IROH
lead
Guillaume Buisson [13]
ctia [2]
- Properly filter Relationships to assemble a Feed View #1421
- Filter out some infrastructure details from Error API Responses #1412
iroh [9]
- Logging improvements #9241
- fix a flaky test in iroh-web #9250
- Don't use pp-str to log the request in the rate limiter service #9249
- Fix iroh-kafka* logs #9240
- Update the json appender to rename the output level key #9187
- update the logstash-v2 logging preset #9178
- Don't fire disabled webhooks #8741
between 6 month and 7 month old
- upgrade ctia-investigate to use transit+json instead of edn #8623
- A new script to update a record :created in ES #8574
tenzin-config [2]
- setup the IROH json logging appender
- Re-apply the default rate limit for the NGFW Incident promotion
client #1063
data
Mario Aquino [40]
iroh [30]
- Constrain judgements included with threat hunt incident bundles #9279
- Threat hunt integration tests #9218
- Threat hunt module instance pagination #9200
- iroh-async Telemetry Identity Data #9166
- Xdr 1086/crud store fields filtering #9147
- iroh-async task (metric) tag #9123
- iroh-metrics in default bootstrap #9118
- Metrics Service (micrometer) #9029
- Disable color logging for test execution #9097
- Carmine & Timbre upgrade v2 #9005
- Loosen Risk Score Incident validation #9013
- Apply risk score valid ranges to incident schemas #8976
- Revert "Upgrade carmine version (#8888)" #9003
- Log Tuning #8978
- Upgrade carmine version #8888
- Fix flaky test #8956
- iroh-async high-traffic adjustments #8835
- Fix disabled threat-hunt test #8814
- Update incident_time when updating incident status #8801
- incident enrichment activity diagram #8712
- Separate Risk score & incident enrichment #8751
- Improve safe-filtering #8731
- iroh-async: Flatten Datadog context #8706
- iroh-async logging & tracing context #8705
between 6 month and 7 month old
- Socket timeout milliseconds (not seconds) #8690
- Risk Score socket-timeout #8687
- Threat Hunt Module Exclusion #8646
- Remove dead code #8626
- Incident Summary migration re-run #8597
- Notification request uses paginated user search #8606
tenzin-config [10]
- Fix auth parameters passed for calling ES #1139
- Address thread exhaustion in conn mgrs during threat hunting #1130
- Exclude CTIA modules from threat hunt execution #1122
- Add iroh-async client-id to rate unlimited list #1053
- Increase conn-manager thread count after PROD performance monitoring
#1042
- Increase thread pool size for EU private intel conn mgr #1039
- Increase connection mgr thread pool for NAM/EU/TEST #1030
between 6 month and 7 month old
- Increase thread pool size for engine connection manager #1012
- Config for skipping Private Intel during investigation threat hunt
#1009
- Rerun incident summary migration and update ES index #1001
Guillaume Erétéo [52]
ctia [11]
- remove ES5 support #1419
- Optimize lucene searches #1420
- bump ctim / remove status disposition #1417
- ctim 1.3.15 #1415
- silent this too noisy log #1414
- ctim-1.3.14 #1413
- remove un-store #1410
- fix wait_for for delete search #1399
between 6 month and 7 month old
- incident meta #1391
- Incident status disposition #1389
- Update CODEOWNERS #1387
iroh [38]
- Enable auth on private intel es IOPS script #9275
- Dump events with dump metrics script #9180
- Sca clean phase 2 #9176
- add backup clusters for delete #9173
- Scripts for SCA issue cleaning #9161
- simplify sorting in telemetry reports #9144
- Add logs to better monitor reports #9142
- Report service: consider missing user/org ids #9134
- filter ids on search #9130
- Generate statistics about modules #9108
- Refactor iops report generation #9099
- bump ctim / remove status disposition #9114
- fix flaky ES test: wait some more #9089
- telemetry report: fix search iteration for batch size 10000 #9082
- reduce logs by adding user-scopes #9078
- tk store: update ES index state #8664
- Add admin maintenance route to load MITRE stix #8967
- ctim 1.3.15 #9068
- limit walk entities to the necessary exports #9039
- ctim 1.3.14 #9016
- Dump ES metrics telemetry events #8999
- script to clean SE false positive incidents and sightings #8846
- MITRE Matrix: dynamic components design #8973
- fix Talos threat hunt #8969
- update the design of static MITRE matrix rendering #8949
- replace lazyseq by iteration in reports #8957
- For Jeetu by G2 #8920
- Some more incident stats #8861
- import mitre matrix backbone #8899
- Mitre coverage static matrix #8882
- add created and modified to IROH CTIM entities #8810
- bundle import activity diagrams #8708
- scoring at bundle import #8694
between 6 month and 7 month old
- Meta incident field #8617
- entitlement-enforcement-jobs-service in default #8612
- incident status_disposition #8587
- introduce admin common web service for cisco services #8573
- speed up listing of entilements #8516
tenzin-config [3]
- configure / tune private intel proxy cm #1074
- increase bundle-batch-size #1071
between 6 month and 7 month old
- fix config path in README.md #1000
Ambrose Bonnaire-Sergeant
[41]
ctia [13]
- Bump ring-swagger with proof of memory leak fix #1423
- Clojure 1.11.1 -> 1.11.2 #1416
- Revert patch bundle commits #1411
- Fix 2XX response swagger/coercion, ban
:return
#1407
- Remove asset properties/mapping merging during bundle patch #1408
- Fix :body descriptions #1409
- Fix POST /bulk schema checking #1406
- Use prn instead of pprint for logs #1401
- Eval routes and options given to
context
at
initialization time #1394
- Use
st/merge
to merge schemas instead of
into
#1398
- Never match existing asset-* entities when patch-existing=false #1395
- Re-enable incident tests #1393
between 6 month and 7 month old
- Add external_ids to investigation select fields #1392
iroh [24]
- Add support for JDK 21 #9251
- Bump ring-swagger and prove it fixes the memory leak #9244
- Fix typo in debug log #9228
- Debug logs to investigate person assets not being imported #9227
- Update status endpoint to keep conure updated #9209
- Update test for new carmine non-FIFO queues:
queue-status-report-test
#9103
- Make generated tk meta easier to review using pprint #8805
- Restrict possible values for updated asset properties #9022
- Don't forward response headers from CTIA to IROH #9014
- Only subscribe incidents with supported observables #9000
- Fix flaky test #9001
- Redis: Set NX / XX #8970
- Bulk asset update + rescoring route #8963
- Fix logf call #8925
- Fix incident subscription args, and only subscribe incident if
observables/identities are non-empty #8921
- Fix DI subscription URL #8914
- Revert patch bundle commits #8903
- Fix swagger description #8905
- Asset properties update and incident rescoring route #8843
- Rescoring task #8869
- Generate valid DI auth tokens for incident subscriptions #8804
- Fix
(reset)
#8799
- Subscribe to incident asset rescoring via DI #8699
- Only pass default patch-existing query params in bundle/import proxy
if patch-existing=true #8725
tenzin-config [4]
- Bulk asset update limits #1059
- Add Conure url to Private intel config #1052
- Add config for DI client in iroh-engine #1036
- Add device insights url to iroh-engine config #1014
integrations
Matthieu Sprunck [20]
iroh [16]
- Adding and editing Automate notification types #9277
- Rename automation_workflow_disabled to
automation_workflow_definition #9196
- Revert "Update the json appender to rename the output level key
(#9187)" #9191
- Change Incident Assignment Notification wording #9189
- Add title and link to the incident in the incident assignment
notification #9188
- Add a log when an unexpected status is returned from KafkaConnect #9153
- IROH Proxy: Correct handling for path with spaces (%20) #9149
- Build notification type name from notification type #9140
- JMX metrics for clj-http connection manager #8765
- Always decompress the body when status is not 2xx #8527
- Restore default expiration (24h) for the local session token #8747
between 6 month and 7 month old
- Workflow event schema changes #8656
- IROH Proxy: remove headers set by the reverse proxy #8655
- More log context to investigate #8638 #8654
- Add logging info to investigate #8638 #8653
- StackOverflowError temporary fix #8607
tenzin-config [4]
- Configure XDR URL in the PrivateIntel service for the Assignment
notification #1116
- Create a module record for Microsoft Graph API #1050
- Fix settings names for JAMF auth upgrade #1048
- Use Token Auth with the JAMF Classic API #1038
Kirill Chernyshov [42]
iroh [35]
- Draft design #9201
- Format redirect url for email notification #9211
- Use static string 'Cisco' as a subtitle #9210
- Coerce incoming notification before email format #9204
- [REFACTORING] Standardize trapperkeeper usage #9177
- Use
notify!
to create notification via API call #9162
- Fix copyright notice in email template #9159
- Add simple template for notification email #9150
- Allow nil as a correlation id #9143
- Fix for EventService initialization #9141
- Respect user notification preferences #9133
- Add default config for NotificationInDelivery #9128
- 8938 e8811 process email notification delivery #9127
- Fix config key #9115
- Fix dev config for NotificationInDeliveryService #9113
- On recieving NotificationRequest notify users according to their
preference #9087
- Upgrade clojure 1.11.1 -> 1.11.2 #9072
- Remove maintenance notification type #9069
- 8933 e8811 create notificationindeliveryservice persistence only #9025
- "In App" -> "In-App" #9020
- Add correct :name and :description to notification type meta #9012
- NotificationPreference API real endpoint #8995
- NotificationPreference Service #8982
- Fixes for notification endpoint #8964
- Add notification preference api endpoints #8947
- Initial draft design of notifications delivery #8844
- Refactor data streams service #8793
- DRY'ed out client-creds-token namespace #8783
- Kafka connect monitoring #8278
- Handle undelivered records #8634
- Events data retention enforcement job #8722
- Iroh events data retention implementation #8666
- Iroh events postgres data retention #8693
between 6 month and 7 month old
- Use timbre for logging #8651
- Add draft design for IROH Events data retention #8585
tenzin-config [7]
- Add KafkaProducerService to all envs #1107
- Add email kafka consumer to all envs #1106
- Enable kafka consumer for email notifications #1099
- Add new kafka topics for IROH notifications #1070
- Add ES sink connector v2 to test full migration #1035
- Fix broken data stream on TEST #1034
- Config for DataStreams service #1033
Shafiq [33]
iroh [30]
- Return relevant proxy health check errors req auth fails #9290
- Fix access-token url for rubrik and commvault auth #9287
- Support Async remote requests in AutomateRemoteProxy #9264
- Design Automation-Remote target for iroh-proxy #9190
- Trim whitespace when interpolating pipe transforms #9121
- Support for GoogleAPI Authorization #9106
- Refactor proxy health check #9066
- Data retention cleanup of notification services #9064
- Apply data retention policy on iroh-notifications #9054
- Add
:remote
type in configuration spec fields #9046
- Refactor proxy-health-check #9033
- Update proxy-health-check logging #9028
- Update proxy health check logging #9024
- Perform relay-api request based on observable-types #9017
- Add selection of settings for configuration-token auth #9007
- Support for dedicated url setting for iroh-proxy requests #8998
- Route for patching module-type documentation #8981
- Add filtering of notifications using multiple statuses #8974
- Support for transforming interpolated strings. #8945
- Construct token url from base-url setting #8923
- [IROH Proxy] Support for Rubrik and Commvault API services #8902
- [iroh-proxy] Include POST method for proxy health check #8878
- Update relay-module schemas for Checkpoint auth #8875
- [iroh-proxy] Implement Checkpoint Smart-1 authentication #8873
- Fix schema of proxy health check #8827
- Add string matching for health check #8815
- Fallback to iroh-events store when kafka send fails #8786
- Fix mapping for incident events #8703
between 6 month and 7 month old
- Update iroh-event developer doc #8596
- Add x-sort header to support search_after pagination #8586
tenzin-config [3]
- Swtich to new sink-connector in INT #1024
- Add updated sink connector for all envs #1021
- Add sink connector for new iroh-event datastream #1019
auth
bartuka [54]
iroh [46]
- add
:content-type :json
explicitly to clj-http #9090
- Brownfield Provisioning - make the
region
field
available for TEST purposes only #9079
- Improve logs for Brownfield provisioning #9076
- [IROH Auth] update QA routes for Universal Provisioning flow #9053
- [IROH Auth] Fix access token brownfield provisioning #9049
- [IROH Auth] bugfix - accept empty string as entitlement value for
universal provisioning #9021
- [IROH Auth] FMC add re-token proxy request #9011
- [IROH Auth] fix FMC redirect call to
/device
#8987
- [IROH Auth] fix device verification redirection #8979
- fix proxy requests to FMC #8972
- [IROH Auth] FMC OAuth2 and SSE proxies #8840
- [IROH Auth] Improvements to universal provisioning callback #8913
- [IROH Auth] bugfix #4: add
:content-type :json
to
callback request #8909
- [IROH Auth] fix payload sent to PIAM callback_url after provisioning
was complete #8900
- [IROH Auth] bugfix Universal Provisioning created schema error #8892
- [IROH Auth] bugfix parsing OKTA JWT scopes #8880
- [IROH Auth] Brownfield provisioning - endpoint to attach existing
tenant to a SBG product #8806
- [IROH Auth] Support FMC in the
jwks
service #8830
- [IROH Auth] Fix DI onboarding in Universal Provisioning Flow #8813
- Revert "[IROH Auth] support for FMC token in JWKS Service" #8816
- [IROH Auth] support for FMC token in JWKS Service #8808
- [IROH Auth] Check QA
callback_url
to complete
provisioning tests #8763
- [IROH Auth] better swagger descriptions for Universal Provisioning
#8752
- [IROH Auth] remove empty strings from
client-id
got
from Vault #8760
- [IROH Auth] add missing scope to get OKTA JWT #8759
- [IROH Auth] add logs to investigate get okta jwt #8758
- [IROH Auth] bugfix -
client/post
should use
:form-params
instead of :body
#8753
- [IROH Auth] bugfixes - arity exception, change
product-response
datatype, change pmap
to
map
#8738
- [IROH Auth] bugfix - fix urls in
POST /tenants
returned
value and payload field names #8733
- [IROH Auth] Cache OKTA JWT used for provisioning callback #8727
- [IROH Auth] Improvements on logs and error handling to
UniversalProvisioning and JWKSService #8707
- [IROH Auth] Duplicate
universal-provisioning
web routes
to accept IROH JWTs #8675
- [IROH Auth] Expose
callbacks packages
store to check
Universal Provisioning status #8702
- [IROH Auth] Improve 202 Accepted response for
/universal-provisioning/create-tenants
#8701
- [IROH Auth] Fix name convention to callbacks route in Universal
Provisioning flow #8691
between 6 month and 7 month old
- [IROH Auth] Gen OKTA JWT to callback request in Universal
Provisioning flow #8673
- bugfix - missing
UniversalProvisioningCallbackService
to deploy IROH nodes #8680
- [IROH Auth] Check pending provisions from time-to-time. Endpoint
that will be called by OPS tick #8674
- [IROH Auth] Add callback handler to receive provisioning status from
downstream apps #8633
- [IROH Auth] Add support to UserIdentity JWTs in
JWKSService
#8647
- [IROH Auth] Bugfix in JWKSService logic #8659
- [IROH Auth] update docs for Universal Provisioning work #8640
- [IROH Auth] Simplify IROH Web Core by leveraging
JWKSService
for all webservices #8632
- [IROH Auth] Add structure to keep track of onboardings to support
async flow in Universal Provisioning #8599
- [IROH Auth] Add support to accept IROH Auth JWTs and External JWTs
in a WebService #8528
- [IROH Auth] bump
ring-jwt-middleware
to
1.1.5
#8568
tenzin-config [8]
- add fmc client id for each env #1065
- fix url for device verification #1058
- Add FMC Proxy configuration #1056
- fix okta links #1043
- FMC base-urls to configure JWKS #1040
- [IROH Auth] bugfix - add config to okta jwks #1017
- [IROH Auth] add OKTA config for Universal Provisioning flow #1010 #1013
between 6 month and 7 month old
- add universal_provisioning_callbacks store #1011
Yann Esposito [118]
iroh [51]
- Scopes by app #9247
- Disable SSE Proxy for XDR orgs #9280
- improve Client credentials error message to help debug #9213
- Attempt to provide a body to the onboarding with mustache #9151
- provisioning API for Org apps #9195
- Revert "add admin-ui to the gh-pages (#9222)" #9223
- add admin-ui to the gh-pages #9222
- Add sc-enabled? flag to profile API views #9192
- [PIAM Brownfield Provisioning]: Provide a way to update link tenants
#9186
- Add apps field to Orgs #9175
- improve response when PIAM returns an error #9183
- fix flaky test invite-test paging #9182
- Support aero configurations #9170
- Fix invites pagination #9138
- Support FMC returning Bearer instead of bearer #9126
- composable jwks test helper #9120
- Sync user-name during SCSO login #9117
- Another IPv6 in URL fix #9084
- Support IPv6 in URL for inspect service #9083
- Update of the login doc #9067
- optimize search user given a list of ids #9018
- Fix link tenant bug #8975
- Upgrade Org to XDR on first entitlement update. #8881
- [IROH-Auth]: Auth Code Grant Client that do not generate any refresh
token #8927
- Specialize TAC routes access #8884
- Remove legacy restriction of AO scopes #8890
- Update deps to accept JWT without nbf claim #8872
- New endpoint to ease impersonation usage #8855
- Fix PIAM Universal Provisioning routes #8828
- Should fix open impersonate flaky test #8809
- Keep track of impersonators #8736
- Restrict TAC routes to admins #8794
- Remove with-tk #8779
- Code/Test Improvements #8767
- add a test for matching schema #8770
- Custom Role Design doc #8497
- Attempt to improve error message of match? #8769
- Use
cid
for trace_id
when present #8754
- Support public client for custom routes #8749
- Add playbook scope #8739
- Fix webhook race condition risk #8728
- Call get-org only once for org-virtual user #8724
- Use a cache for entitlement summaries #8667
- upgrade jetty version #8714
- Remove a forgotten pretty printer #8713
between 6 month and 7 month old
- Fast Event Notifier dispatch using event-type #8650
- Fix DI onboarding #8657
- Generalize default indexes for data retention #8598
- [Data Retention Policy]: Delete incident summaries along incident #8576
- [Provisioning] Introduce
product-instance-id
#8577
- Simply wait a lot more for ES to sync #8553
iroh-scripts [36]
- ai onboarding
- fix a bug with trust client
- fix resend-invite
- script to remove flags
- fix a bug in create-super-org
- relink scc script
- prevent id collision
- cleaned-up get-org response
- Added add-flag script here
- CSE client and better patch
- resend-invite
- add SXP riles prod clients
- improve client manipulations
- Updated scripts
- use include
- use local clojure
- Added a better alias for sxo clients
- SXO rules
- added ai client with script
- Fix
- A few new scripts
- Super client should be part of XDR orgs
- Super org should have the XDR flag
- Add admin user
- updated and added scripts
- save and improve client aliases
- save improvements
- create dashboard clients
- Support client aliases in get-client
- Update client with client-aliases
- many new scripts
between 6 month and 7 month old
- added a 1-time script
- Add trusted to get-client
- Improve search and error messages
- Prepare TG to SCSO org migration
- add scope to a client
oauth2-client-demo [3]
- pin packages
- reuse authorized url
- added Meraki client to the list
ring-jwt-middleware [3]
- Version 1.1.7-SNAPSHOT
- Version 1.1.6
- Support missing nbf JWT #30
scopula [6]
- Version 0.3.3-SNAPSHOT
- Version 0.3.2
- real cljs support
- Version 0.3.2-SNAPSHOT
- Version 0.3.1
- support cljs
tenzin-config [14]
- Add applications URL in iroh conf #1146
- Add AI Assistant automatic onboarding during Provisioning #1142
- add iroh gh-pages to allowed login origin #1123
- New SCA env for TEST/STAGING #1114
- configure automatio rules clients to not be rate limited #1111
- interpolation improvements #1112
- Add support for interpolation and self ref #1110
- Remove rate-limit for another SXO client on INT #1087
- Disable rate-limit SXO client for rules #1084
- Double threads dedicated for VirusTotal http calls #1051
- fix vault tpl transformations and checks #1041
- Remove rate-limit for automation #1044
- Check vault templating error #1023
- Add Universal Provisioning Services #1015
xdr-provisioning [5]
- added a few useful script + ai onboarding support
- improved re-onboarding script
- use local clojure
- Manage entitlements add-ons
- add a re-provisioning script that rerun onboardings
Olivier Barbeau [47]
iroh [31]
- Add number of incidents to each technique in the Mitre matrix #9157
- Fix events and incidents ES stores for DEV #9154
- E8851: XDR Native & detections #9122
- E8851: Design of changes for XDR native detections #9110
- E8851: Product ordering in the coverage of techniques #9100
- E8851: Product ordering and SCA renaming #9086
- E8851: Add Org's integrations to the Mitre matrix #8993
- E8851: Sorting of Mitre elements #8992
- E8851: Static matrix common to all Orgs #8939
- E8851: Talos MITRE coverage files import #8876
- Design of the Talos MITRE coverage files import #8856
- 'iroh' node type and default services for all node types #8817
- Check the list of services for a node type #8800
- Fix merge error on PR 8784 #8797
- [IROH configuration]: Move role-web-service config to default tk
files #8782
- [IROH configuration]: Universal Provisioning Services config
refactor #8784
- [IROH configuration]: explicit name for generated conf and meta #8785
- Clean bootstrap.cfg; remove tmp file #8781
- Add few additional tests to iroh services #8762
- rewrite tests #8773
- more info for debugging #8717
- [IROH configuration]: general documentation #8764
- update developer doc for api-gateway #8723
- Some test clean-up #8716
between 6 month and 7 month old
- High volume of SQL queries for a single observe/deliberate call #8682
- Remove the state of module instances in
obfuscate-module-instance
#8670
- E8388: update proxy-endpoints-metadata endpoint and metadata #8663
- E8388: update x-proxy endpoint and IntService ACL filters #8608
- E8388 : Simplifies upgrade/downgrade tests #8635
- Implement
Module Instance service
event handler #8592
- Updates to the design 'entitlement changes for integration modules'
#8541
tenzin-config [16]
- add XDR native module types for PROD #1115
- add SCA module-type-id for XDR Native on TEST [temp UI fix] #1109
- add SCA module-type-id for XDR Native [temp UI fix] #1108
- Mitre: Add detections for XDR Native #1098
- product ordering and SCA renaming #1079
- Config for Mitre covering products #1072
- Deep merge for vectors and sets with duplicates check #1032
- Reduce configuration duplicates - config.edn part #1031
- Reduce configuration duplicates - bootstrap.cfg part #1028
- Move role-web-service config to IROH #1026
- Move Universal Provisioning Services config to IROH #1027
- Clean bootstrap cfg #1025
- Remove the
:registration
flag in all environments #963
- Remove the
:merge-users-by-email
flag in all
environments #962
- Remove the
:account-activation-optim
flag in all
environments as it is now activated everywhere. #961
- Remove the
xdr-roles
flag in all environments #964
(Yogsototh) [52]
iroh-scripts [36]
- ai onboarding
- fix a bug with trust client
- fix resend-invite
- script to remove flags
- fix a bug in create-super-org
- relink scc script
- prevent id collision
- cleaned-up get-org response
- Added add-flag script here
- CSE client and better patch
- resend-invite
- add SXP riles prod clients
- improve client manipulations
- Updated scripts
- use include
- use local clojure
- Added a better alias for sxo clients
- SXO rules
- added ai client with script
- Fix
- A few new scripts
- Super client should be part of XDR orgs
- Super org should have the XDR flag
- Add admin user
- updated and added scripts
- save and improve client aliases
- save improvements
- create dashboard clients
- Support client aliases in get-client
- Update client with client-aliases
- many new scripts
between 6 month and 7 month old
- added a 1-time script
- Add trusted to get-client
- Improve search and error messages
- Prepare TG to SCSO org migration
- add scope to a client
oauth2-client-demo [3]
- pin packages
- reuse authorized url
- added Meraki client to the list
ring-jwt-middleware [2]
- Version 1.1.7-SNAPSHOT
- Version 1.1.6
scopula [6]
- Version 0.3.3-SNAPSHOT
- Version 0.3.2
- real cljs support
- Version 0.3.2-SNAPSHOT
- Version 0.3.1
- support cljs
xdr-provisioning [5]
- added a few useful script + ai onboarding support
- improved re-onboarding script
- use local clojure
- Manage entitlements add-ons
- add a re-provisioning script that rerun onboardings
iroh-ops
Jerome Schneider [1]
tenzin-config [1]
- IROH migrate to new MSK SASL/SCRAM cluster!
Patrick Patat [1]
tenzin-config [1]
- refactor ops config with new ref system #1113
Other
Other
Robert Levy [7]
iroh [6]
- Inherit properties from type in hierarchical modules #9042
- Format hierarchical modules invalid-parent-id error with context and
error type #8901
- Update hardcoded source in Secure Endpoint module #8874
- Expose pagination & search functionality in notifications api #8803
- Fix bug in hierarchical module logic producing empty
settings/settings_effective map #8745
- Issue 8158 hierarchical module #8469
tenzin-config [1]
between 6 month and 7 month old
- Revert "Adds cache configuration for CrowdStrike (#1002)" #1005
Eric Gierach [4]
iroh [1]
- update iroh-engine to 0.16.5 #9291
tenzin-config [3]
- removing duplicate entry #1078
- Swap stg and test configs for reporting. #1077
- Disabling reporting until Ops gets the infra set up. #1075
II [21]
iroh [17]
- Xdr 1281 Adds user agent to Umbrella requests #9292
- Keeps Kondo from being run on dev start #9220
- Xdr 1282 Adds new Umbrella service to default services #9214
- Xdr 1282 add v 2 token cache to umbrella integration #9208
- XDR-1411 Fixes inconsistent v1 v2 refer #9197
- 9074 remove settings effective #9075
- 8990 umbrella investigate v2 #9030
- 8958 Adds Missing Umbrella v2 Sightings #8960
- 8498 fix token cache #8911
- 8798 create migration to add parents to existing microsoft defender
modules #8870
- Throws exception in parent validation on non-existent parent #8850
- Merges module type props on create and update health check #8845
- Implements v2 threat hunting #8833
- This should fix issue with parent settings not used on create-patch
#8822
between 6 month and 7 month old
- Adds insights scope to allowed Automation scopes in gen-ao-jwt #8678
- 8496 token cache fix #8637
- 8496 - relay module token cache #8580
tenzin-config [4]
- Disables Umbrella module auto load so service does it #1120
- Enables Umbrella token caches #1119
between 6 month and 7 month old
- Revert "Revert "Adds cache configuration for CrowdStrike (#1002)"
(#1005)" #1008
- Adds cache configuration for CrowdStrike #1002
Devin Walters [8]
tenzin-config [8]
- Configure s3-http-client connection pool size for PROD environments
#1105
- Turn on reporting pipeline in TEST #1097
- Up hikari pool size in INT for conure #1095
- Configure incident import bucket per PROD env for iroh and
iroh-async #1092
- Configure incident pipeline #1091
- Fix bucket name #1083
- Match s3 bucket key #1082
- Add INT and TEST enrichment bucket names to relevant configs #1057
Mia [7]
iroh [7]
- new engine version #9273
- Xdr 1918 no old assets #9267
- create permanent logs to unobtrusively monitor bundle import results
#9242
- New iroh event docs #9181
- iroh-engine 0.16.2 #9125
- Engine 0.16.1 #9116
- Engine 0.16.0 #8997
Martin Bruchanov [3]
tenzin-config [3]
- XDRSRE-1158: Enabling ElasticSearch authentication for CTIA/PCTIA #1141
- XDRSRE-1150: Retention enforcement authentication INT #1132
- XDRSRE-64: Authentication for public CTIA in INT #1081
James Moser [1]
tenzin-config [1]
- added QA domain to idps email domain whitelists #1085
[21]
iroh [17]
- Xdr 1281 Adds user agent to Umbrella requests #9292
- Keeps Kondo from being run on dev start #9220
- Xdr 1282 Adds new Umbrella service to default services #9214
- Xdr 1282 add v 2 token cache to umbrella integration #9208
- XDR-1411 Fixes inconsistent v1 v2 refer #9197
- 9074 remove settings effective #9075
- 8990 umbrella investigate v2 #9030
- 8958 Adds Missing Umbrella v2 Sightings #8960
- 8498 fix token cache #8911
- 8798 create migration to add parents to existing microsoft defender
modules #8870
- Throws exception in parent validation on non-existent parent #8850
- Merges module type props on create and update health check #8845
- Implements v2 threat hunting #8833
- This should fix issue with parent settings not used on create-patch
#8822
between 6 month and 7 month old
- Adds insights scope to allowed Automation scopes in gen-ao-jwt #8678
- 8496 token cache fix #8637
- 8496 - relay module token cache #8580
tenzin-config [4]
- Disables Umbrella module auto load so service does it #1120
- Enables Umbrella token caches #1119
between 6 month and 7 month old
- Revert "Revert "Adds cache configuration for CrowdStrike (#1002)"
(#1005)" #1008
- Adds cache configuration for CrowdStrike #1002
Martin Bruchanov [1]
iroh [1]
- XDR-1344: Final version of deletion script used for PROD change #9174
Ruslan Yemelianov [2]
tenzin-config [2]
- Revert "enable ES auth private-ctia INT"
- enable ES auth private-ctia INT
Andrew Parisi [2]
tenzin-config [2]
- [data-retention/update-iroh-internal-for-prod] #1018
between 6 month and 7 month old
- [data-retention/update-entitlement-route-information] #1004
Scott McLeod [7]
iroh [6]
- Notification service timestamp filter #9252
- Tk store half bounded intervals #9158
- Extend tk search with range queries #8912
- Resolves postgres driver sql-injection vulnerability #9091 #9092
- Implement searching risk scores by score #8907
- tk store: Add delete-search method #8213 #8692
tenzin-config [1]
- Increase ReportService batch size to ES maximum #1055
Sam Waggoner [3]
tenzin-config [3]
- Increase ctia.http.bulk.max-size in INT
- Configure hydrant to use internal ES metrics api.
- hydrant/912 add clean hashes importer.
t2sw [2]
ctia [1]
between 6 month and 7 month old
iroh [1]
- add health endpoint to tac portal and update tests #9002
Brooke Swanson [24]
ctia [2]
- XDR-1769: bump CTIM to 1.3.17. #1422
- Add brookeswanson to codeowners. #1396
iroh [8]
- Maintain behavior for existing events, but also notify s3 if an
incid… #9172
- XDR-1769: bump CTIM to 1.3.17. #9226
- Reformat bucket path #9102
- Save to s3 on bundle import. #8977
- Replace CTIA Crud with Conure Calls #8924
- Limit risk score #8906
- Set Limits around observe targets call #8910
- Add no-doc true and prevent explosion due to mismatched types. #8548
tenzin-config [14]
- Failure to configure correct url. #1100
- These were flipped in TEST and we would like to test reports. #1094
- One more time see if the report tab will work. #1088
- Toggle report feature until Infrastructure is stable. #1086
- update config. #1080
- Report in test. #1076
- conure -> base-url. #1073
- Temporary flip this to not spam logs. #1069
- Output buckets. #1068
- Distributor and Conure configs. #1067
- Add base-url for incident export (and incident report). #1064
- Add playbook to conure configs. #1060
- Add ouath2 config for all regions. #1020
- Playbook automation config. #1037
Yurii Ivanisenko [1]
tenzin-config [1]
- tactical-portal moved to vercel #1022
James Brock [1]
easy-purescript-nix [1]
ryemelia [9]
tenzin-config [9]
- XDRSRE-1370: Enable ES auth for staging-ctia service #1147
- XDRSRE-1370: Enable ES auth for ctia and private-ctia #1145
- XDRSRE-1155: Enable ES auth iroh/iroh-async all envs #1137
- XDRSRE-1150: [TEST] Enable ES auth iroh/iroh-async #1128
- Enable ES auth private-ctia TEST #1126
- Enable es auth CTIA test #1127
- fix kafka connector ES AUTH for INT #1129
- Enable ES auth private-ctia INT #1125
- XDRSRE-1273: [INT] Enable ES auth for iroh iroh-async #1124