* 2021 ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W03.org][2021-W03]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W04.org][2021-W04]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W05.org][2021-W05]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W06.org][2021-W06]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W07.org][2021-W07]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W08.org][2021-W08]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W09.org][2021-W09]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W10.org][2021-W10]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W11.org][2021-W11]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W12.org][2021-W12]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W13.org][2021-W13]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W14.org][2021-W14]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W15.org][2021-W15]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W16.org][2021-W16]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W17.org][2021-W17]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W18.org][2021-W18]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W19.org][2021-W19]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W20.org][2021-W20]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W21.org][2021-W21]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W22.org][2021-W22]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W23.org][2021-W23]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W24.org][2021-W24]] ** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W25.org][2021-W25]] ** 2021-W33 #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-08-19 Thu 11:04] | Timestamp | Tags | Headline | Time | | | | |------------------------+------------+----------------------------------------------+------+------+------+------| | | | *Total time* | *4:40* | | | | |------------------------+------------+----------------------------------------------+------+------+------+------| | <2021-08-16 Mon> | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-W33][2021-W33]] | | 4:40 | | | | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-08-16 Monday][2021-08-16 Monday]] | | | 1:52 | | | [2021-08-16 Mon 15:11] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Fix Carlos Hidalgo account][Fix Carlos Hidalgo account]] | | | | 0:20 | | <2021-08-16 Mon> | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*create an issue about email search case sensitivity][create an issue about email...]] | | | | 1:32 | | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-08-17 Tuesday][2021-08-17 Tuesday]] | | | 2:48 | | | <2021-08-18 Wed> | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Add scope to TG clients][Add scope to TG clients]] | | | | 0:38 | | <2021-08-17 Tue> | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Write an issue about 1-click module setup][Write an issue about 1-click...]] | | | | 2:03 | | [2021-08-17 Tue 15:44] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Jyoti about CDO 1-click module setup][Jyoti about CDO 1-click module setup]] | | | | 0:07 | #+END: #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-08-17 Tue 15:45] | Timestamp | Tags | Headline | Time | | | | |------------------------+------+----------------------------------------+------+------+------+------| | | | *Total time* | *1:52* | | | | |------------------------+------+----------------------------------------+------+------+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-W33][2021-W33]] | | 1:52 | | | | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-08-16 Monday][2021-08-16 Monday]] | | | 1:52 | | | [2021-08-16 Mon 15:11] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Fix Carlos Hidalgo account][Fix Carlos Hidalgo account]] | | | | 0:20 | | <2021-08-16 Mon> | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*create an issue about email search case sensitivity][create an issue about email...]] | | | | 1:32 | #+END: *** 2021-08-16 Monday **** DONE Fix Carlos Hidalgo account :work: :LOGBOOK: CLOCK: [2021-08-16 Mon 15:11]--[2021-08-16 Mon 15:31] => 0:20 :END: [2021-08-16 Mon 15:11] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*create an issue about email search case sensitivity][create an issue about email search case sensitivity]] **** DONE create an issue about email search case sensitivity :work: SCHEDULED: <2021-08-16 Mon> :LOGBOOK: CLOCK: [2021-08-17 Tue 14:16]--[2021-08-17 Tue 15:44] => 1:28 CLOCK: [2021-08-16 Mon 15:03]--[2021-08-16 Mon 15:07] => 0:04 :END: [2021-08-16 Mon 15:03] - ref :: https://github.com/threatgrid/response/issues/818 ***** Fix email case sensitivity > Related https://github.com/threatgrid/response/issues/818 We often need to search by email. The main issue being that, currently our search mechanism does not support case insensitive matches. We have 4 possible solutions: 1. Lower case the user email at creation. We need to also update the user emails in our DB. The safest route to achieve this will be via the iroh-migration service. 2. Keep the email case sensitive and add a new case insensitive field =lc-user-email= for example. But same as for case 1, we need to perform a DB migration to add this new field to all existing user in DB. 3. Add support for case insensitive search in tk-store, perhaps with a new tk-store service, or improving current =CRUDStoreService.= 4. Add a specific service just for search user emails that could take care of this specific case by using a Postgres specific query. This could also be the occasion to provide a tk-store hole in the abstraction service. The simplest is probably option 1. Option 2 would be slightly more complex and we would not lose any detail. Option 3 seems the most generic one, and we could totally imagine we would appreciate a case insensitive search support. Option 4 looks like a specific case of 3. My preference then goes to option 3, but we need to understand if this is not too difficult to achieve, what would be the API? The most natural one would probably add an option along =filter-map= like =case-insensitive-fields=. One issue would be to write the support for case insensitive match for =atom= and =redis=. **** TODO Interview Steven Collins :LOGBOOK: CLOCK: [2021-08-16 Mon 15:49]--[2021-08-16 Mon 19:04] => 3:15 :END: *** 2021-08-17 Tuesday **** DONE Add scope to TG clients :work: DEADLINE: <2021-08-18 Wed> :LOGBOOK: CLOCK: [2021-08-17 Tue 17:54]--[2021-08-17 Tue 18:32] => 0:38 :END: [2021-08-17 Tue 17:54] In tenzin config: #+begin_src - INT: 34d94c8c-2041-4708-8172-ebe2df295ca7-2 - TEST: f993f6a0-8075-43e0-a9e5-dae9c3980513 - NAM: 7b8d9fef-bd93-4ef3-88af-ae4174ee02e5 - EU: a1662193-9155-44fd-aa1f-43afd42c889c #+end_src **** DONE Write an issue about 1-click module setup :work: SCHEDULED: <2021-08-17 Tue> :LOGBOOK: CLOCK: [2021-08-17 Tue 15:51]--[2021-08-17 Tue 17:54] => 2:03 :END: [2021-08-17 Tue 15:51] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/Cisco.org.gpg::*Activation Optimization][Activation Optimization]] **** CHAT Jyoti about CDO 1-click module setup :work:chat: :LOGBOOK: CLOCK: [2021-08-17 Tue 15:44]--[2021-08-17 Tue 15:51] => 0:07 :END: [2021-08-17 Tue 15:44] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/Cisco.org.gpg::*Epics][Epics]] *** 2021-08-19 Thursday #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2021-08-19 Thu 17:43] | Timestamp | Tags | Headline | Time | | | | |------------------------+---------------+-----------------------------------+------+---+------+------| | | | *Total time* | *1:39* | | | | |------------------------+---------------+-----------------------------------+------+---+------+------| | | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-08-19 Thursday][2021-08-19 Thursday]] | | | 1:39 | | | [2021-08-19 Thu 16:04] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Interview Olivier Barbeau][Interview Olivier Barbeau]] | | | | 1:39 | #+END: **** MEETING Interview Olivier Barbeau :work:meeting: :LOGBOOK: CLOCK: [2021-08-19 Thu 16:04]--[2021-08-19 Thu 17:43] => 1:39 :END: [2021-08-19 Thu 16:04] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/Cisco.org.gpg::*Self Presentation][Self Presentation]] ** 2021-W35 *** 2021-09-02 Thursday **** MEETING Weekly meeting :work:meeting: :LOGBOOK: CLOCK: [2021-09-02 Thu 17:06]--[2021-09-02 Thu 20:00] => 2:54 :END: [2021-09-02 Thu 17:06] Guillaume start about the *Design Planning* github project. - SecureX session - High Impact Incident Sorry ** 2021-W36 *** 2021-09-08 Wednesday **** MEETING 1-click module setup weekly meeting :work:meeting: :LOGBOOK: CLOCK: [2021-09-08 Wed 17:30]--[2021-09-08 Wed 18:22] => 0:52 :END: [2021-09-08 Wed 17:30] - ref :: https://miro.com/app/board/o9J_l57_gro=/ Miro dashboard from Chloe: https://miro.com/app/board/o9J_l57_gro=/ Discussion: When to TEST, tomorrow. Asking for client_id in TEST. Client-id: client-555c1f7a-b57b-4a6b-9f0b-015e311a6d06 *** 2021-09-09 Thursday **** MEETING Interview: Florin Braghis :work:meeting: :LOGBOOK: CLOCK: [2021-09-09 Thu 15:49]--[2021-09-09 Thu 18:45] => 2:56 :END: [2021-09-09 Thu 15:49] ** 2021-W37 *** 2021-09-14 Tuesday **** IN-PROGRESS Device Grant :work: :LOGBOOK: CLOCK: [2021-09-14 Tue 19:31]--[2021-09-14 Tue 20:35] => 1:04 :END: [2021-09-14 Tue 19:31] - ref :: *** 2021-09-16 Thursday **** MEETING Team weekly :work:meeting: :LOGBOOK: CLOCK: [2021-09-16 Thu 17:25]--[2021-09-17 Fri 14:32] => 21:07 :END: [2021-09-16 Thu 17:25] Ambrose, Irina, Guillaume, Matt, Yann TO MENTION: Device Grant with FMC => Public clients ***** Incident discussion *** 2021-09-17 Friday **** MEETING Presenting the projects :work:meeting: :LOGBOOK: CLOCK: [2021-09-17 Fri 14:32] :END: [2021-09-17 Fri 14:32] - ref :: https://github.com/advthreat/iroh/projects . ***** General ****** Project Organization Every project has an owner (main point of contact for the FT) Now only leads, but could be anyone in the future. ***** [Design] Shared IROH Auth Session Goal of this Project which is not an official FT is to reflect and write proposals to reach the feeling of a shared session across all Cisco Security products via SecureX. + solution using cookies + solution using Open ID Connect . ***** [Design] High Impact Incident /Guillaume Ereteo/ made an awesome work to provide multiple proposals to be able to deliver the feature as fast as possible. 1. filter on source (only AMP) 2. Add severity on incident model 3. Incident with high impact via an IROH route: https://github.com/advthreat/iroh/issues/5710 + needs the proxy from Ambrose + need sync with engine team too ***** SecureX Suite Session Improvement Delivered yesterday in v1.81 Limit the number of interstitial pages between SecureX and CTR/SSE + For orbital, missing the Launch button, the back end work is done as we do not need any SXSO app link. ***** [HOLD] Cisco Secure Client Integration Still no work to be done by the IROH Services team ***** Hiring Since last meeting two new hires will join us in next few weeks. Kiril and Olivier. Kiril lives in Germany and Olivier in France. ***** 1-Click Module Setup In progress integration by CDO and SWC AMP is in the QA test phase. ***** ModuleType updates Just saw the rename of "Threat Grid" into "Secure Malware Analytics" *****