEGIN_QUOTE

_>1w_

- Temporary disable services [[https://github.com/advthreat/tenzin-config/pull/914][#914]]
- Set SSL kafka security protocol on INT [[https://github.com/advthreat/tenzin-config/pull/912][#912]]
#+END_QUOTE

*** Shafiq [1]

**** iroh [1]

- Creating iroh-events datastream should succeed even if it exists already [[https://github.com/advthreat/iroh/pull/7959][#7959]]
** auth


*** bartuka [1]

**** iroh [1]

- [IROH Auth] RBAC JWT Revocation on ~role~ change [[https://github.com/advthreat/iroh/pull/7875][#7875]]

*** Yann Esposito [16]

**** iroh [4]

- Upgrade SX to XDR org via provisioning [[https://github.com/advthreat/iroh/pull/7981][#7981]]
- feature-flag scopes are considered as special [[https://github.com/advthreat/iroh/pull/7985][#7985]]
- fix local dev environment to be able to start locally without docker [[https://github.com/advthreat/iroh/pull/7944][#7944]]
#+BEGIN_QUOTE

_>1w_

- Use org to display the roles as expected [[https://github.com/advthreat/iroh/pull/7952][#7952]]
#+END_QUOTE
**** ring-jwt-middleware [3]

- Version 1.1.4-SNAPSHOT
- Version 1.1.3
- Support external error via is-revoked-fn
**** tenzin-config [9]

- Enable XDR roles in PROD [[https://github.com/advthreat/tenzin-config/pull/919][#919]]
- factorize PROD [[https://github.com/advthreat/tenzin-config/pull/917][#917]]
- Add role-web-service config everywhere [[https://github.com/advthreat/tenzin-config/pull/911][#911]]
#+BEGIN_QUOTE

_>1w_

- Canonicalize the configs (#913) [[https://github.com/advthreat/tenzin-config/pull/915][#915]]
- Canonicalize the configs [[https://github.com/advthreat/tenzin-config/pull/913][#913]]
- Add missing role-web-service everywhere [[https://github.com/advthreat/tenzin-config/pull/910][#910]]
- Gen configs git pre-commit hook [[https://github.com/advthreat/tenzin-config/pull/908][#908]]
- Factorisation iroh/iroh-async confs [[https://github.com/advthreat/tenzin-config/pull/904][#904]]
- Tree config structures to prevent config duplication. [[https://github.com/advthreat/tenzin-config/pull/901][#901]]
#+END_QUOTE

*** Olivier Barbeau [7]

**** iroh [7]

- Upgrade Babashka [[https://github.com/advthreat/iroh/pull/7967][#7967]]
- add missing exclusions for uberjar [[https://github.com/advthreat/iroh/pull/7963][#7963]]
- fix bug when Org has no entitlement [[https://github.com/advthreat/iroh/pull/7956][#7956]]
- [IROH configuration]: Generate service diagram [[https://github.com/advthreat/iroh/pull/7872][#7872]]
- GH pages updates [[https://github.com/advthreat/iroh/pull/7960][#7960]]
#+BEGIN_QUOTE

_>1w_

- fix alias arguments [[https://github.com/advthreat/iroh/pull/7954][#7954]]
- Issue 7930 GitHub pages styling [[https://github.com/advthreat/iroh/pull/7932][#7932]]
#+END_QUOTE

*** (Yogsototh) [3]

**** ring-jwt-middleware [3]

- Version 1.1.4-SNAPSHOT
- Version 1.1.3
- Support external error via is-revoked-fn
** iroh-ops


*** Jerome Schneider [1]

**** tenzin [1]

- Kafka Connect: fixed cluster conf and use our own cacerts file

*** Patrick Patat [1]

**** iroh-ops [1]

- Merge pull request #75 from advthreat/squid

*** Patrick Patat [1]

**** iroh-ops [1]

- add squid server for vector in public subnet
* Other
** Other


*** Robert Levy [2]

**** iroh [1]

#+BEGIN_QUOTE

_>1w_

- user and team mean time tiles [[https://github.com/advthreat/iroh/pull/7873][#7873]]
#+END_QUOTE
**** tenzin-config [1]

#+BEGIN_QUOTE

_>1w_

- add migration for iroh issue #7819 to TEST and PROD environments [[https://github.com/advthreat/tenzin-config/pull/902][#902]]
#+END_QUOTE

*** Devin Walters [2]

**** tenzin-config [2]

- Add config.edn for other conure-distributor environments [[https://github.com/advthreat/tenzin-config/pull/920][#920]]
#+BEGIN_QUOTE

_>1w_

- Reduce conure-distributor worker count [[https://github.com/advthreat/tenzin-config/pull/906][#906]]
#+END_QUOTE

*** Mia [3]

**** iroh [1]

- Snapshot for risk score [[https://github.com/advthreat/iroh/pull/7964][#7964]]
**** iroh-engine [2]

#+BEGIN_QUOTE

_>1w_

- Merge pull request #1394 from advthreat/v0.15.6-rc
- Merge pull request #1393 from advthreat/save-asset-snapshot
#+END_QUOTE

*** Scott McLeod [1]

**** tenzin-config [1]

#+BEGIN_QUOTE

_>1w_

- Config changes supporting IROH PR #7934 [[https://github.com/advthreat/tenzin-config/pull/899][#899]]
#+END_QUOTE

*** krishna Ganugapenta [4]

**** tenzin [4]

- COnure-distributor PROD ASG modules fix [[https://github.com/advthreat/tenzin/pull/3062][#3062]]
- ops_vpn_cidr removal from TEST and other backup regions as ops vpn not present there [[https://github.com/advthreat/tenzin/pull/3061][#3061]]
- Conure-distributor setup config for TEST/PROD [[https://github.com/advthreat/tenzin/pull/3049][#3049]]
#+BEGIN_QUOTE

_>1w_

- Conure_distributor terraform modules config updates [[https://github.com/advthreat/tenzin/pull/3027][#3027]]
#+END_QUOTE

*** milehrer [2]

**** iroh-engine [2]

#+BEGIN_QUOTE

_>1w_

- prepare for v0.15.6
- Remove sightings from asset enrichment response, save snapshot instead
#+END_QUOTE

*** Martin Bruchanov [2]

**** tenzin [2]

- Clean-up of the old ES5 deployment code [[https://github.com/advthreat/tenzin/pull/3053][#3053]]
#+BEGIN_QUOTE

_>1w_

- Fix for consul registration of ops-openvpn service [[https://github.com/advthreat/tenzin/pull/2968][#2968]]
#+END_QUOTE

*** Kirill Chernyshov [1]

**** tenzin-config [1]

#+BEGIN_QUOTE

_>1w_

- IROH Events migration to Elasticsearch [[https://github.com/advthreat/tenzin-config/pull/909][#909]]
#+END_QUOTE

*** John Jardine [2]

**** tenzin [2]

- Add endpoint generation procedure and update endpoints. [[https://github.com/advthreat/tenzin/pull/3058][#3058]]
- SXOPS-792: QA complaining of long queue times for incidents enrichment [[https://github.com/advthreat/tenzin/pull/3054][#3054]]

*** Sofiia Mykytiuk [9]

**** tenzin [9]

- Update ASG for ES metrics in NAM and EU [[https://github.com/advthreat/tenzin/pull/3063][#3063]]
- Update vpnator list [[https://github.com/advthreat/tenzin/pull/3050][#3050]]
#+BEGIN_QUOTE

_>1w_

- Remove CSIRT_Investigator role [[https://github.com/advthreat/tenzin/pull/3045][#3045]]
- Policy to allow access to DynamoDB items for ROAdmin [[https://github.com/advthreat/tenzin/pull/3043][#3043]]
- Remove jbusboom ssh configs [[https://github.com/advthreat/tenzin/pull/3042][#3042]]
- Dmarc record for STAGE [[https://github.com/advthreat/tenzin/pull/3040][#3040]]
- Remove ssh access for Michael Simonson [[https://github.com/advthreat/tenzin/pull/3035][#3035]]
- Update OPS vpnator list [[https://github.com/advthreat/tenzin/pull/3034][#3034]]
- Consul fix for ops vpn [[https://github.com/advthreat/tenzin/pull/3032][#3032]]
#+END_QUOTE

*** muhammad-xdr-ops [4]

**** tenzin [4]

- SXOPS-805 - adding CNAMEs for secure-client-forms MFE [[https://github.com/advthreat/tenzin/pull/3065][#3065]]
- enabled trendmicro and defender in all prod regions [[https://github.com/advthreat/tenzin/pull/3055][#3055]]
- SXOPS-763 - updating integrations version [[https://github.com/advthreat/tenzin/pull/3052][#3052]]
#+BEGIN_QUOTE

_>1w_

- SXOPS-702 removing INT access to PROD S3 bucket [[https://github.com/advthreat/tenzin/pull/3024][#3024]]
#+END_QUOTE

*** Dmytro Budko [5]

**** tenzin [5]

- SXOPS-191 Terraform: Bring INT and Test into sync with AWS [[https://github.com/advthreat/tenzin/pull/3056][#3056]]
#+BEGIN_QUOTE

_>1w_

- SXOPS-766 [PROD] Fix 'docs' related Terraform Delta [[https://github.com/advthreat/tenzin/pull/3046][#3046]]
- SXOPS-636 Docs XDR Deployment, Publish and Host [[https://github.com/advthreat/tenzin/pull/3048][#3048]]
- SXOPS-636 Docs XDR Deployment, Publish and Host [[https://github.com/advthreat/tenzin/pull/3041][#3041]]
- SXOPS-636 Docs XDR Deployment, Publish and Host [[https://github.com/advthreat/tenzin/pull/3016][#3016]]
#+END_QUOTE

*** Scott McLeod [1]

**** iroh [1]

#+BEGIN_QUOTE

_>1w_

- Use filter-map-search directly from CRUDStoreService [[https://github.com/advthreat/iroh/pull/7934][#7934]]
#+END_QUOTE

*** Rekha Gupta [2]

**** tenzin-config [2]

- fix: to port 4008 because ribbon uses 4007 [[https://github.com/advthreat/tenzin-config/pull/925][#925]]
- feat: port for new client management MFE [[https://github.com/advthreat/tenzin-config/pull/924][#924]]

*** Jerome Schneider [1]

**** tenzin [1]

- SXOPS 801: Kafka connect open port 8083 and use static port in Nomad [[https://github.com/advthreat/tenzin/pull/3059][#3059]]

*** Yurii Ivanisenko [2]

**** tenzin [2]

#+BEGIN_QUOTE

_>1w_

- connected self-hosted runner [[https://github.com/advthreat/tenzin/pull/3038][#3038]]
- added wokeignore file [[https://github.com/advthreat/tenzin/pull/3036][#3036]]
#+END_QUOTE

*** Gayan Jayasundara [2]

**** tenzin [2]

- Add Adam as codeowner to Tenzin repo [[https://github.com/advthreat/tenzin/pull/3060][#3060]]
#+BEGIN_QUOTE

_>1w_

- SXOPS-472 & SXOPS-498 - Enable sentinelone and crowdstrike in Production for v1.122 Release [[https://github.com/advthreat/tenzin/pull/3031][#3031]]
#+END_QUOTE