# -*- mode: org -*- Archived entries from file /Users/esposito/.org/tracker.org * DONE Fix users in Prod CLOSED: [2020-06-15 Mon 11:50] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W25/[2020-06-15 Mon] :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: work :END: :LOGBOOK: CLOCK: [2020-06-15 Mon 10:54]--[2020-06-15 Mon 11:50] => 0:56 :END: [2020-06-15 Mon 10:54] ref :: [[file:~/.org/tracker.org::*TODAY \[2020-06-15 Mon\]][TODAY [2020-06-15 Mon]​]] * DONE finish to merge the Trusted Clients + non activated org filter for OAuth2 CLOSED: [2020-06-08 Mon 14:59] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W24/[2020-06-08 Mon] :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: work :END: :LOGBOOK: CLOCK: [2020-06-08 Mon 14:34]--[2020-06-08 Mon 14:59] => 0:25 CLOCK: [2020-06-08 Mon 10:59]--[2020-06-08 Mon 11:39] => 0:40 :END: [2020-06-08 Mon 10:59] * DONE NPE when using the activation email for the second time #3734 CLOSED: [2020-06-09 Tue 18:10] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W24/[2020-06-09 Tue] :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: work :END: :LOGBOOK: CLOCK: [2020-06-09 Tue 10:14]--[2020-06-09 Tue 10:38] => 0:24 :END: [2020-06-09 Tue 10:14] * DONE check travis-ci errors CLOSED: [2020-06-03 Wed 14:57] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W23/[2020-06-03 Wed] :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: work :END: :LOGBOOK: CLOCK: [2020-06-03 Wed 14:49]--[2020-06-03 Wed 14:57] => 0:08 CLOCK: [2020-06-03 Wed 11:28]--[2020-06-03 Wed 12:28] => 1:00 CLOCK: [2020-06-03 Wed 10:30]--[2020-06-03 Wed 11:27] => 0:57 :END: [2020-06-03 Wed 10:30] It was a time-bomb. The `id_token` expires after 24h. https://github.com/threatgrid/iroh/pull/3720 * DONE finishing the Invite fixes PR CLOSED: [2020-05-20 Wed 11:15] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W21/[2020-05-20 Wed] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: iroh :END: :LOGBOOK: CLOCK: [2020-05-20 Wed 10:54]--[2020-05-20 Wed 11:15] => 0:21 :END: [2020-05-20 Wed 10:54] * DONE working to make magit forge work for tenzin-config CLOSED: [2020-05-07 Thu 23:43] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-07 Thu] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: work :END: :LOGBOOK: CLOCK: [2020-05-07 Thu 12:03]--[2020-05-07 Thu 12:10] => 0:07 :END: [2020-05-07 Thu 12:03] * DONE OAuth2 login page support CLOSED: [2020-05-12 Tue 08:42] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-07 Thu] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: work :END: :LOGBOOK: CLOCK: [2020-05-07 Thu 13:58]--[2020-05-07 Thu 16:49] => 2:51 :END: [2020-05-07 Thu 13:58] * DONE Init VPNs CLOSED: [2020-05-06 Wed 10:11] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-06 Wed] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: work :END: :LOGBOOK: CLOCK: [2020-05-06 Wed 10:06]--[2020-05-06 Wed 10:11] => 0:05 :END: [2020-05-06 Wed 10:06] * DONE Checking chat/email/issues CLOSED: [2020-05-12 Tue 08:41] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-06 Wed] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: work :END: :LOGBOOK: CLOCK: [2020-05-06 Wed 11:34]--[2020-05-06 Wed 11:36] => 0:02 CLOCK: [2020-05-06 Wed 10:40]--[2020-05-06 Wed 11:01] => 0:21 CLOCK: [2020-05-06 Wed 10:12]--[2020-05-06 Wed 10:18] => 0:06 :END: [2020-05-06 Wed 10:12] * DONE IROH-Auth Login feedbacks :iroh: CLOSED: [2020-05-06 Wed 12:37] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-06 Wed] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: work :END: :LOGBOOK: CLOCK: [2020-05-06 Wed 11:01]--[2020-05-06 Wed 11:31] => 0:30 :END: [2020-05-06 Wed 11:01] * DONE project.clj repl tweaking :iroh: CLOSED: [2020-05-12 Tue 08:41] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-06 Wed] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: work :END: :LOGBOOK: CLOCK: [2020-05-06 Wed 12:16]--[2020-05-06 Wed 12:37] => 0:21 :END: [2020-05-06 Wed 12:16] Made this PR https://github.com/threatgrid/iroh/pull/3577 * DONE Check OAuth2 with new login page still works as expected. :oauth2: CLOSED: [2020-05-06 Wed 14:39] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-06 Wed] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: work :END: :LOGBOOK: CLOCK: [2020-05-06 Wed 14:24]--[2020-05-06 Wed 14:39] => 0:15 :END: [2020-05-06 Wed 14:24] [[file:~/.org/tracker.org::*Craig chat about integration scope and admin][Craig chat about integration scope and admin]] * DONE Change default login page for OAuth2 workflow :tenzin: CLOSED: [2020-05-12 Tue 08:40] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-06 Wed] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: work :END: :LOGBOOK: CLOCK: [2020-05-06 Wed 16:20]--[2020-05-06 Wed 16:20] => 0:00 CLOCK: [2020-05-06 Wed 14:40]--[2020-05-06 Wed 15:16] => 0:36 :END: [2020-05-06 Wed 14:40] [[file:~/.org/tracker.org::*Craig chat about integration scope and admin][Craig chat about integration scope and admin]] * DONE Feedback about PRs CLOSED: [2020-05-12 Tue 08:40] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-06 Wed] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: work :END: :LOGBOOK: CLOCK: [2020-05-06 Wed 18:25]--[2020-05-06 Wed 19:46] => 1:21 :END: [2020-05-06 Wed 18:25] * DONE Hot-fix for scopes CLOSED: [2020-05-12 Tue 08:40] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-06 Wed] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :ARCHIVE_ITAGS: work :END: :LOGBOOK: CLOCK: [2020-05-06 Wed 19:46]--[2020-05-06 Wed 20:05] => 0:19 :END: [2020-05-06 Wed 19:46] * DONE Fix GB's PR CLOSED: [2020-05-05 Tue 11:33] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-05 Tue] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :END: :LOGBOOK: CLOCK: [2020-05-05 Tue 10:20]--[2020-05-05 Tue 10:25] => 0:05 :END: [2020-05-05 Tue 10:20] * DONE IROH-Auth Login Page CLOSED: [2020-05-12 Tue 08:40] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-05 Tue] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :END: :LOGBOOK: CLOCK: [2020-05-05 Tue 19:12]--[2020-05-05 Tue 19:25] => 0:13 CLOCK: [2020-05-05 Tue 15:40]--[2020-05-05 Tue 19:12] => 3:32 :END: * DONE account selector UX/UI CLOSED: [2020-05-12 Tue 08:40] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-05 Tue] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :END: :LOGBOOK: CLOCK: [2020-05-05 Tue 15:06]--[2020-05-05 Tue 15:40] => 0:34 CLOCK: [2020-05-05 Tue 13:35]--[2020-05-05 Tue 15:03] => 1:28 CLOCK: [2020-05-05 Tue 11:33]--[2020-05-05 Tue 12:23] => 0:50 CLOCK: [2020-05-05 Tue 10:12]--[2020-05-05 Tue 10:19] => 0:07 :END: [2020-05-05 Tue 10:12] * DONE Poser les congès CLOSED: [2020-05-04 Mon 17:54] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-04 Mon] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :END: :LOGBOOK: CLOCK: [2020-05-04 Mon 16:32]--[2020-05-04 Mon 16:35] => 0:03 :END: [2020-05-04 Mon 16:32] * DONE Ajouter `integration` aux scopes publics. CLOSED: [2020-05-07 Thu 23:35] :PROPERTIES: :ARCHIVE_TIME: 2020-06-21 Sun 16:19 :ARCHIVE_FILE: ~/.org/tracker.org :ARCHIVE_OLPATH: 2020-W19/[2020-05-04 Mon] Cisco :ARCHIVE_CATEGORY: tracker :ARCHIVE_TODO: DONE :END: :LOGBOOK: CLOCK: [2020-05-04 Mon 18:24]--[2020-05-04 Mon 19:37] => 1:13 :END: [2020-05-04 Mon 18:24] [[file:~/.org/tracker.org::*Craig ask for list of scopes][Craig ask for list of scopes]] * 2022 :PROPERTIES: :ARCHIVE_TIME: 2023-05-02 Tue 10:40 :ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org :ARCHIVE_CATEGORY: tracker :END: ** 2022-W05 *** 2022-02-03 Thursday **** DONE activate logout issue :work: :LOGBOOK: CLOCK: [2022-02-03 Thu 17:17]--[2022-02-03 Thu 19:02] => 1:45 :END: [2022-02-03 Thu 17:17] - ref :: [[id:7fa185e4-9866-4ce8-ab60-d62d8c80b041][Mode d'évaluation au paradis]] For https://github.com/advthreat/iroh/issues/6250 The fix (https://github.com/advthreat/iroh/pull/6194) has been reverted (https://github.com/advthreat/iroh/pull/6246) because SecureX and CTR work differently. GLaDOS and CTR must find a common solution, for now, we are blocked. I think the technical solution to return a 401 when the org change from unactivated to activated was proposed by @alucigna but I couldn't find the link to the discussion. cc: @alucigna @DarMontou @sabrinamokerji *** 2022-02-04 Friday **** MEETING Weekly Kirill Presentation :work:meeting: :LOGBOOK: CLOCK: [2022-02-04 Fri 17:04]--[2022-02-04 Fri 20:24] => 3:20 :END: [2022-02-04 Fri 17:04] - ref :: ***** Notes **** MEETING Simplify Registration :work:meeting: :LOGBOOK: CLOCK: [2022-02-04 Fri 16:37]--[2022-02-04 Fri 17:04] => 0:27 :END: [2022-02-04 Fri 16:37] - ref :: https://cisco-my.sharepoint.com/:w:/p/prdass/EXwUr_HCwOVNte7KFcFzUeABxvTZiL8vZTgd8-5WInt4hA?e=4%3an55ogS&at=9 Add your status in https://cisco-my.sharepoint.com/:w:/p/prdass/EXwUr_HCwOVNte7KFcFzUeABxvTZiL8vZTgd8-5WInt4hA?e=4%3an55ogS&at=9 ***** Agenda (to discuss about) ***** Notes ***** Actions ** 2022-W06 *** 2022-02-07 Monday **** REVIEW Github tour :work:review: :LOGBOOK: CLOCK: [2022-02-07 Mon 10:54]--[2022-02-08 Tue 09:49] => 22:55 :END: [2022-02-07 Mon 10:54] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Webex tour][Webex tour]] **** CHAT Webex tour :work:chat: :LOGBOOK: CLOCK: [2022-02-07 Mon 10:33]--[2022-02-07 Mon 10:54] => 0:21 :END: [2022-02-07 Mon 10:53] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Check Customer bug with tiles.][Check Customer bug with tiles.]] **** DONE Check Customer bug with tiles. :work: :LOGBOOK: CLOCK: [2022-02-07 Mon 09:52]--[2022-02-07 Mon 10:33] => 0:41 :END: [2022-02-07 Mon 10:52] - ref :: https://github.com/advthreat/response/issues/1076 Confirmed this is UI for now. *** 2022-02-08 Tuesday **** CHAT random rambling :work:chat: :LOGBOOK: CLOCK: [2022-02-08 Tue 10:47]--[2022-02-08 Tue 17:32] => 6:45 :END: [2022-02-08 Tue 10:47] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Email tour][Email tour]] **** EMAIL Email tour :work:email: :LOGBOOK: CLOCK: [2022-02-08 Tue 10:13]--[2022-02-08 Tue 10:47] => 0:34 :END: [2022-02-08 Tue 10:13] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Replace SSE IDB with SXSO][Replace SSE IDB with SXSO]] **** CHAT Webex tour :work:chat: :LOGBOOK: CLOCK: [2022-02-08 Tue 09:49]--[2022-02-08 Tue 10:13] => 0:24 :END: [2022-02-08 Tue 09:49] ***** IROH Remark about deps in IROH for Ag (pb with the formatting-stack and clojurescript) ***** IROH-Social ***** OPs General ***** DI Integration ***** Replace SSE IDB with SXSO Jason Chamber links: - A-Ha link (Epic) https://ciscosecurity.aha.io/epics/SECUREX-E-471 - A-Ha link (Feature) https://ciscosecurity.aha.io/features/SECUREX-557 - Jira link https://jira-eng-rtp3.cisco.com/jira/projects/SSO/issues/SSO-458?filter=myopenissues Demand A-HA access ***** SecureX + ThreatGrid Follow 1-click deactivation discussion. *** 2022-02-09 Wednesday **** MEETING API Design Meeting :work:meeting: :LOGBOOK: CLOCK: [2022-02-09 Wed 17:30]--[2022-02-09 Wed 18:16] => 0:46 :END: [2022-02-09 Wed 17:30] - ref :: ***** Agenda (to discuss about) ***** Notes ***** Actions **** MEETING Sync on the IROH Team capacity :work:meeting: :LOGBOOK: CLOCK: [2022-02-09 Wed 15:26]--[2022-02-09 Wed 17:30] => 2:04 :END: [2022-02-09 Wed 15:26] - participants :: Prerna ***** notes *** 2022-02-10 Thursday **** MEETING Town Hall Namrata :work:meeting: :LOGBOOK: CLOCK: [2022-02-10 Thu 20:02]--[2022-02-10 Fri 21:09] => 1:07 :END: [2022-02-10 Thu 20:02] Really excited for our session today. Really candid feedback from you. Every Quarter. What we are working on and why and where we're headed. ***** Intro - Business Result (Martin) - Product Strategy (demos) - Product Demonstrations Leave a few minutes at the end for some Q&A. ***** Business update & strategy discussion ****** Made a sell by showing SecureX ****** XDR FY23 (top priority for Cisco) ****** 10k customers ****** Improve Renewals Rates ****** Customer with EndPoint + Umbrella lot of usage. ****** Big Users use SecureX more than small ones **** MEETING Farewell Alex :work:meeting: :LOGBOOK: CLOCK: [2022-02-10 Thu 19:01]--[2022-02-10 Thu 20:02] => 1:01 :END: [2022-02-10 Thu 19:01] Expertise and broad culture. You have always been extremely helpful. Your insights were essential. Without them I wouldn't have been able to grasp the scope about what we are building. And thanks for helping me remember about Gundam and all the first times. **** MEETING Weekly Team Meeting :work:meeting: :LOGBOOK: CLOCK: [2022-02-10 Thu 17:00]--[2022-02-10 Thu 19:01] => 2:01 :END: [2022-02-10 Thu 17:00] Waiting Discussion about updating doc in the response repository. ***** Ag - Module Type Patch UI ***** Ambrose - put something in TEST might break something ***** G2 Description of lot of work for Q3, etc… ***** Irina - soft delete ***** Kirill Improve timeouts. Started a work around =pmap=. ***** Mark OIDC with AO. ***** Matt Addressing security issue discovered by the Engine team. ***** Olivier Emails of users in lower-case. Done in the code. Rollback system. And maintenance service that could update the stores. Adding a new search function. ***** Rob Support all modules that have a module-type in App Links. Integrating SXSO into that. SecureX endpoint. ***** Wanderson Simplification Registration FT Adding a new session to a new frontend. ***** Yann - customer session to fix a bug - IDB decommission must take the time, probably ask Matt some help. - Registration Simplification - Wanderson work make it possible to finally have an IROH-Auth Application Session. - Olivier is working on improving our textual search services and API. - Reduction of the scope should make it possible to finish for Q3 - The current work will make it a lot easier to provide a better UI to manage your multiple orgs (like hide/disable/rename etc…) - (background) fix the issue related to refresh token state in the DB, most of the work is now done for the new services, just need to populate the data during OAuth2 Code flow. ***** Guillaume Removed the arrow, and now, design with OIDC to propose trial. *** 2022-02-11 Friday **** MEETING Registration Simlification :work:meeting: :LOGBOOK: CLOCK: [2022-02-11 Fri 16:31]--[2022-02-11 Fri 17:48] => 1:17 :END: [2022-02-11 Fri 16:31] - ref :: ***** Agenda (to discuss about) ***** Notes ***** Actions **** CHAT Olivier Question like-match rule :work:chat: :LOGBOOK: CLOCK: [2022-02-11 Fri 15:19]--[2022-02-11 Fri 16:31] => 1:12 :END: [2022-02-11 Fri 15:19] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Security Training][Security Training]] **** DONE Security Training :work: :LOGBOOK: CLOCK: [2022-02-11 Fri 11:24]--[2022-02-11 Fri 11:50] => 0:26 :END: [2022-02-11 Fri 11:24] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*github notifications morning tour][github notifications morning tour]] **** DISC github notifications morning tour :work:discussion: :LOGBOOK: CLOCK: [2022-02-11 Fri 10:15]--[2022-02-11 Fri 11:23] => 1:08 :END: [2022-02-11 Fri 10:15] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Webex morning tour][Webex morning tour]] **** CHAT Webex morning tour :work:chat: :LOGBOOK: CLOCK: [2022-02-11 Fri 10:00]--[2022-02-11 Fri 10:15] => 0:15 :END: [2022-02-11 Fri 10:14] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Morning Email Tour][Morning Email Tour]] **** EMAIL Morning Email Tour :work:email: :LOGBOOK: CLOCK: [2022-02-11 Fri 10:11]--[2022-02-11 Fri 10:14] => 0:03 :END: [2022-02-11 Fri 10:11] ** 2022-W07 *** 2022-02-14 Monday **** MEETING Simplify Registration :work:meeting: :LOGBOOK: CLOCK: [2022-02-14 Mon 16:30]--[2022-02-14 Mon 17:19] => 0:49 :END: [2022-02-14 Mon 16:30] *** 2022-02-17 Thursday **** MEETING Weekly Team Meetings :work:meeting: :LOGBOOK: CLOCK: [2022-02-17 Thu 17:00]--[2022-02-17 Thu 20:45] => 3:45 :END: [2022-02-17 Thu 17:00] - ref :: ***** Ag index page is always tk-server *** 2022-02-18 Friday **** DONE Fix module-type :work: :LOGBOOK: CLOCK: [2022-02-18 Fri 12:21]--[2022-02-18 Fri 15:51] => 3:30 :END: [2022-02-18 Fri 12:21] - ref :: [[file:~/dev/iroh/lib/iroh-core/test/iroh_core/test_helpers_test.clj::(deftest is-similar?-test]] APJC SCA #+begin_src js { "description": "Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud) improves security and incident response across the distributed network, from the private network and branch office to the public cloud. This solution addresses the need for digital businesses to quickly identify threats posed by their network devices and cloud resources, and to do so with minimal management, oversight, and security manpower.\n\nThe network is evolving. IT resources are frequently being moved into the cloud. At the same time, the number of connected devices on the private network is increasing dramatically. Security personnel are struggling just to know what entities are operating in their environment, let alone whether they pose a threat to the organization.\n\nSecure Cloud Analytics addresses this problem by providing comprehensive visibility and high-precision alerts with low noise, without the use of agents. Organizations can accurately detect threats in real time, regardless of whether an attack is taking place on the network, in the cloud, or across both environments. Secure Cloud Analytics is a cloud-based, Software-as-a-Service (SaaS)-delivered solution. It detects ransomware and other malware, data exfiltration, network vulnerabilities, and role changes that indicate compromise.\n\nAlso, developer teams are continuously adopting new and more dynamic compute environments like serverless and containers such as AWS Lambda and Kubernetes. Secure Cloud Analytics provides visibility into these environments as well, so that organizations don’t have to compromise on security on their path to digital transformation.", "properties": "2MGqPrzLNIrfFeFK/UUzdpA98pKEUHLvd6d7+snqeh1lXokV9n6J8lKeAwp7tRdCSHT+crPhmilCkfBXkvfT+8NLp/rq+4TD32EkYqcYNngmgsAji/UJ6NuChgJnPd+FwwembDj2iPh7vFXHnGmLKlgOkweQzokI2CUROgbTw2JNruDhL47ws3LhMl2LRqlbJQP83yeGMmwjV0mjFSth/w25D1oIHR+mnYH7mrcKUH0XT/6xQzqJ3l6URkbun6wvzLycJhqtOtqtJSdB3cAfYlhfkpCY8ZXt9IO8/MyOeGJ6Qf2iz9gXIFAgtNBBz9bkZAPk4Uv0nei39F4lwFv9lmUdVGuHIHtHJKf4sn/qB40=", "capabilities": [ { "id": "health", "description": "Healthcheck" }, { "id": "deliberate", "description": "Deliberation" }, { "id": "observe", "description": "Enrichments" }, { "id": "refer", "description": "Reference links" }, { "id": "tiles", "description": "Dashboard Tiles" } ], "app_link_meta": { "url": "https://portal-anz.obsrvbl.com/auth/?next=%2Fv2%2F%23%2Fsettings%2Fintegrations%2Fsecurex", "meta": { "x_okta_bookmark_id": "0oa1idxamsrOKeFuN357" }, "title": "Stealthwatch Cloud (ANZ)" }, "tips": "If the Secure Cloud Analytics (formerly Stealthwatch Cloud) integration module displays a **Bidirectional** icon on the module panel, it indicates that the integration was enabled in Secure Cloud Analytics or SecureX. \n\nFor information on the Secure Cloud Analytics integration with SecureX, see [Secure Cloud Analytics SecureX integration Guide](https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/cloud/SecureX/SecureX_Integration_Guide_DV_2_0.pdf).", "logo": "data:image/svg+xml;base64,PHN2ZyBkYXRhLW5hbWU9IkxheWVyIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDM0LjEgMzIuMiI+PHBhdGggZmlsbD0iIzI3NGJhMCIgZD0iTTAgMGgzNC4xdjMyLjE2SDB6Ii8+PHBhdGggZD0iTTIyLjcgMTYuOGEzIDMgMCAwMC0zLTNoLS4xYTQuMyA0LjMgMCAwMC04LjEgMS41IDIuMyAyLjMgMCAwMC0yLjYgMS44LjkuOSAwIDAwLS4xLjUgMi4yIDIuMiAwIDAwMi40IDIuMkgyMGEzIDMgMCAwMDIuNy0zeiIgZmlsbD0iI2ZmZiIvPjxwYXRoIGQ9Ik0yMC4zIDhhOC43IDguNyAwIDAwLTUuOC0yLjIgMTEuNyAxMS43IDAgMDAtNS4xIDEuNk0xMC4xIDIzLjZoMTMuM3M1LjctLjcgNS43LTYuM2E2LjUgNi41IDAgMDAtMi45LTUuNCIgZmlsbD0ibm9uZSIgc3Ryb2tlPSIjZmZmIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPjxjaXJjbGUgY3g9IjIyLjciIGN5PSIxMC44IiByPSIxLjciIGZpbGw9IiNmZmYiLz48Y2lyY2xlIGN4PSI2LjMiIGN5PSIyMy42IiByPSIxLjgiIGZpbGw9IiNmZmYiLz48Y2lyY2xlIGN4PSI4IiBjeT0iOC43IiByPSIxLjQiIGZpbGw9Im5vbmUiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+PC9zdmc+", "org_id": "4f169b08-bb0d-4e97-a358-8fd3fd819066", "configuration_spec": [ { "key": "token", "type": "api_key", "label": "Authorization Token", "required": true } ], "short_description": "Gain the visibility and continuous threat detection needed to secure your public cloud, private network, and hybrid environments.", "title": "Secure Cloud Analytics", "external_references": [ { "link": "https://info.securexanalytics.com/SecureX-Trial-Request.html", "label": "Free Trial" }, { "link": "https://www.cisco.com/c/en/us/products/security/stealthwatch-cloud/index.html", "label": "Product Information" }, { "link": "https://www.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/cisco-stealthwatch-cloud-privacy-data-sheet.pdf", "label": "Privacy Policy" }, { "link": "https://portal-anz.obsrvbl.com/auth/?next=%2Fv2%2F%23%2Fsettings%2Fintegrations%2Fsecurex%3Fstatus%3Dtrue", "class": "activation", "label": "Activate" } ], "updated_at": "2022-02-18T10:17:14.710Z", "id": "f31e83d1-48e7-4384-9c6a-64a5c9cee05b", "record": "relay-module.module/RelayModule", "user_id": "207347d9-65c0-402b-88ce-ef028989e95f", "client_id": "iroh-ui", "default_name": "Secure Cloud Analytics", "flags": [ "default" ], "enabled": true, "visibility": "global", "created_at": "2020-05-15T17:45:46.904Z", "former_title": "Stealthwatch Cloud" } #+end_src NAM: #+begin_src js { "description": "Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud) improves security and incident response across the distributed network, from the private network and branch office to the public cloud. This solution addresses the need for digital businesses to quickly identify threats posed by their network devices and cloud resources, and to do so with minimal management, oversight, and security manpower.\n\nThe network is evolving. IT resources are frequently being moved into the cloud. At the same time, the number of connected devices on the private network is increasing dramatically. Security personnel are struggling just to know what entities are operating in their environment, let alone whether they pose a threat to the organization.\n\nSecure Cloud Analytics addresses this problem by providing comprehensive visibility and high-precision alerts with low noise, without the use of agents. Organizations can accurately detect threats in real time, regardless of whether an attack is taking place on the network, in the cloud, or across both environments. Secure Cloud Analytics is a cloud-based, Software-as-a-Service (SaaS)-delivered solution. It detects ransomware and other malware, data exfiltration, network vulnerabilities, and role changes that indicate compromise.\n\nAlso, developer teams are continuously adopting new and more dynamic compute environments like serverless and containers such as AWS Lambda and Kubernetes. Secure Cloud Analytics provides visibility into these environments as well, so that organizations don’t have to compromise on security on their path to digital transformation.", "properties": "yUY5o15RUpAfB7Lk3RxosIJYx2JpDTaf4TkddVzepwSbz3A9m9b+/KyHxuiSH1SbTf6r5qk2SgaSKA8efk3pbDqL2RQC248eQoez0EI0GaAmnXnnhuEH91ZFtddwyQdvX+tUY+vxbHfdkES6rKP0hLWxMMZcYikD5ONBfNwak3kqlq0g07c52Gnx9Qgg5UOdzwBqTVb883tJZ+fRAFhYU7Hu7DNZDRDnccTOUFNJw84hmg7NEFMjK5Z48BG51qBgW50u/Wxv7+ceCUFUYrwbFzQLB/zbspQcFJtlUwZHZ7jl/VQbLT5QqJLthRnphAIGE/xIsEeCG66fZg1Ds60Vwp/c12ueYJVsVZyhHBIG0wk=", "capabilities": [ { "id": "health", "description": "Healthcheck" }, { "id": "deliberate", "description": "Deliberation" }, { "id": "observe", "description": "Enrichments" }, { "id": "refer", "description": "Reference links" }, { "id": "tiles", "description": "Dashboard Tiles" } ], "app_link_meta": { "url": "https://portal-staging.obsrvbl.com/auth/?next=%2Fv2%2F%23%2Fsettings%2Fintegrations%2Fsecurex", "meta": { "x_okta_bookmark_id": "0oa1hyf3xtXD6Xqxg357" }, "title": "Stealthwatch Cloud (US)" }, "tips": "If the Secure Cloud Analytics (formerly Stealthwatch Cloud) integration module displays a **Bidirectional** icon on the module panel, it indicates that the integration was enabled in Secure Cloud Analytics or SecureX. \n\nFor information on the Secure Cloud Analytics integration with SecureX, see [Secure Cloud Analytics SecureX integration Guide](https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/cloud/SecureX/SecureX_Integration_Guide_DV_2_0.pdf).", "logo": "data:image/svg+xml;base64,PHN2ZyBkYXRhLW5hbWU9IkxheWVyIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDM0LjEgMzIuMiI+PHBhdGggZmlsbD0iIzI3NGJhMCIgZD0iTTAgMGgzNC4xdjMyLjE2SDB6Ii8+PHBhdGggZD0iTTIyLjcgMTYuOGEzIDMgMCAwMC0zLTNoLS4xYTQuMyA0LjMgMCAwMC04LjEgMS41IDIuMyAyLjMgMCAwMC0yLjYgMS44LjkuOSAwIDAwLS4xLjUgMi4yIDIuMiAwIDAwMi40IDIuMkgyMGEzIDMgMCAwMDIuNy0zeiIgZmlsbD0iI2ZmZiIvPjxwYXRoIGQ9Ik0yMC4zIDhhOC43IDguNyAwIDAwLTUuOC0yLjIgMTEuNyAxMS43IDAgMDAtNS4xIDEuNk0xMC4xIDIzLjZoMTMuM3M1LjctLjcgNS43LTYuM2E2LjUgNi41IDAgMDAtMi45LTUuNCIgZmlsbD0ibm9uZSIgc3Ryb2tlPSIjZmZmIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPjxjaXJjbGUgY3g9IjIyLjciIGN5PSIxMC44IiByPSIxLjciIGZpbGw9IiNmZmYiLz48Y2lyY2xlIGN4PSI2LjMiIGN5PSIyMy42IiByPSIxLjgiIGZpbGw9IiNmZmYiLz48Y2lyY2xlIGN4PSI4IiBjeT0iOC43IiByPSIxLjQiIGZpbGw9Im5vbmUiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+PC9zdmc+", "org_id": "964a8c3b-9aef-4e1d-aadf-e2754004d230", "configuration_spec": [ { "key": "token", "type": "api_key", "label": "Authorization Token", "required": true } ], "short_description": "Gain the visibility and continuous threat detection needed to secure your public cloud, private network, and hybrid environments.", "title": "Secure Cloud Analytics", "external_references": [ { "link": "https://info.securexanalytics.com/SecureX-Trial-Request.html", "label": "Free Trial" }, { "link": "https://www.cisco.com/c/en/us/products/security/stealthwatch-cloud/index.html", "label": "Product Information" }, { "link": "https://www.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/cisco-stealthwatch-cloud-privacy-data-sheet.pdf", "label": "Privacy Policy" } ], "updated_at": "2022-02-18T08:55:49.295Z", "id": "b3874a82-1967-4f9c-a42a-47f1d61ab835", "record": "relay-module.module/RelayModule", "user_id": "dcffe020-1c6a-4d78-ba09-f21674a59c9c", "client_id": "iroh-ui", "default_name": "Secure Cloud Analytics", "flags": [ "default" ], "enabled": true, "visibility": "global", "created_at": "2020-05-15T17:38:39.788Z", "former_title": "Stealthwatch Cloud" } #+end_src EU #+begin_src js { "description": "Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud) improves security and incident response across the distributed network, from the private network and branch office to the public cloud. This solution addresses the need for digital businesses to quickly identify threats posed by their network devices and cloud resources, and to do so with minimal management, oversight, and security manpower.\n\nThe network is evolving. IT resources are frequently being moved into the cloud. At the same time, the number of connected devices on the private network is increasing dramatically. Security personnel are struggling just to know what entities are operating in their environment, let alone whether they pose a threat to the organization.\n\nSecure Cloud Analytics addresses this problem by providing comprehensive visibility and high-precision alerts with low noise, without the use of agents. Organizations can accurately detect threats in real time, regardless of whether an attack is taking place on the network, in the cloud, or across both environments. Secure Cloud Analytics is a cloud-based, Software-as-a-Service (SaaS)-delivered solution. It detects ransomware and other malware, data exfiltration, network vulnerabilities, and role changes that indicate compromise.\n\nAlso, developer teams are continuously adopting new and more dynamic compute environments like serverless and containers such as AWS Lambda and Kubernetes. Secure Cloud Analytics provides visibility into these environments as well, so that organizations don’t have to compromise on security on their path to digital transformation.", "properties": "Y+2BcDiVdoyWy7JxQwcOXuCG+S/JH98ncFxmwhz27utYxlhrSNQIHGTGGifUZx4Yw2GQe5oy2051VjsrcTrXVCmXAEVpU7NVqLwjmgT01zoDkE1o2lO3bMQbLTZLkNnUKAnaef/4UFqlcorJ0CGfhQPvWZG6OnAPx5PLzbS0TjsRfSGpVSRPeW+aANy+CEXul1l6FKzHohgTelMZuYNGYncHEa+eqtpSVvFl5HITj7rx7NMPWWeRaqN3Ljnbs3l26picBEvRfPzXeAT26gh0gdieWYtB2xnUU8gFUx4MNcqyMVNwGYbtLQ150uQYbOxuoiVZ41ujCWgt0Eksa/g0MkLg+QC5QBHgquwpVdMDDSE=", "capabilities": [ { "id": "health", "description": "Healthcheck" }, { "id": "deliberate", "description": "Deliberation" }, { "id": "observe", "description": "Enrichments" }, { "id": "refer", "description": "Reference links" }, { "id": "tiles", "description": "Dashboard Tiles" } ], "app_link_meta": { "url": "https://portal-eu.obsrvbl.com/auth/?next=%2Fv2%2F%23%2Fsettings%2Fintegrations%2Fsecurex", "meta": { "x_okta_bookmark_id": "0oa1idwgt8itDu9jQ357" }, "title": "Stealthwatch Cloud (EU)" }, "tips": "If the Secure Cloud Analytics (formerly Stealthwatch Cloud) integration module displays a **Bidirectional** icon on the module panel, it indicates that the integration was enabled in Secure Cloud Analytics or SecureX. \n\nFor information on the Secure Cloud Analytics integration with SecureX, see [Secure Cloud Analytics SecureX integration Guide](https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/cloud/SecureX/SecureX_Integration_Guide_DV_2_0.pdf).", "logo": "data:image/svg+xml;base64,PHN2ZyBkYXRhLW5hbWU9IkxheWVyIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDM0LjEgMzIuMiI+PHBhdGggZmlsbD0iIzI3NGJhMCIgZD0iTTAgMGgzNC4xdjMyLjE2SDB6Ii8+PHBhdGggZD0iTTIyLjcgMTYuOGEzIDMgMCAwMC0zLTNoLS4xYTQuMyA0LjMgMCAwMC04LjEgMS41IDIuMyAyLjMgMCAwMC0yLjYgMS44LjkuOSAwIDAwLS4xLjUgMi4yIDIuMiAwIDAwMi40IDIuMkgyMGEzIDMgMCAwMDIuNy0zeiIgZmlsbD0iI2ZmZiIvPjxwYXRoIGQ9Ik0yMC4zIDhhOC43IDguNyAwIDAwLTUuOC0yLjIgMTEuNyAxMS43IDAgMDAtNS4xIDEuNk0xMC4xIDIzLjZoMTMuM3M1LjctLjcgNS43LTYuM2E2LjUgNi41IDAgMDAtMi45LTUuNCIgZmlsbD0ibm9uZSIgc3Ryb2tlPSIjZmZmIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPjxjaXJjbGUgY3g9IjIyLjciIGN5PSIxMC44IiByPSIxLjciIGZpbGw9IiNmZmYiLz48Y2lyY2xlIGN4PSI2LjMiIGN5PSIyMy42IiByPSIxLjgiIGZpbGw9IiNmZmYiLz48Y2lyY2xlIGN4PSI4IiBjeT0iOC43IiByPSIxLjQiIGZpbGw9Im5vbmUiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+PC9zdmc+", "org_id": "99c5cf95-7788-4ce1-906f-86811aa57752", "configuration_spec": [ { "key": "token", "type": "api_key", "label": "Authorization Token", "required": true } ], "short_description": "Gain the visibility and continuous threat detection needed to secure your public cloud, private network, and hybrid environments.", "title": "Secure Cloud Analytics", "external_references": [ { "link": "https://info.securexanalytics.com/SecureX-Trial-Request.html", "label": "Free Trial" }, { "link": "https://www.cisco.com/c/en/us/products/security/stealthwatch-cloud/index.html", "label": "Product Information" }, { "link": "https://www.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/cisco-stealthwatch-cloud-privacy-data-sheet.pdf", "label": "Privacy Policy" } ], "updated_at": "2022-02-18T09:00:11.280Z", "id": "7739968f-4259-49c2-8c14-21e569a11d1c", "record": "relay-module.module/RelayModule", "user_id": "be72933d-8e87-4430-8b33-870e3db35bce", "client_id": "iroh-ui", "default_name": "Secure Cloud Analytics", "flags": [ "default" ], "enabled": true, "visibility": "global", "created_at": "2020-05-15T17:44:34.285Z", "former_title": "Stealthwatch Cloud" } #+end_src ** 2022-W08 *** 2022-02-22 Tuesday **** CANCELED SXO Meeting :work:meeting: :LOGBOOK: CLOCK: [2022-02- Tue 18:00]--[2022-02-22 Tue 18:02] => 0:02 :END: [2022-02-22 Tue 18:00] - ref :: *** 2022-02-23 Wednesday **** MEETING SXO Meeting :work:meeting: :LOGBOOK: CLOCK: [2022-02-23 Wed 19:39]--[2022-02-23 Wed 21:09] => 1:30 :END: [2022-02-23 Wed 19:39] - ref :: 1. Tenant Provisioning 2. Create CTR Client **** MEETING Ribbon SCI :work:meeting: :LOGBOOK: CLOCK: [2022-02-23 Wed 19:23]--[2022-02-23 Wed 19:39] => 0:16 :END: [2022-02-23 Wed 19:23] - ref :: - client-6ff982a1-cc5a-4121-8f8c-b0f5b08c8860 - client-c4d3554b-452e-49e2-b76e-41458610adc1 Patched with availability everyone. **** MEETING API Design :work:meeting: :LOGBOOK: CLOCK: [2022-02-23 Wed 17:33]--[2022-02-23 Wed 19:23] => 1:50 :END: [2022-02-23 Wed 17:33] Two subjects - Data Deletion - Logs / debugging ***** **** DONE IDB Decomissioning :work: :LOGBOOK: CLOCK: [2022-02-23 Wed 14:48]--[2022-02-23 Wed 15:18] => 0:30 :END: [2022-02-23 Wed 14:48] Found in tenzin repository very old commit (ce43ddb) The configs details are in: =saltstack/pillar/*/iroh/init.sls= ***** INT #+begin_src yaml idps: amp: kind: saml authorize_uri: https://auth.amp.cisco.com/auth/session/new cert_path: /srv/iroh/resources/cert/amp_idp.cert threatgrid: kind: oidc authorize_uri: https://int.threatgrid.com/oauth2/authorize token_uri: https://int.threatgrid.com/api/v3/oauth/token org_id_key: :tg_org client_id: 884a152d-e2a2-4552-b56b-7618274ab988 client_secret: | -----BEGIN PGP MESSAGE----- Version: GnuPG v1 hQIMA84RaiSk55caAQ/+NXy974NKjfdujj01jODDqqIIp4QXdGH8pC4LcHDW9rwx EE1XELuP+7eZ1+UA2+qhPwcT+kOCEJteXGJt00FoL4bjfOTHqV6Zjl+KySGGYsHw LQRQhI+odKpakGmtnMD7Zjf14phfUTHKs4Zs6EjLP0rm5LMw+eo3PhQ4zNGfoF1G W3S7J+dmjNc0ZEsgOStxAmQ5SZM6nIoOo8qJY5p8LujbAzPTGq1hKYVjxM2FnuoQ SkoIA77z9twJpFMqr3TgOPI/IZqu8rAAVEeAZHRP0W4j4Wk/PetmG4mJrJT5hFqV Z6iOChTL8t2lbSd/QkwoxD2cZzZlY4c3Pe2JqtdfffhaF7LXcOtHm8R2cv2kjEm3 gdAw2EZucYZa2n78vxofXrLWayltFTzM9hmn616Yy3UtExOHv/ydj0xhLGEx+Woc X0LS0La8ElNOMnp99x+9y1xmShlZMsRNOm5kjTFMtLry4K3QKTZLAzVa2835RV3e Tb6T2tdkK5fIVpIQpv3E6meAmkFHWHl3rZw4qdPaPbDWctPDt8TxyX4LQ555ED2N roCuBSWsu7Efz8s+oUgK3GleSj37O7kIyJq+GxOayyepU8D6WJqqh6TbeFQlyUBJ YYrFxd+wUAEdeq4LoTxGrZp4jDopg9wVVdEmlcltJ79GbpOGf9uo0nyrlVRXDoHS WwFPEYM+r1FWnWhrH+zbE3LwvVBMi8KluExN8KcilTnzhISrhR40J/HvEBXMM2DV 7TnS+FyxWHu0vBzIg2y7DdGh4SYw7ru35wH9V8x6L449ffD6diMaXLGoBAU= =0OIa -----END PGP MESSAGE----- #+end_src ***** TEST #+begin_src yaml idps: amp: kind: saml authorize_uri: https://auth.amp.cisco.com/auth/session/new cert_path: /srv/iroh/resources/cert/amp_idp.cert threatgrid: kind: oidc authorize_uri: https://test.threatgrid.com/oauth2/authorize token_uri: https://test.threatgrid.com/api/v3/oauth/token org_id_key: :tg_org client_id: d1f5cbd2-610c-44b9-b5dd-92ecc7ef7f24 client_secret: | -----BEGIN PGP MESSAGE----- Version: GnuPG v1 hQIMA84RaiSk55caAQ//czS1KlsdqexkdpO7KizewEY5Wy2rBIT74FYJaJRPOh2k YDTs1pxbu4SY/PWmyNVh97UAGVjwMAOEJvMaZt2fOA0EqHVwaPqe5xV1pS9eIAIf JfmQyAzaCADaFvLpVwF7yuzJzUhrPq1JBbwssXh0YLnEOfEandspL6Tw2JunK67A 9GfPiSRNPr90wflsOAObuxRqtThw6usQKDVh8r5lSTpfLN/3gyDX/BNwYOBIgY/D TvTtX9zYAKwb9lyvvAjVPueHwLBwwLJ0J2C4soKKM/xyqRfllFzWHAuF8dKAmsNO t1HGcSmHh1mT8hLnZf453PHbItVc8gvyeEcFAtWmGI3hB8JGIFLrzSoO3Vu/opRy 5xovtKDbAcB6xjvkix6s4ppim2lunPa4uzni1XcXUZ5iF424SSSooWmySmFuYniS pr5t2sulSWr4ptR5e/jWLr6hx6rkLntvJHf99DkK2MeAe35+lkvnKu4algH0Bul6 r3eXvtSZl+Ejwy8fLGv3Zkj12xL3eIZ5PIihAqmJ8cPcY8mZfoz7BjpfXLL0ykuY HPeAU2YzG9+1TiZk/hADsb6B558nj9DjFbi5P1CyCCWvIAdN+lq3BWaU8VsphC5A w8L7DGUSlVQXuvHzvuFktYG5z/2FL4Oil924/jiTMiyglcq0qUqTIaR6F/5UdMfS WwFQJ7Mco7nkak9JMzCos+h/l4IpeM0nSK/5ANzXeNRq5TzGXCYsNZhRtH2JNa1d Et1dSAy0iR+v5wyozjppTC/o6vOkIVhvYoiDaT9ZVx4/t5552/qGRIdIH8c= =RJtM -----END PGP MESSAGE----- #+end_src ***** PROD #+begin_src yaml idps: amp: kind: saml authorize_uri: https://auth.amp.cisco.com/auth/session/new cert_path: /srv/iroh/resources/cert/amp_idp.cert threatgrid: kind: oidc authorize_uri: https://panacea.threatgrid.com/oauth2/authorize token_uri: https://panacea.threatgrid.com/api/v3/oauth/token org_id_key: :tg_org client_id: 4fe0068b-eb2a-4918-871f-dd9c9592990e client_secret: | -----BEGIN PGP MESSAGE----- Version: GnuPG v1 hQIMA84RaiSk55caAQ/+JHsdFHlM0yxwYJTMgzCPp0wOJozy1/lB4I3pdk/mQlA3 KX0D9VahiZatTG+N0z2dx+rDs/T3XJIShwJsDbO0kBN18kOSEIU5eFZGTj1u7ev1 vPAq+ekmxfRnYsQ0CRdp45uM8jhrO19zbJVu7oL1XaLGFYJxzt6BIkCExSnEBA/i T3nNxa0CNw7sYUjw0kxDkCwl2RpdmMJ6QWNuqKqRc5olzz0mnu0ioCMXnPu1w4oD Sck0pZQYacnr8/bCWsLR7kLA9GFHcApT1DoLDhOr8PB6/blpCd+t+nHflUx5SCgn rqeeA8PaFCZ7wBRa8WuVZXmSll8/siSlTUyBxDKq9y5EjhJBFVRgCRjd4WzwGaMn F3soOMKKpM1Dj1u3+PkgIprV6nWSUvEOrYxtUEWfBeVdD7Kng57AG+Xz8k1e9ium s+ITYdo5oG5O4ks5bXuO9ILpt92GLoKC/TAbo2doxiGk63rBxu9HsUTMZVC96FzE PkWXQxD4LDXlFTqIlCQmjUq6Q6K71t0+pvAS0x4dKHhvuJdAJEHrZe6nnLtiBcjA TcYoFGHqx32mqbvq7LThoRYFVXvO2tMDoRrDjYKRKNpmTfHNDjhGf+TOhHiw7Rnf TAJLWCyHrpupu47NPtqAN1fnY9m6yjNGRe6tzgG78vsdCSR6QdAHILwMjUR1QULS WwHmb/heYDgwuhzbcwDAQuiotWA++xYzAy52cXNuunkC+e/4qob7iIN/ifcPDH3z rEmF6TVvvE0tzW81X7tdyaOf3Q8rmwMSZzhK7HUhgWIdDhf3Dl6FrrdFoi0= =srU6 -----END PGP MESSAGE----- #+end_src ** 2022-W10 *** 2022-03-07 Monday **** DONE Big PR Refresh Tokens :work: :LOGBOOK: CLOCK: [2022-03-07 Mon 09:47]--[2022-03-07 Mon 18:17] => 8:30 :END: [2022-03-07 Mon 09:47] This PR is big, due to different changes. So the main goal is to fix a bug in our OAuth2 Provider related to scopes associated to refresh tokens. See: - https://github.com/advthreat/iroh/issues/5877 - https://github.com/threatgrid/response/issues/950 - https://github.com/advthreat/iroh/issues/3189 Related to the discussion in this thread we should fix the issue correctly. Before this PR, refresh tokens are only JWT, so the "state" and "trust" that a refresh token is valid, as well as the scopes associated to this refresh token are put inside this JWT. For different reason we want to be able to change for some client, the scopes associated to some existing refresh tokens. Typical example, the ribbon support more scopes than the one at the time the user granted the ribbon. So to update the ribbon, not only the ribbon client need to be updated, but the user need to grant the scopes again interactively. Most of the ribbon clients are /trusted/ which mean that we bypass the list of scopes authorized to return access tokens with the maximal number of scopes. Still there are some exceptions. Also this is a missing piece of the OAuth2 provider to have refresh-tokens administration endpoints for our end-users. Before this PR we only have a notion of "granted client" at the client level, not for every different refresh token provided. After this PR we will keep track in our DB the exhaustive list of scopes associated to refresh tokens. Some details: This create two new services, ~RefreshGrantService~ and ~RefreshGrantWebService~. I preferred not to use ~RefreshTokenService~ because the word refresh token is already used at different places. And the object we save in DB is not a refresh token but a really just an object keeping the scopes granted to some refresh token for some client and for some user. I have added a few common helpers in this PR: 1. ~mandatory-get-in-config~ 2. Small improvements about ~match?~: 1. ~str-uuid?~ because we use strings and not proper UUID for which the clojure core function ~uuid?~ would be more suitable. 2. check the length equality between two sequences during ~match?~ 3. Fixed a problem related to requesting ~edn~ in our http client helpers. Now the read-string is done for you. 4. Centralized ~pure-crud-store-svc~ to be used in our tests to the test-helpers of crud-store service. 5. added an ~iroh-web.request-identity~ ns that is useful to manipulate the ~(:identity request)~ generated by the JWT middleware 6. by default the time ~svc-helper~ will use a fixed date. Also some non trivial changes made to achieve the goal of this PR: 1. Add a ~realized-client~ to the ~OAuth2ClientService~. What is this about? So ~get-client~ of the ~OAuth2ClientService~ is purely about search clients in DB, just a think layer around CRUD. Before this PR there was also a ~get-client~ method exposed by the ~OAuthService~ which act differently. This second get client take care of looking at the client saved in the ~config.edn~ file (yes we have some of them) and also applying the ~ClientPreset~ logic to the resulting client. The ~realized-client~ of ~OAuth2ClientService~ replace the old ~get-client~ from ~OAuth2Service~. The method is still exposed to prevent any bug and as the PR is already big I didn't want to also make a refactorization to remove it. But this would be a nice idea. 2. Now ~check-app-authorization~ of the ~GrantService~ can be called with either 4 or 5 arguments. If called with 4 argument, no refresh token is involved. We just try to remember if the user already granted a set of scopes (every time the user manually grant different scopes we add them up, so we make a union). This is useful to see if we need to automatically redirect the user in many interactive workflows. If it is called with 5 argument, one of the new argument will be the refresh token id (the ~jti~ claim of the refresh token which is a JWT). In that case we also use the ~RefreshGrantSerice~ to verify the refresh token associated has granted the scopes we are going to provide. Another few important notes: This change made again pretty clear why it really helps to use the ~with-tk~ pattern. A lot of manual changes was made because we have a lot of tests that have not be migrated to this new pattern. The main consequence for IROH-Auth dev, is that many changes will break tests far away with almost not real related issue. So I will probably take the time to really invest in using the new pattern for IROH-Auth + IROH-Web. Because it really took me days to just fix these manually. After going full to the "test the service/core.clj" function by providing pure contexts. I think that while valuable, it is probably a bit too much work regarding the potential gain. And we should probably focus a lot more on the "semi-integration" tests of the services themselves with the ~with-tk~ macros. Looking at the ~core_test.clj~ tests will show that these tests are often a bit verbose, and difficult to initialized when your service works with big contexts. The main test testing the feature is: ~iroh-auth.oauth2_web_service_test/multiple-authorizations-with-different-scopes~ https://github.com/advthreat/iroh/pull/5885/files?diff=split&w=1#diff-3cbfae4301cdb80a669f13ea2861423140c52cd424a8b8e99617c2fae729117fR364 *** 2022-03-10 Thursday **** MEETING Weekly :work:meeting: :LOGBOOK: CLOCK: [2022-03-10 Thu 17:43]--[2022-03-10 Thu 19:18] => 1:35 :END: [2022-03-10 Thu 17:43] - Work on Registration => Olivier - like-search - Work on Registration => Generated some interesting stats about SecureX orgs/user/domain email - TG IdB decomission => Wait and ask Prerna - Work on the TG bug => maybe split some part before merging, because this is a risky PR - Idea about Tenzin-Config. Use Ambrose work to find the common bootstrap+config.edn on all our current envs and use that into the new `iroh.main` and change in tenzin how we start the application to have a merge of both the config and the bootstrap. This should reduce the size, and we could but inside the IROH repository changes that should be shared accross all deployed env. ***** ops in our team *** 2022-03-11 Friday **** MEETING Simplified Registration :work:meeting: :LOGBOOK: CLOCK: [2022-03-11 Fri 16:29]--[2022-03-11 Fri 17:59] => 1:30 :END: [2022-03-11 Fri 16:29] - ref :: ***** Agenda (to discuss about) ***** Notes ***** Actions ** 2022-W11 *** 2022-03-15 Tuesday **** DONE IDB Decommission CSA :work: :LOGBOOK: CLOCK: [2022-03-15 Tue 17:35]--[2022-03-16 Wed 15:31] => 21:56 :END: [2022-03-15 Tue 17:35] INT { "client_id": "0oa2ovopagy06D2IV1d7", "client_secret": "N7yEnBQWMHohD0LbwzXwsjuOUI9pVlbzI5lH28O9" } *** 2022-03-16 Wednesday **** MEETING API Design Meeting :work:meeting: :LOGBOOK: CLOCK: [2022-03-16 Wed 16:32]--[2022-03-18 Fri 11:55] => 43:23 :END: [2022-03-16 Wed 16:32] IROH-Auth login **** MEETING Registration Simplification :work:meeting: :LOGBOOK: CLOCK: [2022-03-16 Wed 15:31]--[2022-03-16 Wed 15:57] => 0:26 :END: [2022-03-16 Wed 15:31] - ref :: ** 2022-W13 *** 2022-03-28 Monday **** MEETING Workshop :work:meeting: :LOGBOOK: CLOCK: [2022-03-28 Mon 17:52]--[2022-03-30 Wed 16:20] => 46:28 CLOCK: [2022-03-28 Mon 17:30]--[2022-03-28 Mon 17:52] => 0:22 :END: [2022-03-28 Mon 17:30] **** MEETING Registration :work:meeting: :LOGBOOK: CLOCK: [2022-03-28 Mon 16:29]--[2022-03-28 Mon 16:54] => 0:25 :END: [2022-03-28 Mon 16:29] - ref :: Chris Duan concerns: - email domain check in the UI - risk of email domain mismatch, for now, just one admin is enough to match the org, etc… *** 2022-03-30 Wednesday **** MEETING Registration FT :work:meeting: :LOGBOOK: CLOCK: [2022-03-30 Wed 16:20]--[2022-03-30 Wed 22:07] => 5:47 :END: [2022-03-30 Wed 16:20] - ref :: ***** Testing Only safe solution involve the Ops. Have a specific domain for us. I suggest: ~qa.security.cisco.com~ so every mail sent to ~foo@qa.security.cisco.com~ should be redirected to ~foo@cisco.com~. That way we could create a few testing org without being polluted by all the other cisco activity. We could test the emails, etc… *** 2022-03-31 Thursday **** MEETING :work:meeting: :LOGBOOK: CLOCK: [2022-03-31 Thu 13:52]--[2022-03-31 Thu 15:30] => 1:38 :END: [2022-03-31 Thu 13:52] ***** Agenda What to do next? - Important potential refacto to help Matt add a the ccoId - Refacto the tests (tried and it is a lot of work) ***** Notes ***** Actions ** 2022-W15 *** 2022-04-11 Monday **** MEETING Q4: Limited Demo Mode XP/Detail Design Discussion :work:meeting: :LOGBOOK: CLOCK: [2022-04-11 Mon 15:59]--[2022-04-15 Fri 17:14] => 97:15 :END: [2022-04-11 Mon 15:59] - ref :: ***** Agenda (to discuss about) Agenda for this meeting is to go over the ideas/design proposed by MA/PO/PM team for a limited SecureX Demo Mode experience. We want the Engineering team to weigh in feasibility and discuss the options in detail. Below AHA ticket has been updated with details discussed. Next, we want an estimate of the effort and since this is in the Q4 Priority list get commitment if this can be done in Q4 or not. ***** Notes AHA shared screen: Requirement. SecureX demo giving away too much information. Expiry dates to SecureX demo (30 days) Limit the number of investigations (50 investigations). ***** Actions ** 2022-W16 *** 2022-04-19 Tuesday **** MEETING Switch Tenants :work:meeting: :LOGBOOK: CLOCK: [2022-04-19 Tue 17:02]--[2022-04-19 Tue 18:12] => 1:10 :END: [2022-04-19 Tue 17:02] - Hide/Disable Orgs - Login workflow - Petr, make an org default for users. - Just hide/unhide the org for the UI. . ***** UI demo List orgs / hide/ switch Also cross regions + remarks - default not auto-login - login **** MEETING Umbrella Deep Dive 1-click module setup :work:meeting: :LOGBOOK: CLOCK: [2022-04-19 Tue 16:33]--[2022-04-19 Tue 17:02] => 0:29 :END: [2022-04-19 Tue 16:33] - ref :: + Matt: describe The modules + Aaron Woland: for the diff function in SecureX we use every exposed API + Rajendra Shirhatti: requirement, single API key *** 2022-04-20 Wednesday **** MEETING Cisco Leader Fundamental Program :work:meeting: :LOGBOOK: CLOCK: [2022-04-20 Wed 10:03]--[2022-04-20 Wed 18:47] => 8:44 :END: [2022-04-20 Wed 10:03] - ref :: - First Next Steps writeable PDF: https://cisco.sharepoint.com/:b:/s/GLOTeam/Ef_alzOAOoVHqHmmZ8dZYscBbHsYA5tLWgfj0tZL6iXvZQ?e=LFMQl3 Miro board- https://miro.com/app/board/o9J_lZRkMM8=/ Password - CiscoLF2020 - Consciously Create Culture: https://wwwin.cisco.com/c/cec/cisco/conscious-culture.html ***** Come to me when - Come to me when you need to design a new abstraction to improve the code reliability - Come to me when you need to write a code refactorisation - Come to me when you need to build a new OAuth2 RFC from scratch - Come to me when you need to improve CI reliability With: - Alex Cruz Farmer *** 2022-04-21 Thursday **** MEETING Leader :meeting: :LOGBOOK: CLOCK: [2022-04-21 Thu 10:38]--[2022-05-05 Thu 13:11] => 338:33 :END: [2022-04-21 Thu 10:38] - ref :: - Register for Cisco Mind Set: http://learn.cisco.com/?courseID=COT00305503 - Mindfulness & Resilience SharePoint: https://cisco.sharepoint.com/Sites/ - MindfulnessandResilienceatCisco - Expert Medical Opinion Program: https://cisco.service-now.com/helpzone?id=kb_article&sysparm_article=KB0047880 - Mental Health Awareness: https://cisco.sharepoint.com/Sites/SafetoTalkMentalHealthAwareness - Employee Assistance Program: https://cisco.service-now.com/helpzone?id=kb_article&sysparm_article=KB0047879 - Cisco Global Wellbeing: https://cisco.sharepoint.com/sites/GlobalWellbeing Prepare meetings: https://www.cisco.com/c/r/team-development/performance/team-leader-index.html Reward: https://cisco.sharepoint.com/sites/RewardsCentral Further: https://cisco.sharepoint.com/sites/NewLeaderJourneyRegistration Talent Space ***** Analyze Ask her how to develop other in the team. ***** Says I *noticed* this or that, no judgement. Wait for their perspective. I wouldn't want to demotivate you by blocking your PR. ** 2022-W18 *** 2022-05-05 Thursday **** MEETING Weekly Platform Meeting :work:meeting: :LOGBOOK: CLOCK: [2022-05-05 Thu 17:10]--[2022-05-09 Mon 17:04] => 95:54 :END: [2022-05-05 Thu 17:10] **** MEETING Registration FT :work:meeting: :LOGBOOK: CLOCK: [2022-05-05 Thu 16:52]--[2022-05-05 Thu 17:10] => 0:18 CLOCK: [2022-05-05 Thu 16:30]--[2022-05-05 Thu 16:51] => 0:21 :END: [2022-05-05 Thu 16:30] ** ** *Prerna* love to Sing, Adele, indian songs, Karaoke, (feel bad at gardening) Hamed Saadi: wanted to be professional soccer, love orchid *Jilian*: two young children, love gardening (strawberries, 12ft tall sun flower etc…). During Cisco has a full orchid division. *Hissan*: not much *Olivier*: make italian food, watch video on climate change. Fan of Jancovici, Aurelien Barrault. ** 2022-W19 *** 2022-05-09 Monday **** MEETING Umbrella 1-click :work:meeting: :LOGBOOK: CLOCK: [2022-05-09 Mon 17:04]--[2022-05-10 Tue 09:47] => 16:43 :END: [2022-05-09 Mon 17:04] ***** Presenting SecureX *** 2022-05-11 Wednesday **** MEETING Tenant switching :work:meeting: :LOGBOOK: CLOCK: [2022-05-11 Wed 16:28]--[2022-05-11 Wed 17:09] => 0:41 :END: [2022-05-11 Wed 16:28] How to have errors shared. Proposal, 1. host on the same URL as IROH (so both CTR and Visibility) 2. Use query parameters + localStorage might not be enough because there is a huge risk of attack. *** 2022-05-12 Thursday **** DISC Topo for meeting :work:discussion: :LOGBOOK: CLOCK: [2022-05-12 Thu 11:21]--[2022-05-12 Thu 15:39] => 4:18 :END: [2022-05-12 Thu 11:21] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*preparer topo pour l’equipe][preparer topo pour l’equipe]] Go to the dashboard page Invisible work: - Olivier will start on org-level client - UI design discussion about tenant switching even if we agree about most of the backend work that could be done concurrently. - Discussion about "bugs" that were just wording issue ** 2022-W20 *** 2022-05-17 Tuesday **** MEETING Devin Walters :work:meeting: :LOGBOOK: CLOCK: [2022-05-17 Tue 17:03]--[2022-05-17 Tue 19:03] => 2:00 :END: [2022-05-17 Tue 17:03] - ref :: ***** Agenda (to discuss about) ***** Notes ***** Actions *** 2022-05-18 Wednesday **** MEETING API Design Meeting :work:meeting: :LOGBOOK: CLOCK: [2022-05-18 Wed 17:42]--[2022-05-18 Wed 19:35] => 1:53 :END: [2022-05-18 Wed 17:42] - ref :: Umbrella talk, hunting, etc… Check Token Exchange Okta token exchange for a IROH Auth exchange. DONE Create a new Epic for IROH Auth Token Exchange. *** 2022-05-19 Thursday **** DONE [#6740] Analyze Token Exchange RFC [[https://github.com/advthreat/iroh/issues/6740]] :work: SCHEDULED: <2022-05-30 Mon 14:00-16:00> :LOGBOOK: - State "DONE" from "HOLD" [2022-05-30 Mon 17:16] - State "HOLD" from "TODO" [2022-05-30 Mon 17:15] \\ Appear to be ok, need to write the doc CLOCK: [2022-05-30 Mon 16:15]--[2022-05-30 Mon 17:15] => 1:00 :END: [2022-05-19 Thu 09:27] - ref :: [[https://github.com/advthreat/iroh/issues/6740][#6740]] SCHEDULED: <2022-05-19 Thu> ** 2022-W21 *** 2022-05-24 Tuesday **** CHAT Work on BUG for the UI :work:chat: :LOGBOOK: CLOCK: [2022-05-24 Tue 17:06]--[2022-05-25 Wed 10:27] => 17:21 :END: [2022-05-24 Tue 17:06] - ref :: on NAM backup value with idp-mapping from Rekha and probably Dar. #+begin_src json { "role": "admin", "scopes": [ "event:read", "vault/configs:read", "integration", "private-intel", "admin", "profile", "inspect", "asset", "feedback", "sse", "registry", "users", "investigation", "invite", "casebook", "vault/config/metadata:read", "orbital", "enrich", "oauth", "collect", "response", "ui-settings", "telemetry:write", "openid", "notification", "global-intel:read", "webhook", "vault/config/posture:read", "ao" ], "updated-at": "2022-04-04T19:02:50.007Z", "idp-mappings": [ { "idp": "sxso", "enabled?": true, "user-identity-id": "00u4b0w7zx5wOv6bP357" }, { "idp": "sxso", "cco-id": "DiogenesDavili83107", "enabled?": true, "user-identity-id": "00uh73n7l8T19iA80357" }, { "idp": "sxso", "enabled?": true, "user-identity-id": "00u4fiegn96MYiUVb357" } ], "user-email": "diogenes_davoli@hstsoft.com", "user-name": "Diogenes Davoli", "org-id": "0217a770-8d36-4934-9a4f-e136aac10e39", "user-id": "fcc3ef21-ea15-4774-822a-7dcc5a642750", "enabled?": true, "last-logged-at": [ "2022-04-13T19:16:18.315Z", "2022-04-13T19:15:24.239Z", "2022-04-13T19:15:15.552Z", "2022-04-13T19:15:05.421Z", "2022-04-13T18:45:13.063Z" ], "created-at": "2022-04-01T13:24:27.909Z", "user-nick": "Diogenes Davoli" } #+end_src ** 2022-W22 *** 2022-05-30 Monday **** DONE Help Michael Simonson [[https://github.com/advthreat/response/issues/1315][#response/1315]] :work: SCHEDULED: <2022-05-29 Sun 10:30-10:40> :LOGBOOK: CLOCK: [2022-05-30 Mon 10:30]--[2022-05-30 Mon 10:34] => 0:04 :END: [2022-05-30 Mon 10:15] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*Create Tasks from \[\[https://github.com/notifications\]\[Github notifications\]\]][Create Tasks from Github notifications]] **** DONE Reply to Rekha [[https://github.com/advthreat/GLaDOS/pull/3239][GlaDoS#3239]] :work: SCHEDULED: <2022-05-30 Mon 10:20-10:30> :LOGBOOK: CLOCK: [2022-05-30 Mon 10:25]--[2022-05-30 Mon 10:29] => 0:04 :END: [2022-05-30 Mon 10:12] **** DONE Reset https://pwreset.cisco.com :work: SCHEDULED: <2022-05-30 Mon 10:30-10:40> :LOGBOOK: CLOCK: [2022-05-30 Mon 10:34]--[2022-05-30 Mon 10:37] => 0:03 :END: [2022-05-30 Mon 09:38] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*Create Tasks from Webex][Create Tasks from Webex]] *** 2022-06-01 Wednesday **** DONE Document what need to be done for Token Exchange :work: SCHEDULED: <2022-06-01 Wed 10:35-11:30> :LOGBOOK: CLOCK: [2022-06-01 Wed 11:26]--[2022-06-01 Wed 11:59] => 0:33 CLOCK: [2022-06-01 Wed 10:35]--[2022-06-01 Wed 11:25] => 0:50 :END: [2022-06-01 Wed 10:32] *** 2022-06-02 Thursday **** MEETING Town Hall :work:meeting: :LOGBOOK: CLOCK: [2022-06-02 Thu 18:00]--[2022-06-02 Thu 19:20] => 1:20 :END: [2022-06-02 Thu 20:13] **** MEETING Weekly meeting :work:meeting: :LOGBOOK: CLOCK: [2022-06-02 Thu 17:06]--[2022-06-02 Thu 17:55] => 0:49 :END: [2022-06-02 Thu 17:06] - ref :: ***** Notes - org-level clients (security concerns and complex technical details) - tenant switching should be good for 6th of July - token exchange issue - maximal session time issue - refresh token revocation with a grace period - configuration issues fix incoming using ~iroh.main~ => on hold - oauth2 client password update - simplification **** MEETING Tenant Switching :work:meeting: :LOGBOOK: CLOCK: [2022-06-02 Thu 16:32]--[2022-06-02 Thu 17:06] => 0:34 :END: [2022-06-02 Thu 16:32] - ref :: ***** Agenda (to discuss about) ***** Notes ***** Actions **** DONE Fix config issue :work: SCHEDULED: <2022-06-02 Thu> :LOGBOOK: CLOCK: [2022-06-03 Fri 17:00]--[2022-06-03 Fri 17:55] => 0:55 CLOCK: [2022-06-02 Thu 15:34]--[2022-06-02 Thu 16:30] => 0:56 :END: [2022-06-02 Thu 15:34] **** PAUSE sortir le chien :pause: :LOGBOOK: CLOCK: [2022-06-02 Thu 14:25]--[2022-06-02 Thu 15:33] => 1:08 :END: [2022-06-02 Thu 15:32] **** MEETING Meeting with Olivier :work:meeting: :LOGBOOK: CLOCK: [2022-06-02 Thu 09:55]--[2022-06-02 Thu 11:58] => 2:03 :END: [2022-06-02 Thu 09:55] - ref :: ***** Agenda (to discuss about) ***** Notes ***** Actions **** GEEK org-mode / org-calendar tweaking :perso: :LOGBOOK: CLOCK: [2022-06-02 Thu 09:32]--[2022-06-02 Thu 09:55] => 0:23 :END: [2022-06-02 Thu 09:38] **** DISC answered to Jyoti :work:discussion: :LOGBOOK: CLOCK: [2022-06-02 Thu 09:02]--[2022-06-02 Thu 09:32] => 0:30 :END: [2022-06-02 Thu 09:32] *** 2022-06-03 Friday **** MEETING Tenant Switching :work:meeting: :LOGBOOK: CLOCK: [2022-06-03 Fri 16:31]--[2022-06-03 Fri 16:42] => 0:11 :END: [2022-06-03 Fri 16:31] - Accept invitation redundancy: https://github.com/advthreat/GLaDOS/issues/3273 To be moved to the IROH repository as enhancement. **** CHAT Rekha discussion with access/refresh tokens :work:chat: :LOGBOOK: CLOCK: [2022-06-03 Fri 16:45]--[2022-06-03 Fri 16:59] => 0:14 CLOCK: [2022-06-03 Fri 14:36]--[2022-06-03 Fri 16:31] => 1:55 :END: [2022-06-03 Fri 14:36] **** DONE Check duplicate user by org :work: SCHEDULED: <2022-06-03 Fri> :LOGBOOK: CLOCK: [2022-06-03 Fri 13:50]--[2022-06-03 Fri 14:36] => 0:46 :END: [2022-06-03 Fri 13:49] - ref :: https://github.com/advthreat/response/issues/1331#event-6730353206 ** 2022-W23 *** 2022-06-07 Tuesday **** CANCELED PR to have 5min expiration time for iroh-ui client :work: SCHEDULED: <2022-06-08 Wed 14:30-16:00> :LOGBOOK: - State "CANCELED" from "TODO" [2022-06-08 Wed 17:06] \\ we'll work on that later :END: [2022-06-07 Tue 18:02] **** CHAT Rekha ask for 5min expiration access tokens :work:chat: :LOGBOOK: CLOCK: [2022-06-07 Tue 17:58]--[2022-06-07 Tue 18:58] => 1:00 :END: [2022-06-07 Tue 17:58] **** CHAT Rekha questions :work:chat: :LOGBOOK: CLOCK: [2022-06-07 Tue 16:40]--[2022-06-07 Tue 17:00] => 0:20 :END: [2022-06-07 Tue 16:40] **** DONE Propose a technical solution for [[https://github.com/advthreat/iroh/issues/6770][6770]] :work: SCHEDULED: <2022-06-08 Wed 11:00> :LOGBOOK: CLOCK: [2022-06-08 Wed 11:20]--[2022-06-08 Wed 11:49] => 0:29 :END: [2022-06-07 Tue 15:23] **** DONE Remove duplicates [[https://github.com/advthreat/iroh/issues/6769#issuecomment-1148580667][duplicate]] :work: SCHEDULED: <2022-06-16 Thu 11:00-11:20> :LOGBOOK: CLOCK: [2022-06-09 Thu 10:43]--[2022-06-09 Thu 10:44] => 0:01 :END: [2022-06-07 Tue 15:14] **** DONE Weekly Leads :work:meeting: :LOGBOOK: CLOCK: [2022-06-07 Tue 15:14]--[2022-06-07 Tue 16:30] => 1:16 :END: [2022-06-07 Tue 15:14] **** PAUSE pause :pause: :LOGBOOK: CLOCK: [2022-06-07 Tue 11:17]--[2022-06-07 Tue 14:38] => 3:21 :END: [2022-06-07 Tue 11:17] **** DONE discuss [[https://github.com/advthreat/iroh/issues/6740#issuecomment-1148013914][Wanderson comment on Refresh Token]] :work: SCHEDULED: <2022-06-07 Tue 14:30-14:45> [2022-06-07 Tue 10:02] **** DONE Jeetu/Shaila keynote [[https://www.youtube.com/watch?v=PrgXKtTqDMI][RSA keynote]] start 1:15/1:28 :work: SCHEDULED: <2022-06-07 Tue 10:50-11:20> :LOGBOOK: CLOCK: [2022-06-07 Tue 10:58]--[2022-06-07 Tue 11:03] => 0:05 :END: [2022-06-07 Tue 09:47] **** DONE Check Wanderson discussion [[https://github.com/advthreat/iroh/pull/6773][switch-tenant jwt endpoint]] :work: SCHEDULED: <2022-06-07 Tue 10:30-10:50> :LOGBOOK: CLOCK: [2022-06-07 Tue 10:41]--[2022-06-07 Tue 10:58] => 0:17 CLOCK: [2022-06-07 Tue 10:19]--[2022-06-07 Tue 10:40] => 0:21 :END: [2022-06-07 Tue 09:45] **** DONE Team Space [[https://teamspace.cisco.com/sso/cisco/redirect/L215Y2hlY2tpbnMvd2l6YXJk][check-in]] :work: SCHEDULED: <2022-06-07 Tue 10:00> :LOGBOOK: CLOCK: [2022-06-07 Tue 10:07]--[2022-06-07 Tue 10:12] => 0:05 :END: [2022-06-07 Tue 09:42] **** DONE pwreset :work: :LOGBOOK: CLOCK: [2022-06-07 Tue 09:30]--[2022-06-07 Tue 09:41] => 0:11 :END: [2022-06-07 Tue 09:38] *** 2022-06-08 Wednesday **** IN-PROGRESS Create issue about filtering matching orgs with already existing user email :work: :LOGBOOK: CLOCK: [2022-06-08 Wed 16:56]--[2022-06-08 Wed 17:06] => 0:10 :END: [2022-06-08 Wed 16:56] **** MEETING Tenant Switching sync :work:meeting: :LOGBOOK: CLOCK: [2022-06-08 Wed 16:45]--[2022-06-08 Wed 16:56] => 0:11 :END: [2022-06-08 Wed 16:45] remove matched orgs if user already exists (with same email) **** CHAT Discussion about session token lifetime :work:chat: :LOGBOOK: CLOCK: [2022-06-08 Wed 16:09]--[2022-06-08 Wed 16:45] => 0:36 CLOCK: [2022-06-08 Wed 15:32]--[2022-06-08 Wed 16:09] => 0:37 :END: [2022-06-08 Wed 15:32] **** DONE meeting things to talk about :work: SCHEDULED: <2022-06-08 Wed 16:30-17:00> [2022-06-08 Wed 11:37] ***** Invitations UI/UX improvements - https://github.com/advthreat/iroh/issues/6770 - https://github.com/advthreat/iroh/issues/6778 **** DONE Check [[https://github.com/advthreat/iroh/pull/6773#event-6763342426][Doc for tenant switching]] :work: SCHEDULED: <2022-06-08 Wed 14:00-14:15> :LOGBOOK: CLOCK: [2022-06-08 Wed 14:02]--[2022-06-08 Wed 14:16] => 0:14 :END: [2022-06-08 Wed 10:42] **** CHAT Answered [[webexteams://im?space=331b38f0-6218-11e9-9aae-c5b8cb291b23][SecureX / CTR Support]] :work:chat: :LOGBOOK: CLOCK: [2022-06-08 Wed 10:25]--[2022-06-08 Wed 10:32] => 0:07 :END: [2022-06-08 Wed 10:31] **** DONE Answer to Refresh Session Tokens chat [[webexteams://im?space=5b29b980-e351-11ec-8033-13a2eb8092c0][Refresh Token room]] :work: SCHEDULED: <2022-06-08 Wed 14:15-14:30> [2022-06-08 Wed 10:19] Adding a new temporary route is not straightforward, because it would mean supporting multiple clients depending on the route, then also adding a feature flag, and also adding a different config, etc… But notice that you can refresh after 5min even if the access token is still valid. So you should probably start with that. *** 2022-06-09 Thursday **** MEETING weekly meeting :work:meeting: :LOGBOOK: CLOCK: [2022-06-09 Thu 17:15]--[2022-06-09 Thu 18:08] => 0:53 :END: [2022-06-09 Thu 17:14] ***** Agenda (to discuss about) ***** Notes ***** Actions **** CHAT Houman :work:chat: :LOGBOOK: CLOCK: [2022-06-09 Thu 15:10]--[2022-06-09 Thu 15:27] => 0:17 :END: [2022-06-09 Thu 15:10] **** CANCELED Add refresh token / client info in the access tokens :work: SCHEDULED: <2022-06-14 Tue 15:30-16:30> :LOGBOOK: - State "CANCELED" from "IN-PROGRESS" [2022-06-16 Thu 10:52] \\ Other priorities CLOCK: [2022-06-15 Wed 07:06]--[2022-06-15 Wed 18:12] => 11:06 CLOCK: [2022-06-09 Thu 15:27]--[2022-06-09 Thu 17:15] => 1:48 CLOCK: [2022-06-09 Thu 14:12]--[2022-06-09 Thu 15:10] => 0:58 :END: [2022-06-09 Thu 14:12] **** DONE Check [[https://github.com/advthreat/iroh/pull/6764][Free Trial Design Doc]] :work: SCHEDULED: <2022-06-22 Wed 16:00-16:30> [2022-06-09 Thu 11:45] **** CHAT Chris Duane PenTest :work:chat: :LOGBOOK: CLOCK: [2022-06-09 Thu 11:17]--[2022-06-09 Thu 11:54] => 0:37 :END: [2022-06-09 Thu 11:17] **** DONE impression chiens :interruption:work: :LOGBOOK: CLOCK: [2022-06-09 Thu 10:32]--[2022-06-09 Thu 10:42] => 0:10 :END: [2022-06-09 Thu 10:32] **** DONE Answer to Ag :work: SCHEDULED: <2022-06-09 Thu 10:45-10:55> :LOGBOOK: CLOCK: [2022-06-09 Thu 11:54]--[2022-06-09 Thu 12:02] => 0:08 CLOCK: [2022-06-09 Thu 10:44]--[2022-06-09 Thu 11:17] => 0:33 :END: [2022-06-09 Thu 10:18] ann, my current work for module-patching-ui for the Doc team is now on halt, since our Ops is a huge clusterfuck right now. I can't believe it, but they can't figure out provisioning a simple server with a configuration similar to CTIA. Since March. Anyway, I've been tasked with some other things and I need your help (because Rob has no clue, and Mark is mumbling in a language I can't comprehend. Not to throw my colleagues under the bus, I don't get it due to my own cretinism). I literally have no idea what's being asked here: https://github.com/advthreat/iroh/issues/6688 Can you tell me what you know about the tac-web-service? My understanding that it's only available through /admin/tac • Who consumes these routes? • Are they actively being used? • Does the ticket mean that we're going to have to copy some of the functionality out of admin zone and make it avaliable for non-admins? • Could you point me to the similar things somewhere in the repo? Basically, can you help me start on this? I know, you've probably (as always) super-busy with other things, and the last thing you need is to hold someone's hand, but it's been ages since I contributed any code to the repo. It would take me forever on my own. Thanks a lot. ***** Answer Hi Ag! Yep, I am pretty blocked myself with this password reset. Regarding the issue, I didn't hear about that one. So to answer your questions. - who consumes these routes? Mainly people from TAC so they could help customers. I manually created an Org so all users of this orgs have the scope ~iroh-master/tac~. This way the TAC team could access only the routes for TAC without giving them access to more dangerous routes like direct store access (where a manual mistake could really break the entire PROD). - are they actively being used? YES - Does the ticket mean that we're going to have to copy some of the functionality out of admin zone and make it available for non-admins? NO, the routes will stay under the admin zone, but only under the TAC Web Services that only requires ~iroh-master/tac~ scope. So you should start at ~iroh-admin.tac-web-service.routes~ Mainly you should add a few functions so they could provide the functionalities they would like. But beware that, unlike the direct store functions, you should take great care of not breaking the expected schemas in the DB. But you could probably just provide a few new routes, to search users by email, enable/disable users. For that you should use the ~UserService~ the current route already use the ~OrgService~ to update orgs. For enabling a module by id I don't know much, this is probably a method from ~ModuleInstanceService~. Cheers, Yann. *** 2022-06-10 Friday **** DISC Chien Espoir & Handicap :work:discussion: :LOGBOOK: CLOCK: [2022-06-10 Fri 10:41]--[2022-06-10 Fri 14:35] => 3:54 :END: [2022-06-10 Fri 10:41] ***** Acceuil [À propos](/about): Handicap supportés: - handicap moteur - troubles autistiques - troubles visuels **** CHAT Allison Walters role sync :work:chat: :LOGBOOK: CLOCK: [2022-06-10 Fri 09:05]--[2022-06-10 Fri 09:41] => 0:36 :END: [2022-06-10 Fri 09:05] Hi Allison, the confusion is expected unfortunately, the current state of affair is the result of a very long and painful work that was called "IdP Migration"/"SXSO Migration"/"Account Migration" mainly, I will try to give the most exhaustive answer I can about this. First, SecureX and Threat Response are two Cisco products that have different URL, different UI, but behind the hood both use the same and single API which is called IROH. So both SecureX and Cisco Threat Response (and in fact a few other products like the Ribbon, etc…) use the IROH API. Inside the IROH API, there is a big component dedicated to everything related to Authentication, OAuth2 management, etc… This component is called IROH-Auth. So before the "migration", when a customer wanted to login into Threat Response or SecureX he saw 2 buttons (one for AMP which is now CSA and one for Threatgrid now called Secure Malware Analytics). So took place a huge concerted effort to only show 1 button. After more than one and half a year of effort from multiple teams and lot of people involved we finally had 3 buttons (both older 2 buttons + SecureX Sign-On). :) Today we still have 3 login choices to login, but the UI subtly hide 2 buttons by making the default login (SXSO) more prominent. That was for the small story. Now, let's talk about the technical details: The goal of the migration (let's call it that way) was to force every CSA user to migrate toward using SecureX Sign-On to login. So one more complexity, CSA accounts could or could not be directly related to an active AMP (Secure Endpoint) account. So this add a layer on complexity for the CSA team. IROH-Auth provided multiple different mechanisms to minimize the inevitable friction that would occurs when user will change their login system. So technically this is not that complex, we "just" needed from the CSA team to add the "link" from the previous account and new account. IROH-Auth exposes a provisioning API for this purpose. Mainly, every time a user perform a migration from CSA to SXSO in CSA (using the CSA URL, workflow, etc…) as IROH could not know that, CSA team call the provisioning API when: - a user perform a migration, so we could link the old CSA user-identity to the new SXSO user-identity in SecureX as well as it is done in CSA - a new user is created into a CSA organization and login via SXSO, in that case the CSA team create a new user inside SecureX, with the SXSO identity. So if this user login in SecureX it is automatically put in the correct org. This is what should occurs when user only uses CSA. And this is the responsibility of CSA to perform these call to the provisioning API. But the provisioning API is not called when the user's role is changed in SE. So once an org is marked to have migrated, they should no more be able to login via CSA, but should be forced to pass through SXSO. OK. That's the first migration path. Now, what about a user that has a CSA/SE account but before migrating the org uses SecureX but create an SXSO account without passing through the migration workflow? In that case, IROH-Auth tries to be "smart" about it. So we try to detect email matches. If a user login via SXSO and we have known users with the same email, we links all these accounts together. Note, SXSO do not provide any info about the role, nor the org. So the role in SecureX could change only via: - an admin in some non migrated SE org change the SE user role and later that user login via a CSA button on a non migrated org in SE - Inside SecureX, an admin could change the role of another user in SecureX - The provisioning API during user migration or user creation To give an example about how role could be updated: - on a non migrated org in SE: + user-1 logged in a long time ago in SecureX with some role + user-2 never logged into SecureX + admin perform a role change for both user-1 and user-2; (in that step user-1 role in SecureX and SE are different, SecureX could only sync the role if user-1 login via CSA) + admin perform the migration of its org in CSA => CSA call the provisioning API, that should sync all users from CSA/SE into SecureX + after the migration users should not be able to login again via CSA so the link between the role is cut. And a change of role in SE will not result in a change of role in SecureX. And I think there are missing workflow paths about it. But to try to put it more simply, "most of the time", once an org migrate from CSA to SXSO the link between the role is cut and the role are expected not to be synchronized. I hope it could help a little. I think I left a lot more specific details some of them I forgotten, some of them I cannot know about because it depends on the CSA team. The doc related to this is probably long deprecated now, because so many last minute bug fix occurred that we lost track of some minor details that could potential make the simple rule (no relation between user's role once migrated to SXSO) not work. For example, one detail I forgot to mention, when CSA call the provisioning API to mark an Org as being migrated, SecureX will no more accept login via CSA for this org. So things are more complex when user create SXSO account before officially migrating their org for example. Cheers. **** DONE Review [[https://github.com/advthreat/iroh/pull/6791][#6791 Wanderson access/refresh]] :work: SCHEDULED: <2022-06-10 Fri 14:00-14:30> [2022-06-10 Fri 09:00] ** 2022-W24 *** 2022-06-13 Monday **** DONE Krystelle rescrit :interruption: :LOGBOOK: CLOCK: [2022-06-13 Mon 16:55]--[2022-06-13 Mon 17:02] => 0:07 :END: [2022-06-13 Mon 16:55] **** DONE Lionel Rebière :interruption: :LOGBOOK: CLOCK: [2022-06-13 Mon 16:43]--[2022-06-13 Mon 16:55] => 0:12 :END: [2022-06-13 Mon 16:43] **** MEETING weekly Account Switching :work:meeting: :LOGBOOK: CLOCK: [2022-06-13 Mon 16:32]--[2022-06-13 Mon 16:43] => 0:11 :END: [2022-06-13 Mon 16:32] Maison Relancer le rescrit, dons défiscalisés. - 2 premiers benef test. **** IN-PROGRESS telephone :interruption:work: :LOGBOOK: CLOCK: [2022-06-13 Mon 15:24]--[2022-06-13 Mon 16:32] => 1:08 :END: [2022-06-13 Mon 15:24] **** IN-PROGRESS Security Fix (revocation on disable) :work: :LOGBOOK: CLOCK: [2022-06-13 Mon 15:10]--[2022-06-13 Mon 15:24] => 0:14 :END: [2022-06-13 Mon 15:10] *** 2022-06-14 Tuesday **** DONE Review [[https://github.com/advthreat/iroh/pull/6785][Tenant switching route to return JWT of other account]] :work: SCHEDULED: <2022-06-14 Tue 15:00-15:30> :LOGBOOK: CLOCK: [2022-06-14 Tue 15:20]--[2022-06-14 Tue 16:50] => 1:30 :END: [2022-06-14 Tue 14:52] *** 2022-06-15 Wednesday **** GEEK Chien Espoir Handicap site :perso: :LOGBOOK: CLOCK: [2022-06-15 Wed 18:27]--[2022-06-15 Wed 22:15] => 3:48 :END: [2022-06-15 Wed 18:27] **** DONE check time2give and click2give :work: SCHEDULED: <2022-06-27 Mon 16:30-17:00> [2022-06-15 Wed 15:13] **** DONE Webex Olivier :work: SCHEDULED: <2022-06-14 Tue 15:00-15:30> [2022-06-15 Wed 14:42] *** 2022-06-16 Thursday **** DONE [#B] List of technical issues to add to the next quarter :work: SCHEDULED: <2022-06-17 Fri 10:30-11:00> :LOGBOOK: CLOCK: [2022-06-17 Fri 10:04]--[2022-06-17 Fri 11:06] => 1:02 :END: [2022-06-16 Thu 17:25] **** MEETING weekly meeting :work:meeting: :LOGBOOK: CLOCK: [2022-06-16 Thu 17:13]--[2022-06-16 Thu 20:19] => 3:06 :END: [2022-06-16 Thu 17:13] - org-level client continue - work continue on Tenant switching, I expect Wanderson PR to be merged either today or probably at the beginning of next week. - auto revoke disabled users ; problems with the linter (disable, revert, fix, etc…) - Next => help UI by adding a new parameter to generate short lived tokens (need the PR from Wanderson first) - waiting the VPN to fix duplicate accounts (one user has 200 duplicates) - started to work on iroh.main, but I was interrupted by other things, but I am not far from giving a good result in my branch. - The most important work is probably support Token Exchange compatible with SecureX Sign-On user identities when used as subject. **** IN-PROGRESS revoke JWT when disabling users :work: :LOGBOOK: CLOCK: [2022-06-16 Thu 10:52]--[2022-06-16 Thu 17:13] => 6:21 :END: [2022-06-16 Thu 10:52] *** 2022-06-17 Friday **** IN-PROGRESS Revoke on disable :work: :LOGBOOK: CLOCK: [2022-06-17 Fri 11:06]--[2022-06-17 Fri 17:32] => 6:26 :END: [2022-06-17 Fri 11:06] ** 2022-W25 *** 2022-06-23 Thursday **** MEETING API Design Meeting (with Jyoti) :work:meeting: :LOGBOOK: CLOCK: [2022-06-23 Thu 17:59]--[2022-06-24 Fri 17:55] => 23:56 :END: [2022-06-23 Thu 17:59] ***** Talos Mapping Michael Simonson data mapping from Talos. **** MEETING weekly :work:meeting: :LOGBOOK: CLOCK: [2022-06-23 Thu 17:30]--[2022-06-23 Thu 17:59] => 0:29 :END: [2022-06-23 Thu 17:30] Work done In my current PR changed the iroh-auth-service protocol and it didn't break iroh-int !!!! Thanks Matt! **** IN-PROGRESS Anticorruption & Bribery training :work: :LOGBOOK: CLOCK: [2022-06-23 Thu 10:49]--[2022-06-23 Thu 17:30] => 6:41 :END: [2022-06-23 Thu 10:48] *** 2022-06-24 Friday **** MEETING Monthly Engineering :work:meeting: :LOGBOOK: CLOCK: [2022-06-24 Fri 17:55]--[2022-06-24 Fri 19:11] => 1:16 :END: [2022-06-24 Fri 17:55] - Switch tenant; - ability to change your account, generate JWT from other JWT. - new UI that will help managing your accounts, orgs, discover new orgs, etc… - Token Exchange; exchange an email or user-id for a SecureX JWT. - Org-level clients; handle OAuth2 clients when their owner leave the company ***** Intro Just 1h. Lineup demos: Carlos Diaz Secure Endpoint, show us. Investigation. Michael and Mark present something with Jira. ***** Tour ****** Ops John: pivot openVPN back to using certs ****** Release status Houman: asking Neel 1.99 is in production 1 day late. Same with 1.98. ****** Business Updates ****** Team Guillaume: - New team members: - Shafiq is in Sweden - Johnatan will start next week, Toronto / Berlin ; under G2 - Jerome Shneider; join mid-july, dedicated ops for IROH - Tenant Switching - Improvements - **** DONE Answer ETA https://github.com/advthreat/iroh/issues/6769 :work: DEADLINE: <2022-06-24 Fri 16:00> SCHEDULED: <2022-06-24 Fri> [2022-06-24 Fri 10:38] ** 2022-W32 *** 2022-08-09 Tuesday **** DONE Answer to Jyoti :work: SCHEDULED: <2022-08-09 Tue 11:00> [2022-08-09 Tue 09:47] **** DONE Answer to question from Ben :work: SCHEDULED: <2022-08-09 Tue 10:00> [2022-08-09 Tue 09:45] So we could probably add a parameter to create links that would auto-select the tenant during login and bypass the redirection to the Registration UI. But I am not sure this would be desirable, because it would introduce potential inconsistency. The main issue is that we use many different URLs, for different component/products. The state (the user-identity and the tenant) must be saved for every URL of every component/product if we want to synchronize the tenancy everywhere. For example think about this scenario: 1. login to SecureX as user1@company.com using org Company 2. click to login to CTR (say the user login into the same user/org in CTR) 3. open a new tab and open SecureX, then inside SecureX switch tenant to Company2 4. without clicking to back to CTR => the tenant is Company not Company2 Now it might also be more difficult to use different tenant between product. I don't know if this is what we want or not. The question is probably more, do we want to sync the tenant on all our product all the time? aka, à la google. Or do we want to be able to have different tenant on different URL? If we want to sync the tenancy everywhere, this could be done, but this is not free. Mainly we want a solution similar to how Google handle your Google account. Notice how, when you switch your Google account, you wait a few seconds on a webpage? This is Google opening a few iframes to pass the state between different URLs (like google.com and youtube.com etc…) Google have it easy, because they just care about the User Identity. And once they know your user identity, they don't need to clear it, as it never changes. So your Google account session is infinite. In the Cisco case, the User Identity state is saved in a cookie at the SXSO URL. But, unlike Google Cisco, need to ask confirmation of the User Identity to 3rd party IdPs so we do not allow a login from a user that was fired from a company. So SXSO sessions are a lot shorter (a few hours). The Tenancy state is not saved into the Registration UI URL for now but it could be. But this must be dependent on the session lifetime of SXSO for the same security reason. But as we use 3rd party IdPs, and thus depends on IdP of our customers, it means, that our User Identity session must be short enough to be somehow secure and it means that if we were to sync the account state on all products we will need to present a similar page to the Google account switching everytime the session ends. So once a day, we would force our customer to see that page that could take a few seconds to load because it is loading in the background many different URLs. *** 2022-08-12 Friday **** DONE Check clients qui seront disabled en PROD SCHEDULED: <2022-08-16 Tue> [2022-08-12 Fri 16:10] APJC user-id org-id enabled? user-email x b4194bf2-4baa-4583-a3f4-1adbf711b4c8 6053ec8b-e546-4938-85ae-89bfa25df8e1 not-enabled yvaisman@cisco.com x b4194bf2-4baa-4583-a3f4-1adbf711b4c8 6053ec8b-e546-4938-85ae-89bfa25df8e1 not-enabled yvaisman@cisco.com owner 6ee52ee9-2e3a-4e1b-977d-961facb5fd84 from org 63489cf9-561c-4958-a13d-6d84b7ef09d4 not found owner 9ccbb6d3-5ea0-460d-8256-9fe28bdca4be from org 9997a398-1b4c-4d2e-b4da-1285c2ac4ffb not found owner 9ccbb6d3-5ea0-460d-8256-9fe28bdca4be from org 9997a398-1b4c-4d2e-b4da-1285c2ac4ffb not found EU user-id org-id enabled? user-email x ce157e8d-c7da-4284-afc1-cb9f83c7d4c8 4c2bfb38-b4be-4752-9eee-d98a0d6c0d6a not-enabled yvaisman@cisco.com x owner 9ccbb6d3-5ea0-460d-8256-9fe28bdca4be from org 9997a398-1b4c-4d2e-b4da-1285c2ac4ffb not found x owner 9ccbb6d3-5ea0-460d-8256-9fe28bdca4be from org 9997a398-1b4c-4d2e-b4da-1285c2ac4ffb not found owner d697511a-9164-49d0-8c7b-a5c1a11fb25d from org 576c9ad4-7820-44ca-9d5e-6ca678eadcd1 not found NAM user-id org-id enabled? user-email x 3933f5e0-50bb-49a7-bbf4-5944e0b709fd 2e0e9eaf-eaf7-4449-9c07-9fb1828aec78 not-enabled yana@securitydemo.net x 7ef6da70-eeef-4a18-83ea-2e94dd6f9ba2 d76c035d-e896-438c-8d75-158be85fc958 not-enabled aklager+orbital_dev@cisco.com x owner d697511a-9164-49d0-8c7b-a5c1a11fb25d from org 576c9ad4-7820-44ca-9d5e-6ca678eadcd1 not found ***** Fixes ****** NAM Replaced 3933f5e0-50bb-49a7-bbf4-5944e0b709fd by 9992027f-a88b-4b0e-8a38-58ad317c58af 7ef6da70-eeef-4a18-83ea-2e94dd6f9ba2 by dbc2d227-ba79-47e8-ae21-b4da6e1727f8 For client: client-3e55e6a3-4561-4733-b380-ffbd94733ba1 from d697511a-9164-49d0-8c7b-a5c1a11fb25d to me {"owner-id":"f0010924-e1bc-4b03-b600-89c6cf52757c", "org-id":"f47a89bf-5d2e-4392-b770-ad4821a82acf"} ****** EU no org found: client-01c25de8-50a7-4ed8-b260-b1ebee977fda (CSC backend client) client-8dae4eda-3b9a-48b1-8cdc-e7e1963465a3 (CSC Backend) client-3e55e6a3-4561-4733-b380-ffbd94733ba1 (SSE UI Client; "PROD EU Environment for Security Services Exchange Admin Console") Replace by me: {"owner-id":"080c8271-e1c7-4fe6-b6e2-bc1fda123432", "org-id":"bfb43d46-4fc3-43e7-93bf-a1fbe020593b"} ****** APJC client-92258bc0-196a-4f6c-a0b5-fe105de5f505 (SSE UI dev client) client-ff492465-48c7-4aab-b9c7-feb3569226a7 (CSC backend) client-b0d51eb1-e03f-4671-aa99-8fb4927ae88b (CSC backend) Replace by me: {"owner-id":"b19d5dea-5aa4-4265-b42d-9acc1e913f01", "org-id":"d461811f-e6ce-477c-bae3-1d7527f4e80b"} ** 2022-W33 *** 2022-08-17 Wednesday **** CANCELED Reward Sofiia for helping with creds :work: SCHEDULED: <2022-08-17 Wed> :LOGBOOK: - State "CANCELED" from "TODO" [2022-09-09 Fri 09:56] :END: [2022-08-17 Wed 11:54] ** 2022-W35 *** 2022-08-31 Wednesday **** MEETING API Design Meeting :work:meeting: :LOGBOOK: CLOCK: [2022-08-31 Wed 18:33]--[2022-09-01 Thu 16:02] => 21:29 :END: [2022-08-31 Wed 18:33] ***** IROH Proxy for Orchestration **** DONE Answer Chakrapani Chitnis :work: SCHEDULED: <2022-08-31 Wed> [2022-08-31 Wed 09:27] **** DONE Answer to Prerna in Switch Tenant Discussion :work: SCHEDULED: <2022-08-31 Wed 10:00> [2022-08-31 Wed 09:24] webexteams://im?space=3fda2de0-7876-11ec-b589-2d17b011a78b ***** Answer Hi Prerna, you are totally right, as CTR do not implement the switch user this PR will probably break CTR workflow. I should probably have asked to split this feature in two steps: 1. Ability to create a link that will ensure the user will be presented the Registration UI 2. Change the login behavior to match the one asked by Ben. Note, that CTR might not need to implement the full user switching from within CTR and simply use (1) to redirect user to the Registration UI, so the user will be able to switch their account from there. I think (1) would not break anything and will be retro-compatible. Also I think both CTR and SecureX should provide a way to redirect the user to the Registration UI. Currently user with a single account never reach the Registration UI unless they have a pending invite, which means for these users, creating a new Organization is probably almost impossible. That being said, I didn't want to change the behaviour before asking everyone in this FT if this is desirable, as it appears to me that automatically redirecting the users to the dashboard (or CTR) with the latest login account, goes a bit against some discussion we had to present the Registration UI as often as possible. So, sorry @wanderson, could you split your PR? Or maybe create a new PR with just (1) implemented? As I think this is needed to fix this bug: https://github.com/advthreat/GLaDOS/issues/3404 So at least for now, I don't think we need to go further, the PR will be put on-hold until further discussion. *** 2022-09-01 Thursday **** MEETING Weekly :work:meeting: [2022-09-01 Thu 17:07] ***** Y Code cleaning: - use iroh-crud for Users - use tk-test Help fix the missing events with Matt Discuss about improving login workflow, was refused because it will break CTR. Idea occurred to me to split the test between integration one and the other. We could gain the docker init time for them ;) **** MEETING AO Meeting :work:meeting: :LOGBOOK: CLOCK: [2022-09-01 Thu 16:02]--[2022-09-03 Sat 13:16] => 45:14 :END: [2022-09-01 Thu 16:02] ***** Lisa & Craig Leverage SX Module Integration - Lisa Hart PO of SXO - Briana Farro, presentation; ***** Plan - Chris (PM); desired outcome - Pior Proposed Engineering Solutions - New Proposed Engineering Solution ***** Product Statement Overview ****** Christopher Van Der Made open API (very few cisco product provide it) ** 2022-W41 *** 2022-10-12 Wednesday **** DONE Add Allison Walters to the org of the demo client :work: SCHEDULED: <2022-10-12 Wed> [2022-10-12 Wed 09:58] TEST ~client-2f0c934c-ce46-4187-afed-4cdcff937679~ email: allwalte@cisco.com ** 2022-W42 *** 2022-10-19 Wednesday **** CANCELED Ask Robert Harris to update doc for ribbon :work: SCHEDULED: <2022-10-19 Wed> :LOGBOOK: - State "CANCELED" from "TODO" [2022-10-19 Wed 15:52] :END: [2022-10-19 Wed 06:56] ref :: https://github.com/advthreat/pabst/blob/master/docs/ribbon2migration.md#oauth2-configuration **** DONE Talk with Olivier about doc template :work: SCHEDULED: <2022-10-19 Wed> :LOGBOOK: CLOCK: [2022-10-19 Wed 10:07]--[2022-10-19 Wed 11:55] => 1:48 :END: [2022-10-19 Wed 06:56] **** DONE Replace the scopes for Rooshan :work: SCHEDULED: <2022-10-19 Wed> :LOGBOOK: CLOCK: [2022-10-19 Wed 14:55]--[2022-10-19 Wed 15:52] => 0:57 :END: [2022-10-19 Wed 06:53] ref :: https://github.com/advthreat/pabst/blob/master/docs/ribbon2migration.md#oauth2-configuration New scopes: #+begin_src javascript {"scopes": ["admin/csc", "admin/integration/module-instance:write", "casebook", "enrich:read", "global-intel:read" "inspect:read", "integration/api-gateway/proxy:write", "integration/module-instance", "integration/module-type:read", "integration/sxso/app-links:read", "integration:read" "investigation", "notification", "orbital", "private-intel", "profile", "registry/user/ribbon", "registry/user:read", "response", "telemetry:write", "users", "vault/config/metadata:read", "vault/configs:read", ]} #+end_src ** 2022-W43 *** 2022-10-24 Monday **** DONE Faire l'ESTA :work: DEADLINE: <2022-10-25 Tue 18:00> SCHEDULED: <2022-10-24 Mon> [2022-10-24 Mon 15:59] **** DONE [#B] Réserver vols Concur :work: DEADLINE: <2022-10-24 Mon 15:15> SCHEDULED: <2022-10-24 Mon> [2022-10-24 Mon 11:02] #+begin_quote CISCO EMERGENCY TRAVEL NUMBER *88* OPTION 6 ### PLEASE READ THIS IMPORTANT MESSAGE PLEASE CALL THE CISCO TRAVEL TEAM TO UPDATE CHANGE OR CANCEL THIS RESERVATION PLEASE CALL *88* PROMPT 6 FROM ANY CISCO IP PHONE OR 00 31 36 711 7711 PROMPT 6 -----PLEASE NOTE THESE IMPORTANT NUMBERS----- ----MEDICAL AND SECURITY TRAVEL EMERGENCY---- US 1 800 206 5647 / TOLL FREE AMER WEST AND WORLDWIDE COLLECT 1 408 525 1111 AMER EAST 919 392 2222 OR 1 888 302 9081 EMEA 44 20 8824 3434 INDIA 91 80 4426 4111 / ASIA PAC 86 21 2407 3333 QI 8 COMPANY CISCOBE QI 8 FORM AXQIITNBEEN #+end_quote **** DONE Update clients scopes :work: SCHEDULED: <2022-10-24 Mon 16:00> :LOGBOOK: CLOCK: [2022-10-24 Mon 15:43]--[2022-10-24 Mon 16:27] => 0:44 :END: [2022-10-24 Mon 10:57] Webex link: webexteams://im?space=26a6e900-fe90-11ea-8c35-195a5dc6b463 Contact: Rooshan Aslam Env: amp/nam "RIBBON_CLIENT_ID":"client-ead5586b-a545-423e-857f-3c65841067ef" Env: eu "RIBBON_CLIENT_ID":"client-ce13991c-6049-48ee-8e33-e4d059a153bf" Env: apjc "RIBBON_CLIENT_ID":"client-2fbb67f0-a6b4-41b4-b4ce-62a8b89fe606" PATCH: #+begin_src js {"scopes": [ "admin/csc", "admin/integration/module-instance:write", "casebook", "enrich:read", "global-intel:read", "inspect:read", "integration/api-gateway/proxy:write", "integration/module-instance", "integration/module-type:read", "integration/sxso/app-links:read", "integration:read", "investigation", "notification", "orbital", "private-intel", "profile", "registry/user/ribbon", "registry/user:read", "response", "telemetry:write", "users", "vault/config/metadata:read", "vault/configs:read"]} #+end_src ***** NAM Backup #+begin_src json { "scopes": [ "admin/csc", "vault/configs:read", "private-intel", "profile", "integration/module-type:read", "enrich:read", "admin/integration/module-instance:write", "users", "casebook", "vault/config/metadata:read", "inspect:read", "orbital", "integration/module-instance", "integration/api-gateway/proxy:write", "integration/sxso/app-links:read", "notification:read", "response", "telemetry:write", "registry/user/ribbon", "global-intel:read" ], "description": "Used to communicate with IROH API endpoints", "approved?": true, "redirects": [ "https://console.amp.cisco.com/visibility_oauth/new", "https://console.amp.cisco.com/securex_modules/new", "https://support-portal.amp.cisco.com/securex_modules/new" ], "availability": "everyone", "password": "$s0$f0801$lbvAxwkfQhlCZNJxbkDdLQ==$MMrH+2eTLqtOqc8P1tNwTyKIgvNYePVMK6Sq3Brt+D0=", "name": "AMP for Endpoints", "allow-partial-user-scopes?": true, "org-id": "a2ea8cbf-7540-4860-9050-7a24c3c8e0b6", "enabled?": true, "grants": [ "auth-code" ], "client-type": "confidential", "id": "client-ead5586b-a545-423e-857f-3c65841067ef", "approval-status": "approved", "owner-id": "e9a61ce5-e49c-4809-ad14-8230fd12ddd4", "created-at": "2020-04-16T20:40:37.541Z" } #+end_src ***** EU Backup #+begin_src { "scopes": [ "admin/csc", "vault/configs:read", "private-intel", "profile", "integration/module-type:read", "enrich:read", "admin/integration/module-instance:write", "users", "casebook", "vault/config/metadata:read", "inspect:read", "orbital", "integration/module-instance", "integration/api-gateway/proxy:write", "integration/sxso/app-links:read", "notification:read", "response", "telemetry:write", "registry/user/ribbon", "global-intel:read" ], "description": "A client used to make API requests to IROH", "approved?": true, "redirects": [ "https://console.eu.amp.cisco.com/visibility_oauth/new", "https://console.eu.amp.cisco.com/securex_modules/new", "https://support-portal.eu.amp.cisco.com/securex_modules/new" ], "availability": "everyone", "password": "$s0$f0801$HJcAh0nXy6kwQ+C6/JvJ5g==$wtPYiPYjxYiB31i2Yapaynh/90GI4gfD4ePZZ21Utlw=", "name": "AMP for endpoints", "allow-partial-user-scopes?": true, "org-id": "a5a47f61-9d42-49fc-a1e9-36b09fe8e95e", "enabled?": true, "grants": [ "auth-code" ], "client-type": "confidential", "id": "client-ce13991c-6049-48ee-8e33-e4d059a153bf", "approval-status": "approved", "owner-id": "32060e21-abcb-45c6-923d-dac334805d1d", "created-at": "2020-04-16T21:08:15.035Z" } #+end_src ***** APJC Backup #+begin_src json { "scopes": [ "admin/csc", "vault/configs:read", "private-intel", "profile", "integration/module-type:read", "enrich:read", "admin/integration/module-instance:write", "users", "casebook", "vault/config/metadata:read", "inspect:read", "orbital", "integration/module-instance", "integration/api-gateway/proxy:write", "integration/sxso/app-links:read", "notification:read", "response", "telemetry:write", "registry/user/ribbon", "global-intel:read" ], "description": "A client used to make API requests to IROH", "approved?": true, "redirects": [ "https://console.apjc.amp.cisco.com/visibility_oauth/new", "https://console.apjc.amp.cisco.com/securex_modules/new", "https://support-portal.apjc.amp.cisco.com/securex_modules/new" ], "availability": "everyone", "password": "$s0$f0801$IHYBwP+MKF+cjke2H9blhw==$BNEdX+cKmVT6DkW3zq2yvZEaTG7SRM/d+TEeuSsLRac=", "name": "AMP for endpoints", "allow-partial-user-scopes?": true, "org-id": "778298b5-cb3e-4d0c-a8fb-4df2bdf9c665", "enabled?": true, "grants": [ "auth-code" ], "client-type": "confidential", "id": "client-2fbb67f0-a6b4-41b4-b4ce-62a8b89fe606", "approval-status": "approved", "owner-id": "92e47cc3-d027-4e2c-88ba-d141bc369883", "created-at": "2020-04-16T20:50:51.948Z" } #+end_src **** DONE Nag team :work: DEADLINE: <2022-10-24 Mon 14:30> SCHEDULED: <2022-10-24 Mon> [2022-10-24 Mon 10:49] **** DONE Team Space :work: DEADLINE: <2022-10-24 Mon 15:00> SCHEDULED: <2022-10-24 Mon> [2022-10-24 Mon 10:49] *** 2022-10-25 Tuesday **** DONE Answer Krithika :work: DEADLINE: <2022-10-25 Tue 15:00> SCHEDULED: <2022-10-25 Tue> [2022-10-25 Tue 10:51] ** 2022-W44 *** 2022-11-01 Tuesday **** DONE POST Off-site Discussion :work: SCHEDULED: <2022-11-07 Mon> [2022-11-01 Tue 17:17] Incident View discussion: https://github.com/advthreat/iroh/issues/6976 ** 2022-W45 *** 2022-11-09 Wednesday **** DONE Handle Flagged emails :work: SCHEDULED: <2022-11-10 Thu 11:00> [2022-11-09 Wed 18:36] ** 2022-W46 *** 2022-11-14 Monday **** DONE Write RBAC Epic(s) :work: SCHEDULED: <2022-11-14 Mon 14:00> :LOGBOOK: CLOCK: [2022-11-14 Mon 16:29]--[2022-11-14 Mon 18:05] => 1:36 :END: [2022-11-14 Mon 10:41] **** DONE [#B] Comment on Jyoti doc :work: DEADLINE: <2022-11-14 Mon 11:30> SCHEDULED: <2022-11-14 Mon> :LOGBOOK: CLOCK: [2022-11-14 Mon 11:30]--[2022-11-14 Mon 15:42] => 4:12 :END: [2022-11-14 Mon 10:41] - https://github.com/advthreat/response/pull/1601 *** 2022-11-16 Wednesday **** DONE Préparation 1-1 Wanderson :work: SCHEDULED: <2022-11-16 Wed> :LOGBOOK: CLOCK: [2022-11-16 Wed 11:24]--[2022-11-17 Thu 18:09] => 30:45 :END: [2022-11-16 Wed 11:24] ** 2022-W47 *** 2022-11-23 Wednesday **** DONE SCA issues :work: SCHEDULED: <2022-11-24 Thu 11:00> [2022-11-23 Wed 19:40] ***** Actions - [ ] Onboard API - [ ] Webhook on role change. - [ ] ENV/Region in the JWT at least id_token. - [ ] Time of provisioning 5 to 10 min. **** DONE TAC Impersonation doc :work: SCHEDULED: <2022-11-24 Thu 10:00> :LOGBOOK: CLOCK: [2022-11-24 Thu 14:06]--[2022-11-24 Thu 14:13] => 0:07 :END: [2022-11-23 Wed 19:11] - take care of scopes - take care of user-switching or any other kind of JWT generation to keep track of act and scopes ** 2022-W48 *** 2022-11-29 Tuesday **** IN-PROGRESS Put beta-flag :work: :LOGBOOK: CLOCK: [2022-11-29 Tue 15:32]--[2022-11-29 Tue 16:32] => 1:00 :END: [2022-11-29 Tue 15:32] https://github.com/advthreat/iroh/issues/7309 =cisco/feature-flag/xdr= - SX Test org- PROD NA: b5935c68-c16a-4290-a49a-aad9bb2ea733 - Cisco SBG Customer Insights (NA): 40f4c64b-7934-4dc6-87d9-5ebf36c13d54 - DPD Group UK LTD (EU): cee614cb-f35b-4147-bd27-9968d173c3ce - Jazz Air (NA) - Org ID - 1b7024af-bc0a-4de1-8ce6-f093340ed5fb - MEMIC (NA) – Org ID - b62f0113-f26e-42f1-89e3-b45254c416a7 - Opus Holding (NA) - Org ID: 4b1b4bba-f310-4251-88c3-bdf3b93d6456 - Room & Board (NA) - Org ID: 794047a5-b023-489e-b5ee-6407fcdf0daa - Talos Energy (NA) - Org ID: c074a67d-1e57-4e4f-9f9d-0b9ed7847bf8 ** 2022-W49 *** 2022-12-05 Monday **** DONE Review RoleService :work: SCHEDULED: <2022-12-04 Sun 11:45> [2022-12-05 Mon 09:56] *** 2022-12-06 Tuesday **** DONE Finir et merger la PR de scopula :work: SCHEDULED: <2022-12-06 Tue> :LOGBOOK: - Note taken on [2022-12-07 Wed 10:48] CLOCK: [2022-12-06 Tue 11:11]--[2022-12-06 Tue 12:11] => 1:00 :END: [2022-12-06 Tue 11:11] *** 2022-12-09 Friday **** MEETING Monthly :work:meeting: :LOGBOOK: CLOCK: [2022-12-09 Fri 18:32]--[2022-12-09 Fri 19:08] => 0:36 :END: [2022-12-09 Fri 18:31] ***** Service Team Pres Guillaume is at Black Hat: Data API Services Team: 1. Working on design for the incident management for next XDR product in RSA Cannot talk much more into details about it. General API services team: 1. Design of the the Audit Trail service 2. CTIM changes for non security related events Auth Services Team: 1. Focus on RBAC work - Design and plan to add new roles - Olivier is focusing on adding new roles in the code - Wanderson focus on improving JWT size wich is related to adding new roles and scopes. New member in the team that will work with Jerome Patrick Patat. ***** Demos ****** Matt ** 2022-W50 *** 2022-12-12 Monday **** IN-PROGRESS Revoke Trusted clients grants :work: :LOGBOOK: CLOCK: [2022-12-12 Mon 16:14]--[2022-12-13 Tue 17:44] => 25:30 :END: [2022-12-12 Mon 16:14] https://github.com/advthreat/iroh/pull/7394 *** 2022-12-14 Wednesday **** MEETING API Design Meeting :work:meeting: [2022-12-14 Wed 18:34] - on Incident Creation - Trigger SXO event, decide if there is any automated workflow to trigger. Design for the Rule System. * 2023 :PROPERTIES: :ARCHIVE_TIME: 2024-02-01 Thu 23:06 :ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org :ARCHIVE_CATEGORY: tracker :END: :LOGBOOK: :END: ** 2023-W26 *** 2023-06-29 Thursday **** CANCELED Investigate invite bug :work: SCHEDULED: <2023-07-03 Mon 11:00> :LOGBOOK: - State "CANCELED" from "TODO" [2023-07-11 Tue 10:51] \\ Whatever :END: [2023-06-29 Thu 11:06] https://github.com/advthreat/response/issues/1888 Deleted user-id c59db89d-212a-4a0c-92d0-ff1a2c7de25b ** 2023-W27 *** 2023-07-04 Tuesday **** MEETING 1-1 Wanderson :work:meeting: :LOGBOOK: CLOCK: [2023-07-04 Tue 16:04]--[2023-07-04 Tue 16:33] => 0:29 :END: [2023-07-04 Tue 16:04] ***** Agenda (to discuss about) - Provisioning - PIAM status - Orbital/Single SE status - RBAC status - offsite ***** Notes ***** Actions - create a backlog of technical work to do *** 2023-07-05 Wednesday **** DONE Cleanup all "TO DELETE" entities :work: SCHEDULED: <2023-07-28 Fri 11:00> [2023-07-05 Wed 19:51] *** 2023-07-06 Thursday **** CANCELED Remove ability to create new Org :work: SCHEDULED: <2023-07-06 Thu> :LOGBOOK: - State "CANCELED" from "TODO" [2023-07-11 Tue 10:52] \\ Whatever :END: [2023-07-06 Thu 16:19] ** 2023-W28 *** 2023-07-11 Tuesday **** DONE IROH Sync :work: SCHEDULED: <2023-07-11 Tue 17:00> [2023-07-11 Tue 10:49] **** DONE IROH-Auth weekly :work: SCHEDULED: <2023-07-11 Tue 16:35> [2023-07-11 Tue 10:49] **** DONE 1-1 Wanderson :work: SCHEDULED: <2023-07-11 Tue 16:05> [2023-07-11 Tue 10:49] **** DONE 1-1 Olivier :work: SCHEDULED: <2023-07-11 Tue 15:35> [2023-07-11 Tue 10:48] **** DONE Lead Weekly :work: SCHEDULED: <2023-07-11 Tue 15:00> [2023-07-11 Tue 10:48] **** DONE Provide doc to Guy Mackenzy :work: SCHEDULED: <2023-07-11 Tue 11:30> [2023-07-11 Tue 10:13] **** DONE Create Entitlement Presentation :work: SCHEDULED: <2023-07-11 Tue 10:30> DEADLINE: <2023-07-12 Wed 15:00> [2023-07-11 Tue 10:12] *** 2023-07-12 Wednesday **** DONE Make enterprise_id mandatory field for PIAM endpoints :work: DEADLINE: <2023-07-12 Wed 18:00> SCHEDULED: <2023-07-12 Wed> [2023-07-12 Wed 17:14] **** MEETING Monetization first meeting :work:meeting: :LOGBOOK: CLOCK: [2023-07-12 Wed 16:07]--[2023-07-12 Wed 17:07] => 1:00 :END: [2023-07-12 Wed 16:07] ***** Notes tier *** 2023-07-13 Thursday **** DONE Review [[https://github.com/advthreat/iroh/pull/8043][[Olivier PR] Check IROH node start in test]] :work: SCHEDULED: <2023-07-13 Thu> [2023-07-13 Thu 12:11] **** DONE Add enterprise_id to many orgs [[https://github.com/advthreat/securex-ui-shell/issues/297#issuecomment-1633099674][list here]] :work: SCHEDULED: <2023-07-13 Thu 14:30> [2023-07-13 Thu 12:06] **** DONE Provide Q1 technical items :work: DEADLINE: <2023-07-13 Thu 16:00> SCHEDULED: <2023-07-13 Thu> [2023-07-13 Thu 11:57] 1. *IROH-Auth Testing Framework-Refactor*: IROH-Auth passed through many different evolution phases and different refactor tentatives. Most of them failed to achieve. One of the result is that the tests are scattered, some should be removed entirely. Some test are very complex to understand, and still not entirely migrated to the new better norm. We reclaim some official time to fix that discrepancy in the code, because it could either hide some bugs, or make development of certain features a lot harder longer than expected. Main concrete ideas: - improve DBFixture service, - try to regroup tests details into the same test-file so a reader will not be forced to dig between different files to understand what is going on. 2. *Developer Targeted documentation*. Currently the descriptions of the APIs in Swagger UI lack of precision. We could greatly improve the understanding of developer facing it by adding examples, and cleaner content in swagger UI. 3. *IROH-Auth isolation* A potential effort to think how we could improve the reliability and security of IROH by isolating IROH-Auth from the rest of IROH. This question was raised multiple times, but we do not have yet a definitive answer about what would be an ideal solution. - potentially, this could mean improving building time, and development time by decoupling Auth from the more feature-oriented work. - potentially, open new unexpected integration solution by having iroh-auth-only specific nodes, and perhaps even, removing the IROH-Auth service from other nodes entirely - Seems like a natural "next-step" related to the work related to specific nodes. This one is more feature oriented as we know we will need this soon: 4. *Token Exchange Service* We need to produce a service that could provide the ability for an entity to get access to other tokens. To make this safe and useful, we need to go beyond the Token Exchange RFC and consider how to build an access rule system, logging, and keep track of the token chain. So first take the time to have a clear understanding of the feature needed, search and find a technical solution, and design the work to be done. We have a current working first example with the Account Switching. We should extend this to improve Impersonation (for TAC and some Devs), future work with PIAM, and open the door to other integration mechanisms. **** DONE Sustaining items for Q1 :work: SCHEDULED: <2023-07-13 Thu 17:00> [2023-07-13 Thu 11:56] ** 2023-W29 *** 2023-07-17 Monday **** MEETING Deep dive XDR Monetization :work:meeting: :LOGBOOK: CLOCK: [2023-07-17 Mon 16:31]--[2023-07-17 Mon 17:31] => 1:00 :END: [2023-07-17 Mon 16:31] ***** Agenda (to discuss about) ***** Notes - hide 3rd party modules to "Essentials" users ***** Actions - Restrict via the API too **** DONE Add scopes to Scott Burnettes orgs/clients? :work: SCHEDULED: <2023-07-17 Mon 11:00> [2023-07-17 Mon 08:58] *** 2023-07-19 Wednesday **** MEETING API Design Meeting :work:meeting: :LOGBOOK: CLOCK: [2023-07-19 Wed 18:47]--[2023-07-19 Wed 19:42] => 0:55 :END: [2023-07-19 Wed 18:47] ***** Agenda (to discuss about) ***** Notes ****** Data Retention How to delete private-intel events older than 90 days? How to delete orgs data? Private Intel. Incidents related to other entities. If we delete data older than 90 days? @Jyoti: if an incident is closed you can clear it. ****** Deleting all data from an Org If no one logs for 90 days. We can delete it. All users, modules, OAuth2 clients, etc… @Matthieu: do we send a warning email? @Jyoti: how to delete data in other components. Send a notification. IROH Events for deletion. Keep the main topic, and create sub-filtered topics. Order of deletion is important. 1. Mark the Org as archived state (no login, only accessible through Cisco clients) 2. send notifications to all cisco components that need to cleanup 3. wait 1 week 4. real deletion Design doc. ****** Monetization Lot of cases for upgrading. In all these case, we do not have Entitlement. So no enforcement. ****** Playbook retrieval API Read entities from public-intel, and UI call that API instead of a static file. We had a design doc where we talked about this API. ***** Actions **** DONE API Design Meeting :work: SCHEDULED: <2023-07-19 Wed 18:30> [2023-07-19 Wed 14:36] ** 2023-W30 *** 2023-07-25 Tuesday **** DONE Retrieve the list of entities from IROH Auth :work: SCHEDULED: <2023-07-25 Tue> [2023-07-25 Tue 17:38] #+begin_src clojure IROH-Auth no entities dbs "auth-codes" "auth-requests" "auth-responses" "auth-login-filters" "oauth-client-presets" "oauth-code" "oauth-csrf" "oauth-device-grant-user-auth" "oauth-grants" "oauth-trusted-clients" "revoked-jwt" "revoked-entities" For Mark "ao-bootstrap" For Matt: "amp-user-credentials" "archived-module-instances" "iroh-events" "module-cache" "module-instances" "module-type-patches" "module-types" "notifications" "sse-tenants" "sse-users" "tiles-cache" "webhook-results" "webhooks" Used By UI: "iroh-registry" For GE: "ctia-investigate-talos-hunt" "enrichment-status" "feedback" "incident-summary" "iroh-async-sessions" "private-intel-cache" "risk-score" "threat-hunt-status" #+end_src **** DONE Ask Paul Cichonski about the quantity values :work: SCHEDULED: <2023-07-25 Tue 19:00> See data retention, should be 90, 180, 365. What would be the value, how should I compute? SCHEDULED: <2023-07-25 Tue> [2023-07-25 Tue 17:36] **** MEETING XDR Monetization: XDR data retention :work:meeting: :LOGBOOK: CLOCK: [2023-07-25 Tue 16:31]--[2023-07-25 Tue 17:51] => 1:20 :END: [2023-07-25 Tue 16:31] ***** Agenda (to discuss about) - https://github.com/advthreat/iroh/issues/8135 - https://ciscosecurity.aha.io/epics/SECUREX-E-897 Discuss Uses cases #1. ***** Notes What happens when this user goes. Clearing data in 90 days. Notion about when to delete data. - Create or update for device. - Create for incident, sightings, relationships. - Comment on Incident recent, can we delete the incident? ***** Actions ****** Ask @Paul about the add-on quantity value for data retention Data Retention is 90 days by default, add-on to go 180, or 365. Need to sync with PIAM because these are not the values in the first doc. **** MEETING 1-1 Wanderson :work:meeting: [2023-07-25 Tue 16:04] ***** Agenda (to discuss about) ****** Things to handle during my vacations. :LOGBOOK: CLOCK: [2023-07-25 Tue 16:04]--[2023-07-25 Tue 16:31] => 0:27 :END: 1. P1: fix XDR bugs, quick improvements 2. Add ~insights~ scope for DI (take care of updating the client, perhaps fix the issue with non existing root scope. Could potentially be a real improvement). 3. Add event on Entitlement change. Optionally configure a webhook for this event, depend on the need. Check with Matt and Guy. 4. Perhaps: - Disable Org creation if SX EOL is officially announced. - [NO] improve provisioning script. Check if module exist before invoking /onboard - work related to short tokens (expose a token-exchange route not the RFC one, a simpler to use one). 5. Think about exposed data structure to make every type of org explicit and centralize the business logic to help the UI. - Retrieve a full list of Org case: - created via PIAM or not - XDR-enabled? - SX-enabled? - Entitlements/no-Entitlement We should be able to give a field to the UI (and other teams) so they know how to react. For example for Orbital-only or SE-only orgs, not sure if we will use SX or XDR UI. Should we add an Org field like ~external-product-only-org? s/Bool~ And if true, affect the scopes accordingly to ensure they could not use neither SX nor XDR paid features. ***** Notes ****** Work on the Events for the Entitlements update problem. ***** Actions **** MEETING 1-1 Olivier :work:meeting: :LOGBOOK: CLOCK: [2023-07-25 Tue 15:05]--[2023-07-25 Tue 16:04] => 0:59 :END: [2023-07-25 Tue 15:05] ***** Agenda (to discuss about) ****** Things to handle during my vacations. 1. P1: fix XDR bugs, quick improvements 2. Add ~insights~ scope for DI (take care of updating the client, perhaps fix the issue with non existing root scope. Could potentially be a real improvement). 3. Add event on Entitlement change. Optionally configure a webhook for this event, depend on the need. Check with Matt and Guy. 4. Perhaps: - Disable Org creation if SX EOL is officially announced. - improve provisioning script. Check if module exist before invoking /onboard - work related to short tokens (expose a token-exchange route not the RFC one, a simpler to use one). 5. Think about exposed data structure to make every type of org explicit and centralize the business logic to help the UI. - Retrieve a full list of Org case: - created via PIAM or not - XDR-enabled? - SX-enabled? - Entitlements/no-Entitlement We should be able to give a field to the UI (and other teams) so they know how to react. For example for Orbital-only or SE-only orgs, not sure if we will use SX or XDR UI. Should we add an Org field like ~external-product-only-org? s/Bool~ And if true, affect the scopes accordingly to ensure they could not use neither SX nor XDR paid features. ***** Notes ***** Actions **** DONE XDR Data Retention Policy Implementation Discussion :work: SCHEDULED: <2023-07-25 Tue 16:30> [2023-07-25 Tue 11:07] **** DONE 1-1 Wanderson :work: SCHEDULED: <2023-07-25 Tue 16:05> [2023-07-25 Tue 11:06] **** DONE 1-1 Olivier :work: SCHEDULED: <2023-07-25 Tue 15:35> [2023-07-25 Tue 11:00] *** 2023-07-27 Thursday **** DONE Message Equipe :work: SCHEDULED: <2023-07-26 Wed 14:00> [2023-07-27 Thu 11:45] - P1. (prob. 30%) XDR Bug fixes - P1. (prob. 20%) Scott Burnette issue with the Provisioning API / OAuth2 clients - P2. (prob. 10%) Help Jyoti with ~xdr-provisioning~ script - P2. FY24Q1 Monetization: Prepare the PR for Disable Org Creation. - P3. FY24Q1 Monetization: Entitlements Events; Check with Matthieu before configuring a webhook for /Automation/ (previously Orchestration, previously SXO, previsouly AO) as it might not be necessary. - P4. Dashboard https://github.com/orgs/advthreat/projects/7/views/9 - [RBAC] ~insights~ scope + sync with DI team (Roman Eremin) - (prob. 10%) [RBAC] if asked to prevent non-admin to create clients, add ~admin~ to the scopes in the routes of the IROH Auth client web service. - Config Simplification + Presentation for the team - P4. *Universal Provisioning Flow* (PIAM want to rename themselve "Security Cloud"). - P4. Designs + New Org concepts that need to be exposed: List the concepts we want to be exposed for each org. - ~:xdr-enabled?/sx-enable?~ perhaps a single ~:enabled-products [:xdr :sx]~. - ~piam-managed?~ etc… - Notion of Product (XDR, SX, but also, visibility, Orbital, SE). Effects on configuration, init of nodes, etc… + Token Exchange (not the RFC). We want to: - Give the ability for someone with a JWT to generate another one with some restrictions and complete tracking. Restrictions by default: - do not extend the :exp - do not change user - do not change org Tracking: - should be an ~act~ claim that could be recursive and we should take great care of not making that grow. It is ok not to have ~act~ in some cases like: - Org switching - format switching because the real owner is always the same. It is not ok to forget ~act~ if there is an impersonation involved. Typically during provisioning, real impersonation, etc… - Main difficulty; what is the correct data structure to represent rules of allowed JWT exchanges. - Take care of asks that could leak internal abstractions: - do not return the full list of allowed modules, IROH-Int will take care of the filtering business rule. - use scopes, not role to filter for permissions - Sync with Matt with everything related to modules for Monetization. Not just directly with Guy, Matt needs to know. **** CANCELED XDR-flag [[https://github.com/advthreat/response/issues/1906#issuecomment-1652405093][1906]] :work: SCHEDULED: <2023-07-27 Thu 11:45> :LOGBOOK: - State "CANCELED" from "TODO" [2023-07-28 Fri 13:23] :END: [2023-07-27 Thu 11:30] *** 2023-07-28 Friday **** MEETING Monthly Engineering :work:meeting: :LOGBOOK: CLOCK: [2023-07-28 Fri 18:01]--[2023-07-28 Fri 19:04] => 1:03 :END: [2023-07-28 Fri 18:01] ***** Agenda (to discuss about) ***** Notes ****** Operation @Gayan Good release. Pass it to John. Metrics. New hires: - @Vidun_Jayakody Automation - @Geaog-Nokila_Pavlov @John: upgrade platform, thanks to @Adam ****** QA @Houman: XDR finally in production. Thanks for the fixes. Everything went pretty well. Performance testing, everything went pretty well in TEST. Documented in a wiki page. @Pujan_Trivedi: Thanks everyone for answering that quickly and efficiently. ****** Service @GB People deliver XDR in my absence. ****** Engine @Eric ****** Integration @Mark ****** UI Dar @Dar, thanks for @Jilian and ... @Rekah refactoring. Lots of bug fixes. ****** UI Sabrina - Congrats everyone. - Code freeze for a while, so lot of bug fixes. - Features been worked on. - Search for relation. - Configurable layout. - Performance improvements. - Lucas, bunch of telementry - Miroslav, incident breadcrumb. - Advance table. ****** Documentation @Mary ****** Demos @Scott_McLeod incident report @Mike next time. @Sam_Waggoner ***** Actions **** DONE Monthly Engineering Meeting :work: SCHEDULED: <2023-07-28 Fri 18:00> [2023-07-28 Fri 11:34] **** DONE Answer Namrata :work: SCHEDULED: <2023-07-28 Fri> [2023-07-28 Fri 10:20] I am not sure about the amount of money. But, if this is Clojurist Together, I can give more precise answer. Looking here: https://www.clojuriststogether.org/projects/ I can attest that our team intensively uses: - Bozhidar work (he develop cider, and most of us use it everyday, and I know he maintain and update the work) - Michiel Borkent (he develop babashka which we also use daily to write scripts that are easier to write. And he is also very active) - Tommi Reiman, our API uses compojure-api and lot of his related libraries. Even if this is very stable, he continues to work on libraries that we could potentially use to improve part of our internal system, like provide a better documentation for developer about the expectation of our routing. - Peter Taoussanis, we use his redis and timber lib (so DB access + logs) And looking at funded projects here are the one we use every day: - cider (daily in our editor) - clj-kondo (in our editor for writing code + used in our CI) - clj-http (this is an essential lib we use to call other APIs) - babashka / SCI (daily + used in our CI + used for admin tasks) - clojure-lsp (used daily in our editor) - dependabot (used daily in our CI) To me it seems we have interrest in contributing back to the open source Clojure community. Not only it improve the maintenance quality of essential libs to our architecture but it also helps during hiring. Now, regarding how much we should give, this probably depend a lot of our current budget. ** 2023-W33 *** 2023-08-16 Wednesday **** MEETING Data Deletion for Privacy :work:meeting: :LOGBOOK: CLOCK: [2023-08-16 Wed 18:02]--[2023-08-17 Thu 17:59] => 23:57 :END: [2023-08-16 Wed 18:02] ***** Agenda (to discuss about) ??? ***** Notes @Prerna: XDR Data Deletion spreadsheet still in progress. @Petr: start without X background standardize for deletion policy. When do we remove the registration info. 45 days post licence expiration. storage archive. We need to make some solid statement on deletion. Review what we have for SCA, and do the same for XDR. @Jake_Wyzgoski: I don't know what we do @Derrell_Winder: Let me check @Jake: describe to see if it align? @Chris_Duane: it is product by product. I haven't seen anything implementing that would stop a user to use after their license expires. @Yann: we don't even have a clear idea about what occurs after license expires. Current state, you can still use XDR with reduced access. @Chris_Duane: not aware to any plan. @Peter: this is the first discussion about it. Data retention, etc… Is there any establish best practice policy to follow? License has expires. @Jake: we need to check if 45 days is the right time or something better. @Y: we should probably centralize this question to PIAM. @Chris: I feel finding a standard retention. @Peter: deletion when we want, we say, during the year. @Prerna: default for inactivity. nobody login for 90 days then delete. @Y: Legal? I think it's delete on demand, and for sale, you can recover your account for N days, after that, you are not guaranteed to have your previous data back. @Peter: word the think with, either the user ask for deletion or no real policy. @Michael_Schultz: SCA keep lot of data beyond retention policy. So it cost money. @Chris_Duane: Talk about exceptions. @Petr: from a legal what is our obligation what should we say? @Derrell_Winder: not a concern for me. - On-request mandatory - 45 days? @Petr: What do you keep? Or is it about everyting? Took a wording from SCA back to start from scratch. @Chris: PIAM not sure what the plan is. @Derrell_Winder: what does this 14 month refers to? (in the Data sheet) @Petr: regroup back to finalize the PDS and ***** Actions ??? **** DONE Answer to Brandon :work: SCHEDULED: <2023-08-16 Wed> [2023-08-16 Wed 10:10] *** 2023-08-17 Thursday **** MEETING PIAM Universal API (SCIM) :work:meeting: :LOGBOOK: CLOCK: [2023-08-17 Thu 17:59]--[2023-08-18 Fri 12:16] => 18:17 :END: [2023-08-17 Thu 17:59] ***** Agenda (to discuss about) How is it helping us to do this. ***** Notes @Paul: UI flow. We can do that for XDR. 2nd part, Universal Flow, standardize the flow. Suite became a thing, some more than just XDR. Existing tenants. Unrelated. @Prerna: Brianna expect that universal does not support brown field customers. @Paul: she talked to Travis. We have this notion to provide any kind of meta-data. We can collect answers to the XDR API. @Yann: risk about the body to send. @Prerna: what about adding values from customer questions. Does this working. @Paul: Developing right now. @Prerna: we probably need the UI... Enforcing @Paul: Offer basis, XDR is sold right now is to an offer called "XDR SSE" hidden flow. Suite is a completely different offer and pids. Suite is using our UI base flow. They'll see XDR as one of the thing they could buy. Only for NAM. @Prerna: US only right now for PIAM. @Paul: Brit Suite from XDR side nothing change. @Prerna: For the brit suite, the universal PIAM API is what is sending info to IROH. ***** Actions *** 2023-08-18 Friday **** IN-PROGRESS Fix SE Clients :interruption:work: :LOGBOOK: CLOCK: [2023-08-18 Fri 12:16]--[2023-08-18 Fri 23:47] => 11:31 :END: [2023-08-18 Fri 12:16] ** 2023-W34 *** 2023-08-21 Monday **** MEETING Monetization :work:meeting: :LOGBOOK: CLOCK: [2023-08-21 Mon 16:06]--[2023-08-21 Mon 16:36] => 0:30 :END: [2023-08-21 Mon 16:06] ***** Agenda (to discuss about) ***** Notes ***** Actions - [ ] Provide a doc about the new APIs for entitlements for devs. *** 2023-08-23 Wednesday **** MEETING API Design Meeting :work:meeting: :LOGBOOK: CLOCK: [2023-08-23 Wed 18:34]--[2023-08-24 Thu 16:02] => 21:28 :END: [2023-08-23 Wed 18:33] ***** Agenda (to discuss about) ***** Notes ****** 3rd party integrations (Ian's team) @Jyoti: Jyoti preview problem with data quality. PIAM want to go full speed, with 3rd party integrations they are going to support. Ian not very diligent, just copy/pasting rolling new integrations. Don't go with the logic. Finally, peer-review. QA does not know what to test. Configuration issues with the modules. Whatever we do, we should have a check-list for review. What data included, proper targets, relations. Tactics as we need, etc… @Guillaume: we gave advise but we never reviewed the code @Matt: no process to review the content of 3rd party modules. Documentation is a bit messy. Nothing is currently in place. @Jyoti: I've been asking Namarata to add this process to check integration quality. ***** Actions **** MEETING Data Retention bi-weekly :work:meeting: :LOGBOOK CLOCK: [2023-08-23 Wed 18:00]--[2023-08-23 Wed 18:34] => 0:34 :END: [2023-08-23 Wed 18:00] ***** Agenda (to discuss about) ***** Notes - doc from Yann - discussion about 365 vs 90 for deletion. XDR going back to SX ***** Actions **** CHAT Help Prerna answer question for SE :work:chat: [2023-08-23 Wed 17:56] **** CHAT Give master perm to Wanderson :work:chat: [2023-08-23 Wed 17:56] **** CHAT Help Rekha call /token :work:chat: :LOGBOOK: CLOCK: [2023-08-23 Wed 17:46]--[2023-08-23 Wed 18:00] => 0:14 :END: [2023-08-23 Wed 17:55] **** CANCELED Nominate Recognitions :work: SCHEDULED: <2023-08-24 Thu 10:00> :LOGBOOK: - State "CANCELED" from "TODO" [2023-09-06 Wed 18:21] :END: [2023-08-23 Wed 17:49] **** DONE Write Issue for SE :work: SCHEDULED: <2023-08-23 Wed 16:30> [2023-08-23 Wed 16:01] *** 2023-08-24 Thursday **** MEETING Team meeting :work:meeting: [2023-08-24 Thu 16:34] ***** Agenda (to discuss about) ***** Notes ***** Actions **** MEETING Monetization :work:meeting: :LOGBOOK: CLOCK: [2023-08-24 Thu 16:02]--[2023-08-24 Thu 21:33] => 5:31 :END: [2023-08-24 Thu 16:02] ***** Notes @Guillaume: tour of the team. @Matt: @Y: - Made a Doc to help devs using the Entitlements - Asked to support an SCIM-like API to help provision from PIAM. I consider this as low-priority for now. - We will need that API to support external tokens (from PIAM) - We will need to support asynchronous call - We also need to adapt the data structure, update the users data and potentially meta datas to apply to external onboardings. - Asked to create many Orgs for dev purposes, so created a few personal scripts. - Olivier discovered a potential bug with the webhook JWT generated. - Webhooks needs to be configured by Wanderson - Jillian asked to improve one profile endpoint to support more metas infos - I am in a conversation to help UI support neverending session for dashboards via refresh tokens. - Yuri from DI asked to be able to support client creation via UI with read-only. I feel we should probably provide an improved API with the full tree-structure of the exhaustive scopes. But UX should be involved in my opinion. - Olivier worked on a very promissing API to simplify how we create svc-helpers. @Mario: - Ambrose memory fix. in Schema creating a memory leak. - Ambrose merge a patch endpoint for bundle update - Mario merged a PR that fix a feature - Mario yesterday message from Brian Mallony, high impact incident, Threat hunting, Talos blog post weekly. And we create indicators. Brian created sightings, that weren't yield. Reach out to Michael Simonson. Something has changed in Talos team post. The sighting didn't yield incident. Not sure why the incident hadn't been created. Discovery; one and only one incident created specificly for Talos since July the 10th. There is something with the Talos Threat Hunt. Only for Talos Blogpost Hunt. @Patrick: Datadog check, false error. Google returns 500 error. Questions: @Olivier: is the Ambrose fix in PROD? I have concern about the timber logs. @Matt: Mario, work of Ambrose, with the Patch bundle. Kirill added some event when an incident is updated. Ambrose did not query the same in the patch bundle. @Mario: I will mention that to him today. ***** Actions :LOGBOOK: :END: ** 2023-W36 #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp nil :link nil :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2023-09-11 Mon 10:51] | Tags | Headline | Time | | | | |---------------+----------------------------+----------+----------+----------+----------| | | *Total time* | *1d 22:17* | | | | |---------------+----------------------------+----------+----------+----------+----------| | | \_ 2023-W36 | | 1d 22:17 | | | | | \_ 2023-09-05 Tuesday | | | 3:06 | | | work, meeting | \_ Weekly Team | | | | 1:32 | | work, meeting | \_ Weekly Leads | | | | 1:34 | | | \_ 2023-09-06 Wednesday | | | 1d 19:11 | | | work, meeting | \_ API Design Meeting | | | | 1d 17:11 | | work, meeting | \_ FMC Plan with Paul | | | | 2:00 | #+END: *** 2023-09-05 Tuesday :LOGBOOK: :END: **** MEETING Weekly Team :work:meeting: :LOGBOOK: CLOCK: [2023-09-05 Tue 17:03]--[2023-09-05 Tue 18:35] => 1:32 :END: [2023-09-05 Tue 17:03] ***** Agenda (to discuss about) ***** Notes ***** Actions **** MEETING Weekly Leads :work:meeting: :LOGBOOK: CLOCK: [2023-09-05 Tue 15:16]--[2023-09-05 Tue 16:50] => 1:34 :END: [2023-09-05 Tue 15:16] ***** Agenda (to discuss about) ****** Offsite Semaine du 9 octobre. ***** Notes ***** Actions **** DONE Leads Meeting :work: SCHEDULED: <2023-09-05 Tue 15:00> :PROPERTIES: :Effort: 1:00 :END: [2023-09-05 Tue 10:36] *** 2023-09-06 Wednesday **** MEETING API Design Meeting :work:meeting: :LOGBOOK: CLOCK: [2023-09-06 Wed 18:31]--[2023-09-08 Fri 11:42] => 41:11 :END: [2023-09-06 Wed 18:31] ***** Agenda (to discuss about) IROH as a common service CSC, and DI will move in Secure Cloud access. How to reuse the UI, how to continu to make this function. CSC. They also need to talk to SE, other cisco integrations. DI need to talk to all other integrations. What happens to our modules. Thinking about IROH and a few of its services, IROH headless. See proposal: https://github.com/advthreat/response/pull/2026 ***** Notes ***** Actions **** MEETING FMC Plan with Paul :work:meeting: :LOGBOOK: CLOCK: [2023-09-06 Wed 16:31]--[2023-09-06 Wed 18:31] => 2:00 :END: [2023-09-06 Wed 16:31] ***** Agenda (to discuss about) ***** Notes ***** Actions *** 2023-09-08 Friday **** DONE Check Client [[webexteams://im?space=b5136a40-6687-11ed-9679-4b10798d7c1a&message=722b1960-4dc4-11ee-9508-fba85c9bfccf][Webex]] :work: SCHEDULED: <2023-09-08 Fri 14:00> :LOGBOOK: CLOCK: [2023-09-08 Fri 11:42]--[2023-09-08 Fri 13:12] => 1:30 :END: [2023-09-08 Fri 11:42] ** 2023-W37 *** 2023-09-11 Monday **** DONE Avance on Org Level Clients :work: SCHEDULED: <2023-09-12 Tue 14:00> [2023-09-11 Mon 20:57] **** MEETING 1-1 Jyoti Yann :work:meeting: :LOGBOOK: CLOCK: [2023-09-11 Mon 19:28]--[2023-09-12 Tue 00:36] => 5:08 :END: [2023-09-11 Mon 19:28] ***** Agenda (to discuss about) ??? ***** Notes Didi discussion, another discussion source. Need to figure out, DI, etc… Sequence Diagrams. To talk: - signing keys from OKTA ***** Actions - Advance on Org leve clients. - fix https://github.com/advthreat/iroh/issues/7582 - plan to update the client to use virtual **** DONE Envoyer une liste d'amin par org [[https://github.com/Cisco-PosaaS/oak/issues/8664][Issue]] [[webexteams://im?space=b5136a40-6687-11ed-9679-4b10798d7c1a&message=11a76c20-5098-11ee-9e49-49fc7799be2b][Yuri]] :work: SCHEDULED: <2023-09-12 Tue 11:00> [2023-09-11 Mon 19:00] **** DONE Envoyer les org-id à conserver (OAuth2 clients, master users) à Petr :work: SCHEDULED: <2023-09-12 Tue 10:30> [2023-09-11 Mon 18:59] **** DONE Answer to [[webexteams://im?space=b5136a40-6687-11ed-9679-4b10798d7c1a&message=2298ba80-507e-11ee-a39b-619063280a9c][Yuri]] :work: SCHEDULED: <2023-09-11 Mon 11:30> :LOGBOOK: CLOCK: [2023-09-11 Mon 11:02]--[2023-09-11 Mon 19:00] => 7:58 :END: [2023-09-11 Mon 11:02] *** 2023-09-12 Tuesday **** MEETING 1-1 Wanderson meeting :work:meeting: :LOGBOOK: CLOCK: [2023-09-12 Tue 16:34]--[2023-09-13 Wed 08:20] => 15:46 :END: [2023-09-12 Tue 16:34] ***** Agenda (to discuss about) Reviewing https://github.com/advthreat/iroh/pull/8300/files?short_path=fd98974#diff-fd98974c31ef730c3067abab7684e51eb6be875ee368a148d1ab660d832e5abc ***** Notes ***** Actions ****** TODO Create a new full description about JWKSService. - ~cache-jwks~: - perform the call to the JWKS server and if successful update PG (if needed) - the PG should contain: - details about JWKS payload - prepare a RAM (service context) public key from the JWKS payload - ~get-jwks~: you only check the RAM service context Returns a hashmap indiced with ~kid~ and values should be public keys. If fails: ~(log/WARN )~ : either an attack or the JWKS updated For OPS Please RESTART THE NODES!!!!. - ~check-jwt-signature~: 1. decode JWT 2. get kid 3. retrieve kid from ~(get (get-jwts) kid)~ 4. Check signature - ~validate-claims~: 1. decode JWT 2. check ~aud~ and ~exp~ ****** TODO The doc does not say if fields are mandatory or not. Which one are mandatory? Example: https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/common-provisioning/apireference/Models/Entitlement.md And more precisely: https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/common-provisioning/apireference/Models/Tenant.md *** 2023-09-13 Wednesday **** MEETING Monetization :work:meeting: :LOGBOOK: CLOCK: [2023-09-13 Wed 19:30]--[2023-09-13 Wed 21:15] => 1:45 :END: [2023-09-13 Wed 19:30] ***** Agenda (to discuss about) ***** Notes ***** Actions *** 2023-09-14 Thursday **** MEETING Monetization Demo :work:meeting: :LOGBOOK: CLOCK: [2023-09-14 Thu 16:31]--[2023-09-14 Thu 17:25] => 0:54 :END: [2023-09-14 Thu 16:31] ***** Agenda (to discuss about) ***** Notes ***** Actions ** 2023-W38 *** 2023-09-19 Tuesday **** MEETING Weekly Team Meeting :work:meeting: [2023-09-19 Tue 17:02] ***** IROH-Auth - Talk about DI virtual users - Progress on Universal Provisioning API (interesting Engineering challenges) - Talk with Automation about Org virtual users ***** Notes - Offsite **** MEETING 1-1 Wanderson :work:meeting: :LOGBOOK: CLOCK: [2023-09-19 Tue 16:13]--[2023-09-19 Tue 17:54] => 1:41 :END: [2023-09-19 Tue 16:13] ***** Agenda (to discuss about) ***** Notes ***** Actions ****** Questions for PIAM ******* TODO Do you send a different URL for every provisioning call? Or is the URL fixed and should be configured? **** DONE Prepare Automation Meeting (Org virtual user) :work: SCHEDULED: <2023-09-19 Tue> [2023-09-19 Tue 10:05] Why Org Virtual User? https://github.com/Cisco-PosaaS/oak/issues/8664#issuecomment-1717653336 Why not "main Admin" of the Org? Some admin could individually have different permissions and properties that might not be something we'd like to provide the to clients. Changes? None, nothing changed. The email could be filled with something that was not an email for very old accounts, but this claim was never mandatory. You just got lucky every JWT had an email. See: https://visibility.amp.cisco.com/iroh/doc/iroh-auth/index.html Where ~email~ is explicitly marked as "optional". Short Tokens? Where ~email~ are removed from the claims. We keep only: - "iss" - "iat" - "exp" - "nbf" - "jti" - "aud" - "sub" - "https://schemas.cisco.com/iroh/identity/claims/format" - "https://schemas.cisco.com/iroh/identity/claims/user/id" - "https://schemas.cisco.com/iroh/identity/claims/org/id" - "https://schemas.cisco.com/iroh/identity/claims/oauth/refresh-token-jti" - "https://schemas.cisco.com/iroh/identity/claims/oauth/client/id" - "https://schemas.cisco.com/iroh/identity/claims/oauth/user/id" - "https://schemas.cisco.com/iroh/identity/claims/oauth/client/owner/id" - "https://schemas.cisco.com/iroh/identity/claims/oauth/grant" - "https://schemas.cisco.com/iroh/identity/claims/oauth/kind" In particular, no ~scope~, no ~email~, no ~user name~, etc… *** 2023-09-20 Wednesday **** MEETING API Design Meeting :work:meeting: :LOGBOOK: CLOCK: [2023-09-20 Wed 18:29]--[2023-09-20 Wed 21:09] => 2:40 :END: [2023-09-20 Wed 18:29] Offsite: @Jyoti: High level vision, XDR: - AI team on top of the incident manager. - MDR requirements - Wednesday afternoon ***** G2 Telemetry. @Gbuisson: give them access to data. ***** Yann status update - lot of work related to the design of Universal Provisioning API with Wanderson. - Planned a new meeting next week with PIAM and SCA to check the design. - New design implies many changes, (expect at least 4 release cycles): - support PIAM tokens but also understand how to check them securely (for now this is not clear) - support worker run on constant interval that would run on a single instance. - support lock. - SE, SX-only provisioning with 0-click module setup support (https://github.com/advthreat/iroh/issues/8266) blocked work related to SE provisioning, waiting for PR approval. Still no ping from SE team yet. (https://github.com/advthreat/iroh/pull/8275) - talked with Automation about the Org-level users yesterday, I think we are on track with Murali. I think Santosh probably feels better about it. They will need another client and they could automatically get the tokens for the client generating Org-level tokens using tokens of the first client because their client has ~oauth~ scope. - still many small tasks related to fixing provision related bugs. - Yesterday, and today asked by Danny to create an SX-only Org for Arizona University directly asked by Brianna. - Today, pinged by Matthew Franks because CSC onboarding is failing on EU. - QA team asking to create SX-only orgs (Hissan yesterday) - Heard about plan for custom roles, should be part with Petr planning. Just to check if PMs expectations are easy to reach. For example a notion that an user could have multiple roles. I don't think it would be difficult to do that in IROH, but this might become a potential breaking change if external integration looking at the ~role~ claim in JWT or in the ~whoami~ endpoint. - Still keep track that Olivier feels good working on modules with Matt. I think he appreciate to be exposed to other part of IROH he is used to. **** MEETING Prepare Universal API Meeting :work:meeting: :LOGBOOK: CLOCK: [2023-09-20 Wed 16:32]--[2023-09-20 Wed 18:29] => 1:57 CLOCK: [2023-09-20 Wed 14:47]--[2023-09-20 Wed 14:50] => 0:03 :END: [2023-09-20 Wed 14:47] ***** Actions ***** Questions for PIAM: ****** TODO Optional Fields in PIAM doc The doc does not say if fields are mandatory or not. Which one are mandatory? Example: https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/common-provisioning/apireference/Models/Entitlement.md And more precisely: https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/common-provisioning/apireference/Models/Tenant.md ****** TODO How to check for PIAM ownership of the PIAM token I guess verifying the signature will not be enough. Should we check a specific ~sub~ claim? etc… ****** TODO Do you send a different callback URL for every provisioning call? Or is the URL fixed and should be configured? *** 2023-09-21 Thursday **** MEETING VPN Swagger :work:meeting: :LOGBOOK: CLOCK: [2023-09-21 Thu 16:02]--[2023-09-22 Fri 17:39] => 25:37 :END: [2023-09-21 Thu 16:02] SBG CTO is looking accross access. *** 2023-09-22 Friday **** DONE Do Data Retention Policy [[https://github.com/advthreat/iroh/pull/8384/files][ISSUE]] :work: SCHEDULED: <2023-09-25 Mon 10:00> :LOGBOOK: CLOCK: [2023-09-22 Fri 17:39]--[2023-09-22 Fri 20:59] => 3:20 :END: [2023-09-22 Fri 17:39] ** 2023-W39 *** 2023-09-27 Wednesday **** DONE Advisory Lock Service [[https://shiroyasha.io/advisory-locks-and-how-to-use-them.html][Article]] :work: SCHEDULED: <2023-09-27 Wed 11:00> [2023-09-27 Wed 09:25] ** 2023-W39 *** 2023-09-25 Monday **** DONE Préparer Rewards Olivier :work: SCHEDULED: <2023-09-25 Mon 14:30> [2023-09-25 Mon 11:15] ***** Big things you did between Juyly 2022/August 2023: ****** XDR - *RBAC - Expose Entitlements - [Provisioning] Update Entitlements ****** Generic - Org Virtual User, very big win. - Org Level Authorization in clients - Public but hidden APIs ****** Devs - IROH Configs and service graph discovery - Public dev doc (template, deploy, etc…) - Changelog - Code coverage ***** Rewards Great throughput, Generic and Quality. Not much I can ask for on my end. **** DONE Préparer Rewards 1-1 Wanderson :work: SCHEDULED: <2023-09-25 Mon 14:00> [2023-09-25 Mon 11:14] ***** Big things you did between July 2022 / August 2023: ****** XDR - Expose Entitlements - scopes/permissions endpoints ****** Generic - Short Tokens, not in use yet, but Automation wants them. - Many code maintenance + bugfix/support ****** Devs - some code fixes/refactos ***** Rewards Compare to other members, very good but sometime you had some lack of consistence I affect to many of your life challenges. Last few months this totally changed, so this will probably change. Even like this you still are a very strong contributor. I will probably be able to negociate for more next year. **** DONE Créer template offsite :work: SCHEDULED: <2023-09-25 Mon 12:00> [2023-09-25 Mon 11:13] ** 2023-W40 *** 2023-10-02 Monday **** IN-PROGRESS Presentation Custom Roles :work: :LOGBOOK: CLOCK: [2023-10-02 Mon 18:11]--[2023-10-03 Tue 18:49] => 24:38 :END: [2023-10-02 Mon 18:11] **** DONE Ecrire Presentation/Document custom roles :work: SCHEDULED: <2023-10-02 Mon 16:00> [2023-10-02 Mon 15:38] *** 2023-10-05 Thursday **** DONE Finaliser personal presentation :work: SCHEDULED: <2023-10-09 Mon 10:00> [2023-10-05 Thu 21:13] **** DONE Préparer présentation IROH 2.0 :work: SCHEDULED: <2023-10-09 Mon 09:00> [2023-10-05 Thu 21:13] ** 2023-W42 #+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp nil :link nil :tags t :narrow 36! :match "work" #+CAPTION: Clock summary at [2023-10-23 Mon 11:20] | Tags | Headline | Time | | | | |---------------+-------------------------------+----------+----------+---------+---------| | | *Total time* | *1d 12:26* | | | | |---------------+-------------------------------+----------+----------+---------+---------| | | \_ 2023-W42 | | 1d 12:26 | | | | | \_ 2023-10-16 Monday | | | 1d 3:56 | | | work, meeting | \_ Monetization | | | | 1d 3:56 | | | \_ 2023-10-18 Wednesday | | | 3:02 | | | work, meeting | \_ Custom Roles with Guy | | | | 3:02 | | | \_ 2023-10-20 Friday | | | 5:28 | | | work, meeting | \_ Detect Unused Orgs | | | | 5:28 | #+END: *** 2023-10-16 Monday **** DONE Reserver Ecran :work: SCHEDULED: <2023-10-24 Tue 10:40> [2023-10-16 Mon 17:42] **** DONE Factures offsite :work: SCHEDULED: <2023-10-17 Tue 10:00> [2023-10-16 Mon 17:41] **** MEETING Monetization :work:meeting: :LOGBOOK: CLOCK: [2023-10-16 Mon 16:02]--[2023-10-17 Tue 19:58] => 27:56 :END: [2023-10-16 Mon 16:02] ***** Agenda (to discuss about) ***** Notes ***** Actions - Add discussion about upgrade/downgrade session [[webexteams://im?space=27f93cd0-5190-11ee-bd8d-35c3d6dd9f2f][Channel]] **** DONE Create clients [[webexteams://im?space=fc0e4f90-527d-11ee-98f2-0faa9801585c][SSE]] :work: SCHEDULED: <2023-10-16 Mon 15:00> [2023-10-16 Mon 11:11] *** 2023-10-18 Wednesday **** MEETING Meraki OAuth2 discussion :work:meeting: [2023-10-18 Wed 17:09] ***** Agenda (to discuss about) ***** Notes ***** Actions **** MEETING JWT and Entitlements :work:meeting: [2023-10-18 Wed 16:31] ***** Agenda (to discuss about) ***** Notes ***** Actions **** MEETING Custom Roles with Guy :work:meeting: :LOGBOOK: CLOCK: [2023-10-18 Wed 16:01]--[2023-10-18 Wed 19:03] => 3:02 :END: [2023-10-18 Wed 16:01] ***** Agenda (to discuss about) How to get JWTs How to retrieve Entitlements ***** Notes @Andrew_Parisi Data retention for conure. ***** Actions *** 2023-10-20 Friday **** MEETING Detect Unused Orgs :work:meeting: :LOGBOOK: CLOCK: [2023-10-20 Fri 16:01]--[2023-10-20 Fri 21:29] => 5:28 :END: [2023-10-20 Fri 16:01] ***** Agenda (to discuss about) ***** Notes ***** Actions ** 2023-W43 *** 2023-10-23 Monday **** MEETING FMC delegate OAuth2 Device Grant :work:meeting: :LOGBOOK: CLOCK: [2023-10-23 Mon 16:31]--[2023-10-23 Mon 17:59] => 1:28 :END: [2023-10-23 Mon 16:31] ***** Agenda (to discuss about) ***** Notes ***** Actions *** 2023-10-24 Tuesday **** MEETING Staging decision :work:meeting: :LOGBOOK: CLOCK: [2023-10-24 Tue 20:06]--[2023-10-24 Tue 21:26] => 1:20 :END: [2023-10-24 Tue 20:06] ***** Agenda (to discuss about) ***** Notes ***** Actions *** 2023-10-26 Thursday **** MEETING XDR Data Retention Sync :work:meeting: :LOGBOOK: CLOCK: [2023-10-26 Thu 17:31]--[2023-10-26 Thu 18:01] => 0:30 :END: [2023-10-26 Thu 17:30] ***** Agenda (to discuss about) ***** Notes ***** Actions ** 2023-W44 *** 2023-10-30 Monday **** DONE Delete PIAM clients created by me :interruption:work: :LOGBOOK: CLOCK: [2023-10-30 Mon 17:13]--[2023-10-30 Mon 18:16] => 1:03 :END: [2023-10-30 Mon 17:13] #+begin_src ./get-client -e test --client-id 'client-092cc2a4-4a91-41d5-a153-caf2304f64a6' {:env :test, :client {:name "PIAM-Provisioning-TEST", :availability "org", :scopes ["cisco/platform"], :grants ["client-creds"]}, :owner {:user-id "cbab92a3-d606-4c74-895c-0c8921dce6ef", :user-name "Yann (MASTER)", :user-email "yaesposi@cisco.com", :additional-scopes ["iroh-admin" "cognitive" "iroh-master" "cisco" "global-intel"]}, :org {:id "33b2cdbf-0d67-42f3-8a20-ca96fac4e20c", :name "Y ORG (master-user)"}} #+end_src ** 2023-W45 *** 2023-11-06 Monday **** DONE undo upgrade on enterprise-id :work: SCHEDULED: <2023-11-07 Tue 10:00> [2023-11-06 Mon 18:39] **** DONE Planifier visite médicale :work: SCHEDULED: <2023-11-06 Mon 14:00> [2023-11-06 Mon 10:42] *** 2023-11-07 Tuesday **** MEETING Weekly Lead Meeting :work:meeting: :LOGBOOK: CLOCK: [2023-11-07 Tue 15:07]--[2023-11-07 Tue 16:37] => 1:30 :END: [2023-11-07 Tue 15:07] ***** Agenda (to discuss about) ***** Notes Mario on centralizing CTIA/private-intel ***** Actions ** 2023-W46 *** 2023-11-14 Tuesday **** MEETING User + Breach Suite Priority :work:meeting: :LOGBOOK: CLOCK: [2023-11-14 Tue 17:35]--[2023-11-14 Tue 18:17] => 0:42 :END: [2023-11-14 Tue 17:35] ***** Agenda (to discuss about) Our current customer experience isn’t great – we rely on personal contact to the admin to provision the products in a very specific order, and then a manual correction on the back end. This is because both XDR and Secure Access set up a Secure X org, which is necessary for Breach and User Suites, respectively – but in the Combo Suite there’s currently no way for them to coordinate and only set up one org. Align on the priority of fixing this issue Proposed resolution, is this the right path forward Please forward the meeting if I have not included all the right representatives. XDR: Briana, Jyoti Secure Access: Nirmal, Justin (Sangeeta, Matt optional) Secure Endpoint: Ivlana, Alain E2E Test: JJ, April PMO: Sukanthi PM Ops: Mandy ***** Notes ***** Actions *** 2023-11-15 Wednesday **** MEETING API Design Meeting :work:meeting: :LOGBOOK: CLOCK: [2023-11-15 Wed 19:15]--[2023-11-15 Wed 22:14] => 2:59 :END: [2023-11-15 Wed 19:15] ***** Agenda (to discuss about) ***** Notes ***** Actions ****** DONE Add a check for the module. SCHEDULED: <2023-11-16 Thu 14:00> *** 2023-11-16 Thursday **** MEETING Universal PIAM flow check-in :work:meeting: :LOGBOOK: CLOCK: [2023-11-16 Thu 16:29]--[2023-11-17 Fri 18:02] => 25:33 :END: [2023-11-16 Thu 16:29] ***** Agenda (to discuss about) ***** Notes ***** Actions Open work: Admin work: - Have an OAuth2 client credentials to answer back to PIAM - Have a reasonable value for waiting time of failure (I would say 24h) - Potentially add a mechanism to send an error email to an internal TAC support team about a problem for some customer during the provisioning that need manual intervention - *** 2023-11-17 Friday **** MEETING Monthly Engineer Meeting :work:meeting: :LOGBOOK: CLOCK: [2023-11-17 Fri 18:02]--[2023-11-17 Fri 20:10] => 2:08 :END: [2023-11-17 Fri 18:02] ***** Agenda (to discuss about) ***** Notes ***** Actions ** 2023-W47 *** 2023-11-21 Tuesday **** MEETING XDR / PIAM common provisioning api coordination :work:meeting: :LOGBOOK: CLOCK: [2023-11-21 Tue 18:05]--[2023-11-21 Tue 21:27] => 3:22 :END: [2023-11-21 Tue 18:05] ***** Agenda (to discuss about) Checks work to be done. What the timeline is looking like? ***** Notes ***** Actions ** 2023-W48 *** 2023-11-28 Tuesday **** DONE org-level-auth for DI clients :work: SCHEDULED: <2023-11-28 Tue 14:00> [2023-11-28 Tue 09:56] *** 2023-11-29 Wednesday **** MEETING API Design Meeting :work:meeting: :LOGBOOK: CLOCK: [2023-11-29 Wed 18:45]--[2023-11-29 Wed 21:21] => 2:36 :END: [2023-11-29 Wed 18:45] ***** Agenda (to discuss about) ***** Actions ***** Notes ****** Common Org Have a common org for SE and other internal products. - CDO effort piece stopped. PIAM will take that. @Jyoti: Staging Ask from PM. Nobody from the Engineering team wants to do this. Asked to us explain why it would take 1 year. So created a document, started with Murali. Ops came back on estimation. Couple of hours. PM came back, what for a brand new region. Ops let's use the same script. PM why was that one year. Be very clear of the steps after it was setup. All the configurations we need. Number of steps, clearly call out assumptions and dependencies. Etc… Add up all the work for all integrations. PIAM **** MEETING SCC Script (brownfield provisioning) :work:meeting: :LOGBOOK: CLOCK: [2023-11-29 Wed 17:55]--[2023-11-29 Wed 18:44] => 0:49 :END: [2023-11-29 Wed 17:55] ***** Agenda (to discuss about) ***** Notes Danny will run a script to trigger user-email+org-id => start flow to attach to enterprise-id & entitlements ***** Actions ** 2023-W49 *** 2023-12-04 Monday **** MEETING Scoring Escalation Devs Sync :work:meeting: :LOGBOOK: CLOCK: [2023-12-04 Mon 15:20]--[2023-12-04 Mon 21:56] => 6:36 :END: [2023-12-04 Mon 15:20] ***** Agenda (to discuss about) ***** Notes ***** Actions - monitor failed pushed incidents - improve robustness of incidents scoring by having default quick score + harder score *** 2023-12-08 Friday **** MEETING IROH Sync :work:meeting: :LOGBOOK: CLOCK: [2023-12-08 Fri 17:08]--[2023-12-09 Sat 09:31] => 16:23 :END: [2023-12-08 Fri 17:08] ***** Agenda (to discuss about) - Retrospective ***** Notes ****** Guillaume (4/5) - Communication Quality: 4/5 - Well: - Badly: - CRITICAL ESCALATION INCIDENT. Went undetected. Too confident in monitoring. ****** Yann (4/5) ... ****** Matt (4/5) + positive: data dog + negative: + suggestions: + put name into anonymous function ****** Mario (4/5) + positive: - people are implicated - many patches that improved the situation + negative: - lot of people impacted - accounting for every task + Suggestion: - keep track of successful/failed jobs ****** Olivier (4/5) + positive: + negative: - nb of PG queries + suggestions: - could have tried to help ****** Jerôme (?/5) + positive - we will improve our monitoring + negative: - monitoring + suggestion: - we could have been helpful to retrieve logs for example. - work on monitoring - add sentry to get all trace back ****** Ambrose (?/5) + postive: - great resume from GB + negative: - incident and CPU, cut corners + suggestion: - ... ****** Kirill (4/5) + positive: - great to see how people collaborating + negative: - ns, db functionality, relation logic, - process to introduce big architecture changes. - not actively collaborating on PR + suggestion - look more to other's PRs - big architecture changes ****** Shafiq (?/5) + positive: - identified the mapping issue in the iroh-event feature + negative: - ... + suggestion: ***** Actions ** 2023-W50 *** 2023-12-14 Thursday **** MEETING Refresh tokens :work:meeting: :LOGBOOK: CLOCK: [2023-12-14 Thu 19:06]--[2023-12-15 Fri 15:51] => 20:45 :END: [2023-12-14 Thu 19:06] ***** Agenda (to discuss about) ***** Notes - Create Trusted clients (read only) with longer refresh tokens - Write the doc for the UI team ***** Actions **** DONE Refresh tokens (doc + create read-only clients) :work: SCHEDULED: <2023-12-15 Fri 11:00> [2023-12-14 Thu 19:06] *** 2023-12-15 Friday **** DISC Sync with team :work:discussion: :LOGBOOK: CLOCK: [2023-12-15 Fri 15:51]--[2023-12-15 Fri 17:21] => 1:30 :END: [2023-12-15 Fri 15:51] ** Initial For the end of the week, I feel I didn't sync'd enough with both of you. So let me give a short update about what is going on. 1. I started working on finally provide a correct impersonating mechanism. It will use the same JWT generation as the login mechanism. Providing not only an access token but also a refresh token. - If you impersonate, your user details are saved in an ~act~ claim that will contain an user identity. - If you use an impersonated JWT to switch account, the new JWT will keep the same ~act~ claim as the first impersonated claim. - I don't think we need to go down up to the point of tracking OAuth2 clients, but this is a possibility. 2. I will have a meeting with Danny an Prerna to provide a script that will make customer responsible for connecting their PIAM account to their XDR account. The script looks like something very easy to write and provide. We'll see. 3. I started a discussion with the UI team because I was pinged by Piotr to have a long living dashboard (so very long session to show an XDR dashboard). Here is what I proposed: 1. create a few specific trusted clients (with dummy password...) for which refresh tokens expires only after 1 month. 2. When the user want to display a long living dashboard, the UI could switch the tokens used from the session token to the token retrieved from this client by using the `/iroh/oauth2/custom/tokens` route. 4. A similar discussion spawned with Chris Duane about providing a safer mechanism to hand JWT to the AI component. And I proposed the exact same solution. Create a specific client and hand over these new token we can control more easily than a user session token. 5. The priority is still Universal Provisioning fixes and improvements. This is why I didn't started to talk about the rest of the work yet 6. After looking at the fiasco that was trying to use events to create a cache for Entitlement Summary. Not much a fiasco, but a clear reminder that concurrent (or even worse distributed) event systems are a nightmare to internalize and understand. We could have a longer discussion about this if you feel inclined. 7. Last but not least in anyway, we might finally start a new big chunck of work to support multi-region/sub-region. We worked with GB on a new design that would provide the ability to our customer to select their prefered AWS deployment region while minimizing the impact on the ops, development teams and other integrated teams. For now, this is just a proposal that we bubbled up to the PMs. We will see if this is accepted or if there is another plan to support more geos. ** ChatGPT English corrected As the end of the week approaches, I feel like I haven't synced enough with both of you. To provide a brief update on my progress, here are some key points: 1. I have been working on implementing an impersonating mechanism that uses JWT generation similar to the login process. This will not only generate an access token but also a refresh token. If you use an impersonated JWT to switch accounts, the new JWT will retain the same ~act~ claim as the first impersonated claim. While it may be possible to track OAuth2 clients, I don't think we need to go that far. 2. I have a meeting scheduled with Danny and Prerna to provide them with a script that will enable customers to connect their PIAM account to their XDR account. The script should be relatively easy to write and implement. We'll see how it goes. 3. I recently had a discussion with the UI team because Piotr pinged me about creating a long-living dashboard. To achieve this, I proposed the following solution: * Create a few trusted clients (with dummy passwords) for which refresh tokens expire only after one month. * When the user wants to display a long-living dashboard, the UI can switch from using the session token to retrieving a token from this client by using the `/iroh/oauth2/custom/tokens` route. 4. A similar discussion took place with Chris Duane about providing a safer mechanism for handing JWTs to the AI component. I suggested creating a specific client and controlling these new tokens more easily than user session tokens. 5. The priority remains fixing and improving Universal Provisioning, which is why I haven't started discussing other work yet. 6. After attempting to use events to create an Entitlement Summary cache, I was reminded of the challenges associated with concurrent (or even distributed) event systems. We could have a longer discussion about this if you're interested. 7. Lastly, we might finally begin working on a new project to support multi-region/sub-region deployment options. Our team has proposed a design that would allow customers to select their preferred AWS deployment region while minimizing the impact on ops, development teams, and other integrated teams. This is currently being reviewed by PMs, and we'll see if it's accepted or if there are alternative plans in place. ** 2023-W51 *** 2023-12-19 Tuesday **** MEETING 1-1 Olivier :work:meeting: :LOGBOOK: CLOCK: [2023-12-19 Tue 15:32]--[2023-12-19 Tue 22:00] => 6:28 :END: [2023-12-19 Tue 15:32] ***** Agenda (to discuss about) ***** Notes ***** Actions *** 2023-12-20 Wednesday **** IN-PROGRESS Investigate org-not-found for DI :work: :LOGBOOK: CLOCK: [2023-12-20 Wed 09:48]--[2023-12-20 Wed 22:42] => 12:54 :END: [2023-12-20 Wed 09:48]