64 KiB
- 2023
- 2023-W01
- 2023-W02
- 2023-W04
- 2023-W06
- 2023-W07
- 2023-W08
- 2023-W09
- 2023-W10
- 2023-W12
- 2023-W13
- 2023-W14
- 2023-W16
- 2023-W18
- 2023-05-02 Tuesday
- Prepare Quaterly Meeting! quarterly pdf
- [#7835] Create and Estimate all tasks related to https://github.com/advthreat/iroh/issues/7835
- MEETING Epic PIAM
- MEETING Weekly lead
- Prepare Quarterly development
- Add an XDR beta flag to an Org
- Epic Provisioning
- Weekly Leads
- Review O's PR about services
- Discuss with Wanderson about short-token strategy
- 2023-05-03 Wednesday
- 2023-05-04 Thursday
- 2023-05-05 Friday
- 2023-05-02 Tuesday
- 2023-W19
- 2023-W20
- 2023-W21
- 2023-W22
- 2023-W23
- 2023-W24
- 2023-W25
2023
2023-W01
2023-01-03 Tuesday
MEETING 1-1 Wanderson work meeting
[2023-01-03 Tue 14:26]
Agenda (to discuss about)
Notes
Actions
2023-W02
2023-01-09 Monday
MEETING RSA work meeting
CLOCK: [2023-01-09 Mon 16:32]–[2023-01-09 Mon 20:04] => 3:32
[2023-01-09 Mon 16:31]
Option 1, Reduced features in time
- April 2023
Option 2, more features, but longer
- April (1 scope)
- July 31 (additional scope)
RBAC (pushed to Q4)
- Beta on Jan 18th. no client yet.
-
Full beta for RSA (April 24) (option 1 scope only)
- high quality
- working software in customer environment
- limited # of customers
- Beta: April 24
- LA (Limited Availability): June 30
- GA (General Availbility): July 31
Detailed planning for Q3 and higher confidence for Q4 scope. Q4 planning will require iterative refinement in Q3.
Bi-weekly Demos
- increased visibility into work in progress
- Cross-functional, coordinated effort around feature delivery every 2 weeks
- Limit work in progress so we can demonstrate end to end functionality
- All resources should be focused on MVP items (no side distraction)
2023-01-11 Wednesday
MEETING Q3 Incident logs Notes work meeting
CLOCK: [2023-01-11 Wed 17:11]–[2023-01-11 Wed 17:12] => 0:01
[2023-01-11 Wed 17:11]
Agenda (to discuss about)
Notes
Actions
MEETING IROH Events Meeting work meeting
CLOCK: [2023-01-11 Wed 10:31]–[2023-01-11 Wed 16:28] => 5:57
[2023-01-11 Wed 10:31]
Agenda (to discuss about)
Notes
-
what about forced shutdown?
- how to ensure transaction, like event was not missed?
- what occurs if we detect a corruption?
(do
(send-event :command-action)
;; <--- shut-down
(action user-provided-data-that-create-a-shutdown-bug)
;; <--- shut-down
(send-event :action-done x))
Actions
2023-01-12 Thursday
MEETING Q3 Planning work meeting
CLOCK: [2023-01-12 Thu 17:02]–[2023-01-14 Sat 00:36] => 31:34
[2023-01-12 Thu 17:01]
Response Tab
List of recommended actions.
- some I can execute
- some that need confirmation
- log of action taken (on the right)
Steps: phases (identification, containment, eradication, recovery)
Playbook? A list of things to do, and the user click on a button: confirm, execute, Add note, update, etc…
Big button to skip a phase to next one.
How to keep track of the state. Probably one solution is to have a "Playbook Instance", which will be a specific instance for an incident of a global Playbook. So this will contains, run-ids for workflow ids, state of the playbook from user interactions, actions, notes, etc…
2023-W04
2023-01-24 Tuesday
MEETING 1-1 Wanderson work meeting
CLOCK: [2023-01-24 Tue 14:25]–[2023-01-24 Tue 14:45] => 0:20
[2023-01-24 Tue 14:25]
2023-01-26 Thursday
MEETING Weekly meeting work meeting
CLOCK: [2023-01-26 Thu 17:01]–[2023-01-26 Thu 18:08] => 1:07
[2023-01-26 Thu 17:01]
REVIEW Invitation RBAC work review
CLOCK: [2023-01-26 Thu 16:10]–[2023-01-26 Thu 16:22] => 0:12
[2023-01-26 Thu 16:10]
DONE Ask to cherry-pick the fix https://github.com/advthreat/iroh/pull/7480 work
DEADLINE: <2023-01-26 Thu 17:00> SCHEDULED: <2023-01-26 Thu> [2023-01-26 Thu 10:17]
DONE Prévenir le salon RBAC et Prerna work
DEADLINE: <2023-02-13 Mon 16:00> [2023-01-26 Thu 10:06]
Hi all, the work toward supporting new roles in the API-only is going great so far and I think we will be able to support the new roles in a few weeks from now. That being said, I don't think we will be able to activate that change before taking the time to think about the implications.
I can provide more details about the risk I identified already. But even before that, I want to point this particular PR that will have a direct UX/UI implication once the XDR roles will be merged.
The "Org Access Request" flow. Mainly, when a user login for the first time (and every time the user reach the Registration UI page), the user could request access to the Orgs whose admin email matches their own. Note for those not familiar with this, as we use cisco email, we don't see this. So when a user request access to such Org, a sub-set of admins of this Org will receive an email. Currently the email contains 3 links:
- Grant access as User
- Grant access as Admin
- Reject
But when we will activate the XDR Roles, I think we will show 1 link per role (7) + the reject link. Which is probably not the best UX we can think of, but at least this will be functional. See a screenshot example of an email here: https://github.com/advthreat/iroh/pull/7465
This PR will probably be merged soon and will not change anything in any environment before we activate the XDR-Roles feature flag. I think this should probably start a discussion about wether this is acceptable or if we need to improve the content of the email somehow, or potentially, have a single link that will redirect the admin to the UI on a specific administration page to grant access to the user with a specific role. In the last case, this would imply another UI effort to update this.
Another remark, once we will enable the new XDR roles, some have fewer scopes than the scopes provided to the current non-admin, user role. One major consequence is that every integration using an OAuth2 Client asking for scopes present in the current user role, but not present in the future XDR role will not be able to work as the user with the new more restrictive role will not be able to approve the client. So we will probably need to take the time, integration by integration to check which one could be affected.
Could break
-
The email to accept Org requests will have one link per role (should probably be discussed, improved, check UX)
- Should we create the UI in the dashboard for administrate Org Access Requests? Backend job already done to make it work with all basic features. But if we want a full working system we need to take advantage of notifications between admins of an Org. Should be covered by the "Audit Logs" effort, but need a backend integration.
- In the UI, the invitation role drop-down (appear to not be difficult). Minor backend work close to completion.
-
Integration with OAuth2 Auth-Code/Device Grant clients:
- Normal clients without
allow-partial-user-scopes
that request a scope that is currently provided to user, but not for some new role. Those users will not be allowed to use this client, or existing connection (refresh token) will be rejected on next usage. - Advanced clients with
allow-partial-user-scopes
example, (Ribbon, DI, FMC I think, etc…), in this case, the client need to have made the display, disable status of element depending on the scopes, not just on the "role" as there will be many more specific element that could be disabled separately.
- Normal clients without
- Potentially, some SXO discussions to provide, so working toward providing small JWT for them and switching to it in the future.
2023-W06
2023-02-07 Tuesday
MEETING RBAC meeting work meeting
CLOCK: [2023-02-07 Tue 16:17]–[2023-02-08 Wed 16:01] => 23:44
[2023-02-07 Tue 16:17]
- We will try to work on Security Analyst first.
- Discussed about sync between SXO and SX about scopes and their internal permissions or roles (they choose their preference)
2023-02-08 Wednesday
DONE Create the issues for PIAM work to be done work
SCHEDULED: <2023-02-09 Thu> [2023-02-08 Wed 19:33]
MEETING Weekly API Meeting work meeting
CLOCK: [2023-02-08 Wed 18:33]–[2023-02-08 Wed 22:44] => 4:11
[2023-02-08 Wed 18:33]
Talk about:
-
Minor Admin works:
- fix a security bug
- update the list of or to be part of the XDR beta
- a little bit of TAC help
-
Long term background work:
- some work related to the new deployment, some work to improve node configuration To give an idea, at first it was a duplication of 5 envs. INT, TEST and 3 PRODs. Now we have 20 I think. This is bad, I think I need to help ops handle this.
- Waiting to talk about PIAM provisioning and Org init (activation + integrations)
- creating a scope
insight
for device insight needs.
-
RBAC (on track)
- Olivier: right now trying to prepare retro-compatibility and revert the feature-flag at zero cost.
- Wanderson: work toward short JWT (should be useful for AO), added DB for access/refresh tokens which will provide the ability to have access/refresh tokens revocation API which is currently missing.
- Next steps: wait for the return of Christopher and just after discuss with SXO how to communicate the permissions (most probably using scopes but maybe not in the JWT).
TODO Provide an impersonate route on the provisioning API to make calls
TODO Check SCA can init 1-click module setup
DONE Add scopes to Beta orgs work
CLOCK: [2023-02-08 Wed 16:51]–[2023-02-08 Wed 17:39] => 0:48
[2023-02-08 Wed 16:51]
Added for:
- NAM c4538cf2-e6aa-4c13-b27a-e67788b51089
- 4986f84e-745f-4f32-b840-803b97856e68
2023-02-10 Friday
CANCELED Add the impersonate scope to PIAM clients work
CLOSED: [2023-03-03 Fri 08:30] SCHEDULED: <2023-02-13 Mon 15:00>
- State "CANCELED" from "HOLD" [2023-03-03 Fri 08:30]
- State "HOLD" from "TODO" [2023-02-16 Thu 15:47]
We need to wait to know if we are going to provision internally.
[2023-02-10 Fri 15:23]
2023-W07
2023-02-13 Monday
DONE Créer un meeting avec Murali et Christopher Van Der Made work
SCHEDULED: <2023-02-14 Tue 10:00> [2023-02-13 Mon 17:06]
We would like to talk with you to find a way to synchronize between IROH and SXO permissions.
MEETING RBAC work meeting
CLOCK: [2023-02-13 Mon 16:32]–[2023-02-13 Mon 17:32] => 1:00
[2023-02-13 Mon 16:32]
Agenda (to discuss about)
Notes
Actions
2023-02-14 Tuesday
DONE Finish to answer to Paul work
DEADLINE: <2023-02-15 Wed 11:00> SCHEDULED: <2023-02-14 Tue> [2023-02-14 Tue 18:32]
DONE Répondre à Paul Cichonski work
SCHEDULED: <2023-02-13 Mon 17:00> [2023-02-14 Tue 15:46]
2023-02-15 Wednesday
DONE Create an issue to internalize provisioning work
DEADLINE: <2023-02-21 Tue 17:30> SCHEDULED: <2023-02-21 Tue>
CLOCK: [2023-02-22 Wed 14:00]–[2023-02-22 Wed 15:00] => 1:00
[2023-02-15 Wed 19:17]
Epic
Epic https://github.com/advthreat/iroh/issues/7533
We should provide a route that will in the body a NewAccount
, being
(s/defschema NewAccount
"The schema to create a New Account,
mainly all data needed to create a new Org,
a main admin User for this org and onboard it."
{:org NewOrg
:user NewUser})
(s/defschema NewOrg
"Org before being saved to DB"
(st/merge
{:id OrgId}
(st/optional-keys
{:name (describe s/Str "The name of the Organization specified during login.")
:enterprise-id (describe s/Str "The Cisco SBG Platform Enterprise id associated to this Org.")
:scim-status (describe SCIMStatus "Determine if your Org is activated or not (allowed values are activated or waiting-activation)")
:address OrgAddress})))
(s/defschema OrgAddress
(st/optional-keys
{:department s/Str
:street1 s/Str
:street2 s/Str
:postal-code s/Str
:city s/Str
:country-iso-code (apply s/enum country-iso-codes)}))
(s/defschema NewUser
"provisioned User before being saved to DB"
(st/merge
{:user-email s/Str
:role LegacyOrXDRRoleId
:idp-mappings [PlatformUserIdPMapping]}
(st/optional-keys
{:user-name s/Str
:user-nick s/Str})))
(s/defschema PlatformUserIdPMapping
{:idp s/Str
:user-identity-id s/Str
(s/optional-key :organization-id) s/Str
:enabled? s/Bool})
From there, the endpoint will create the Org and User, then call every onboarding URL with a user session token.
(let [org (create-org new-org)
user (create-user (assoc new-user :org-id (:id org)))
user-session-token (gen-session-token user)
onboarding-responses ;; a JSON Object whose keys are URLs and values are HTTP responses objects
(->> iroh-integration-onboarding-urls
(pmap #(http/post % user-session-token))
(map (fn [url http-response] [url http-response]) iroh-integration-onboarding-urls)
(into {}))]
;; 201
(created {:user user
:org org
:onboarding-responses onboarding-responses}))
Ideally every external service should answer quickly but after having
successfully created an IROH Module. Ideally, the response should
contain the module-id
.
In order for this work to be completed every different team should provide a new endpoint to trigger the onboarding.
/onboard
Endpoint Specification
Provide a URL that listens to HTTP POST. It must only accept queries containing an Authorization header that will contain a Bearer token. The token must be a valid (correctly signed, non-expired) IROH JWT. If not, it must return a 401.
That route should not accept any query parameter nor any body. All the data could be retrieved from the session token passed in the Authorization header.
Example:
POST https://product.env.security.cisco.com/onboarding Authorization: Bearer $JWT Accept: application/json
HTTP/2 201 server: nginx date: Wed, 21 Feb 2023 13:43:31 GMT content-type: text/html; charset=utf-8 content-length: 61 strict-transport-security: max-age=31536000; includeSubDomains accept-ranges: bytes {"module-instance-id":"1e5bb994-b2b4-11ed-9de6-325096b39f47"}
The server should ideally answer in less than a few seconds. If for your
product, the internal provisioning takes longer then you should simply
return a response explaining that the provisioning is in progress. The
response must be a JSON Object. Ideally, it should contain a field named
module-instance-id
for the module-instance-id created. And potentially
other data related to the onboarding.
{"module-instance-id": String, ...}
The expected background work to be performed after receiving this HTTP call is:
- Call
/iroh/oauth2/custom/tokens
with the User Session Token in header (same Authorization header as received) and the body must contain thecliend-id
andclient-secret
created for your Product in IROH. From this call, you should get back both an access and refresh token. - You should save the refresh token.
-
The access token could be used to:
- retrieve needed data to provision a new tenant by calling
/iroh/profile/whoami
for example - create the module instance in IROH.
- retrieve needed data to provision a new tenant by calling
Here is an example diagram (for Device Insight):
skinparam handwritten false
skinparam shadowing false
skinparam sequence {
ParticipantFontName Chalkboard;
ParticipantBackgroundColor white;
ParticipantBorderColor #37C
GroupBorderColor #888
ArrowColor #37C
LifeLineBorderColor #37C
}
participant IROH as iroh
participant "Device Insight" as di
group Provision all sub-components (should not need the IROH_TOKEN)
group#EEF #EEF Device Insights
iroh->di: POST /onboard SESSION_TOKEN
di->di: internal provisioning
di->iroh: create module
di->iroh: 201 {module-id=..., ...}
end
We need to introduce a new notion of onboardable module.
A module is onboardable, if its module-type contain an onboard
field pointing to
a single URL that follow the previous section specification.
We should probably have an internal data structure that will associate to every entitlement a list of onboardable modules. Ideally, we should have a convention to identify internal module-type by name, so we could refer to the device-insight module for example instead of having to specify manually the module-id.
Once this is done, the provisioning endpoint will be able to retrieve, from a specific entitlement, a list of onboarding URL to call. Instead of writing all details here, we should first write a short specification about what is the best way to achieve this.
- dependency DI check or update the onboarding endpoint
- dependency CSC check or update the onboarding endpoint
- dependency SXO check or update the onboarding endpoint
- dependency SCA check or update the onboarding endpoint
- Write the design related to the configuration of the onboarding URLs
- Create the new endpoint
MEETING RBAC sync with SXO work meeting
CLOCK: [2023-02-15 Wed 17:51]–[2023-02-15 Wed 18:51] => 1:00
[2023-02-15 Wed 17:51]
Agenda (to discuss about)
- Explain the goal
- Propose a technical solution
Currently in (XDR/SecureX/CTR) IROH we only have two roles, user and admin. We want to introduce new roles with more granular permissions, in particular for SXO.
SXO has a matrix of Read/Write/Execute for example. The notion of Execute does not exists in IROH. But SXO also has some roles.
A first step will be to introduce new role to propose up to 7 roles (instead of the current 2) in XDR. But an issue is that we also want to provide a way for IROH (XDR/SecureX/CTR) admin to create their own custom roles.
It will work in phase 1, as we could provide a consistent list of roles. But as soon as IROH will introduce custom role this will stop working as these new role will probably be random ids (both in the JWT and in /whoami).
Use the scopes in the JWT.
AO should provide IROH a list of scopes for every new role.
All starting with ao/
ao/sxo-role-1
- ao/sxo-role-2
- ao/sxo-role-3
or
ao/admin/sub-role-2/sub-role-3
ao/sxo-permission-1
ao/sxo-permission-2
ao/sxo-permission-3
ao
can read, write and executeao:read
can read, but cannot write nor executeao/execute
can read and execute, but cannot write
Notes
Actions
2023-02-16 Thursday
MEETING TD&R Checking work meeting
CLOCK: [2023-02-16 Thu 17:04]–[2023-02-17 Fri 10:22] => 17:18
[2023-02-16 Thu 17:04]
AJ
Address rumors:
- Earnings, yesterday, 133M$
DONE Ecrire doc pour expliquer les changements RBAC à SXO work
SCHEDULED: <2023-03-27 Mon 16:00> [2023-02-16 Thu 10:20]
DONE Upgrade Client to ribbon 2 in TEST work
DEADLINE: <2023-02-16 Thu 12:00> SCHEDULED: <2023-02-16 Thu> [2023-02-16 Thu 09:15]
webexteams://im?space=db149a90-e8b4-11eb-9fdb-3b8d98a2bf4d
I'm starting to look at the process to update our ribbon to use 2.0. One of the first steps in the upgrade documentation is to reach out to IROH team to get the "investigation" and "registry/user" scopes added to our oauth client.
To start, I'd like to update the oauth client used in the test environment with client id client-b63b916a-a606-4076-9f9b-15469aec0b93.
2023-02-17 Friday
IN-PROGRESS Fix log PR work
CLOCK: [2023-02-17 Fri 10:50]–[2023-02-22 Wed 14:31] => 123:41
[2023-02-17 Fri 10:50]
DONE Extraire les logs de logins pour Prerna work
DEADLINE: <2023-02-17 Fri 09:45> SCHEDULED: <2023-02-17 Fri> [2023-02-17 Fri 08:53]
2023-W08
2023-02-22 Wednesday
MEETING Weekly API Design Meeting work meeting
CLOCK: [2023-02-22 Wed 18:35]–[2023-02-22 Wed 19:43] => 1:08
[2023-02-22 Wed 18:35]
Agenda (to discuss about)
Notes
Actions
MEETING RBAC weekly work meeting
CLOCK: [2023-02-22 Wed 17:03]–[2023-02-22 Wed 17:34] => 0:31
[2023-02-22 Wed 17:03]
Agenda (to discuss about)
Notes
Actions
Look deeper into dependencies (3rd party scopes like sse, ao, etc…)
2023-02-23 Thursday
DONE Check Secure Endpoint error logs work
CLOSED: [2023-05-06 Sat 09:06] DEADLINE: <2023-02-24 Fri 10:30> SCHEDULED: <2023-02-23 Thu>
- State "DONE" from "HOLD" [2023-05-06 Sat 09:06]
- State "HOLD" from "TODO" [2023-02-24 Fri 14:19]
En attente du retour de Matt pour tester
[2023-02-23 Thu 19:00] Discussion in "SecureX Secure Endpoint" webexteams://im?space=d42b0de0-48b3-11ec-924a-a3c1923cd1c3 Fix PR https://github.com/advthreat/iroh/pull/7473
MEETING Weekly IROH Services Meeting work meeting
CLOCK: [2023-02-23 Thu 17:04]–[2023-02-23 Thu 18:34] => 1:30
[2023-02-23 Thu 17:04]
Agenda (to discuss about)
Notes
Actions
2023-02-24 Friday
DONE Help Yannis to fix the Orbital Client work
SCHEDULED: <2023-02-24 Fri> [2023-02-24 Fri 14:18]
2023-W09
2023-02-27 Monday
MEETING Staging Env work meeting
CLOCK: [2023-02-27 Mon 16:00]–[2023-02-27 Mon 16:39] => 0:39
[2023-02-27 Mon 16:00]
Agenda (to discuss about)
Notes
Actions
DONE Help UI beta team list the IdP used by beta org chore
CLOCK: [2023-02-27 Mon 16:39]–[2023-02-27 Mon 17:02] => 0:23
[2023-02-27 Mon 16:59]
There is a bug for user login via SMA https://github.com/advthreat/securex-ui-shell/issues/115
In order to check if this must be resolved before going to prod, I had to check if every org part of the beta uses TG to login. Result none.
NAM:
- SX Test org: b5935c68-c16a-4290-a49a-aad9bb2ea733 SXSO
- Cisco SBG Customer Insights: 40f4c64b-7934-4dc6-87d9-5ebf36c13d54 SXSO
- Jazz Air: 1b7024af-bc0a-4de1-8ce6-f093340ed5fb SXSO
- MEMIC: b62f0113-f26e-42f1-89e3-b45254c416a7 CSA and SXSO (did not perform the full IdP migration from CSA)
- Opus Holding: 4b1b4bba-f310-4251-88c3-bdf3b93d6456 CSA (some users used SXSO)
- Room & Board: 794047a5-b023-489e-b5ee-6407fcdf0daa SXSO (Migrated from CSA)
- Talos Energy: c074a67d-1e57-4e4f-9f9d-0b9ed7847bf8 SXSO (Migrated from CSA)
EU:
- DPD Group UK LTD: cee614cb-f35b-4147-bd27-9968d173c3ce: SXSO
2023-03-01 Wednesday
MEETING API Design Meeting work meeting
CLOCK: [2023-03-01 Wed 18:35]–[2023-03-01 Wed 19:50] => 1:15
[2023-03-01 Wed 18:34]
Matt
Jyoti: Leave it retro-compat for UI. Just for the engine.
Matt:
-
in AMP, 2 calls:
- retrieve computers
- then trajectory
Jyoti: > Too many timeouts AMP-module. > Use events API instead (not now). > We should revisit.
GB: We have to do something uniform. Passing additional query parameters it's ok, but for some specific servers we could break the contract. Suggest create a new endpoint.
Jyoti: Looking into AMP API to search for time constraint in search APIs.
2023-03-02 Thursday
MEETING Workshop Day 1 work meeting
CLOCK: [2023-03-02 Thu 17:03]–[2023-03-02 Thu 22:03] => 5:00
[2023-03-02 Thu 17:03]
Leave with a common understanding, but not precise technical specification.
Agenda
- DI
- Response
Device Insight
-
Priorities:
-
P1:
- DB simplification
- Simplification of Sources
-
P2:
- Unified view of users and associated devices
-
2023-W10
2023-03-06 Monday
DONE Add scope to TAC-OPS orgs work meeting
CLOCK: [2023-03-06 Mon 16:50]–[2023-03-06 Mon 20:50] => 4:00
[2023-03-06 Mon 17:01]
MEETING RBAC Workshop work meeting
CLOCK: [2023-03-06 Mon 17:02]–[2023-03-06 Mon 17:15] => 0:13
[2023-03-06 Mon 17:01]
New tile to measure time of incident resolution
2023-03-07 Tuesday
CANCELED Create a new Epic for Registration UI admin/impersonate work
SCHEDULED: <2023-03-28 Tue 11:30>
- State "CANCELED" from "TODO" [2023-04-20 Thu 15:43]
[2023-03-07 Tue 14:54]
In order to debug and use the Swagger UI for the Registration UI we need to add new features.
- Support a selection of the registration_url from a query parameter in the login routes. We, must check that the registration_url is part of an allowed list of domains.
- Centralize JWT generation that can take care of keeping the
act
(actor) claim of an originating JWT. Tyically, if the registration UI JWT contains anact
we should copy it inside every JWT generated from it. By that, I mean, session and refresh tokens, but also id_tokens, access tokens from authorized clients, etc…
Once we have that we will be able to use the Swagger UI for the iroh-auth-ui API. And once we have the second we could provide an impersonate for the Registration UI.
2023-03-08 Wednesday
IN-PROGRESS Entitlements work
CLOCK: [2023-03-08 Wed 10:43]–[2023-03-08 Wed 11:43] => 1:00
[2023-03-08 Wed 10:42]
2023-03-09 Thursday
DONE Review Mark PRs work
SCHEDULED: <2023-03-09 Thu> [2023-03-09 Thu 18:01]
MEETING Weekly work meeting
CLOCK: [2023-03-09 Thu 17:13]–[2023-03-09 Thu 18:26] => 1:13
[2023-03-09 Thu 17:13]
Status
Progress: PIAM provisioning/entitlement/demo plan seems to be ok with all teams involved (PIAM, IROH, SCA, Secure Client, DI, SXO)
Open question:
- where should we put the onboarding configuration (URLs?)
2023-W12
2023-03-20 Monday
CANCELED Add org-habit+ for daily work tasks work
DEADLINE: <2023-03-21 Tue 10:00> SCHEDULED: <2023-03-20 Mon>
- State "CANCELED" from "TODO" [2023-03-21 Tue 10:47]
[2023-03-20 Mon 10:07]
CANCELED Améliorer issue Clients TG / Config work
SCHEDULED: <2023-04-19 Wed 11:00>
- State "CANCELED" from "IN-PROGRESS" [2023-04-20 Thu 15:43]
[2023-03-20 Mon 09:57]
INT:
Org-id: 5a439753-42e9-5058-872e-cb69be5455e6 Austin Haas user-id: 553788bd-25a4-543d-b6c3-cf7dddcfda5a
{:password "13c74602-2"
:availability "everyone"
:org-id "5a439753-42e9-5058-872e-cb69be5455e6"
:owner-id "553788bd-25a4-543d-b6c3-cf7dddcfda5a"
:client-type :confidential
:grants #{:auth-code}
:redirects #{"https://int.threatgrid.com/oauth2/cb/visibility"
"https://int.threatgrid.com/oauth2/cb/securex"
"http://localhost:8080/oauth2/cb/visibility"
"http://localhost:8080/oauth2/cb/securex"
"http://localhost:8080/oauth2/cb/securex_one_click_activation"
"https://int.threatgrid.com/oauth2/cb/securex_one_click_activation"}
:id "34d94c8c-2041-4708-8172-ebe2df295ca7-2"
:name "secure malware analytics"
:allow-partial-user-scopes? true
:scopes #{"admin"
"casebook"
"enrich"
"global-intel:read"
"inspect"
"integration/module-instance"
"integration:read"
"investigation"
"notification"
"orbital"
"private-intel"
"profile"
"registry/user"
"response"
"telemetry:write"
"users"}
:approved? true
:enabled? true
:created-at #inst "2018-02-27t10:00:00"
:updated-at #inst "2018-02-27t10:00:00"
:enabled-at #inst "2018-02-27t10:00:00"
:activated-at #inst "2018-02-27t10:00:00"
:approved-at #inst "2018-02-27t10:00:00"
}
2023-03-25 Saturday
DONE Add orgs to beta work
DEADLINE: <2023-03-27 Mon 10:00> SCHEDULED: <2023-03-25 Sat> [2023-03-25 Sat 09:51]
See webexteams://im?space=d6d28420-c403-11ed-8526-0db030ef0b12
DONE Support body for onboardings work
SCHEDULED: <2023-03-27 Mon 11:00> [2023-03-25 Sat 09:47]
DONE recursive search data-structure work
SCHEDULED: <2023-03-27 Mon 16:00> [2023-03-25 Sat 09:44]
Replace in TK-Store Search by Search | [:or Search*] | [:and Search*] | [:not Search*]
by using the trick return {:query … :args […]} instead of just query
2023-W13
2023-03-28 Tuesday
DONE Create issues for SSE onboarding work
SCHEDULED: <2023-03-28 Tue> [2023-03-28 Tue 18:35]
- create client for SSE with Secure Client and DI scopes
- Configure SCA
- Support provisioning for free Org (empty entitlement or entitlement.tier = free) and should only onboard CSC and DI.
MEETING Performance Management work meeting
CLOCK: [2023-03-28 Tue 18:05]–[2023-03-30 Thu 11:46] => 41:41
[2023-03-28 Tue 18:05]
Focus on performance management.
Why / what are we doing?
@Pat_Chatterton:
- prioty, transforming the business, change what we are doing with our teams.
Conversation with our teams about where we are going. My teams discuss once a week.
Something that I am passionate about. Align everybody.
This is not new. Everybody is doing in their own way. Lot of tools already in place. Refresher of what we're doing.
Tons of info come out of this. Not only listen, but also think about it because you will be doing this. Make sure our team is ready for next step.
@Amelia_Lombard: Program.
An invitation for how to approach "performance management".
- We as leader can be better by bing more authentically.
-
Channeling our values.
- build and learn together
- create clarity to drive momentum
- be kinder than necessary
- celebrate together
- with empathy, support and accountability
Sharing that data to our team members. Look for opportunities to build on success. Also celebrate on progress on weaknesses.
First be clear about our expectations. And ultimately they'll need to deliver.
Core Career Beliefs (illuminate.cisco.com) (share with your team)
Please do engage. Slido.com event code: SBGPerfMgmt pass: lift
Goals
- Understand where each of your team members perf is today
- if some are underperforming, reach out to perf consultants for support (by 31th March)
- Plan for Quarterly Developement discussions
Performance at Cisco
@Shelly_Collins
- Clearly communicate how they are doing.
- how to assess performance. results / principles-behaviors / team-impact
-
data points:
- team space check-in insights report
- OKRs, KPIs, Scorecards
- seek feedback from peers, stakeholders
- connected recognition
- expectations set in your quarterly development
Thinking about their carreer?
- Exploring (looking for new opportunity)
- Establishing (build my skillset)
- Achieving (find ways to grow)
- Excelling (broaden opportunity)
- Reinventing (build new skillset)
@Felicia_Glace
- Employee consistently missing critical meetings without reason
- Employee not meeting business deliverables that has amplified impact
- Lack of care in quality of work being delivered
- Challenges with engagement
- Individual Performance Factor (IPF) lower than 100%
Low performance is NOT
- Employee dealing with personal loss, life event
- Behavorial concerns
Open a case with the Performance Management team
The Low Performance Management Website.
From a case:
4 steps: Expectations, Notice, Opportunity, Consequences
- Clearly communicate expectations
- Provide notice to the team member they are not meeting expectations. Be specific about where performance is falling short.
- Provide an opportunity for the team member to improve their performance.
BEFORE
- be prepared to address questions
- both verbal coaching and documented coaching should align that employee is not meeting expectations.
- Prepare for the first conversation by preparing documentation and gathering supporting facts
DURING
AFTER
- Follow up with an email to the employee outlining progress and summarizing discussion point
- Document feedback regularly
- short-term goals
- long-term carreer
2023-03-30 Thursday
MEETING weekly work meeting
CLOCK: [2023-03-30 Thu 17:01]–[2023-04-05 Wed 18:37] => 145:36
[2023-03-30 Thu 17:01]
Status update
- PIAM work
- TK-Store work for composable query with and/org/not
- Work on configs
- Entitlement brainstorm
- Lot of XDR beta-flag requests
2023-W14
2023-04-07 Friday
MEETING Weekly meeting work meeting
CLOCK: [2023-04-07 Fri 16:28]–[2023-04-07 Fri 16:30] => 0:02
[2023-04-07 Fri 16:28]
Agenda (to discuss about)
Notes
Actions
2023-W16
2023-04-18 Tuesday
DONE Créer issue pour la route de description des roles work
SCHEDULED: <2023-04-18 Tue> [2023-04-18 Tue 16:41]
MEETING RBAC Weekly Feature Sync work meeting
CLOCK: [2023-04-18 Tue 16:01]–[2023-04-18 Tue 16:40] => 0:39
[2023-04-18 Tue 16:01]
- Name from "admin" to "Administrator"
- Name from "user" to "Incident Responder"
- new role "sat" named "Security Analyst"
2023-04-19 Wednesday
DONE Create the SSE (0 Trust) scripts work
SCHEDULED: <2023-04-21 Fri 10:00>
CLOCK: [2023-04-21 Fri 09:42]–[2023-04-21 Fri 19:46] => 10:04
[2023-04-19 Wed 20:01]
MEETING API Design Meeting work meeting
CLOCK: [2023-04-19 Wed 18:30]–[2023-04-20 Thu 16:26] => 21:56
[2023-04-19 Wed 18:30]
Confs
Create project board about configurations.
Entitlements
PIAM Entitlements:
[{:entitlement-name "tier"
:value "essential"
:quantity 4000
:created-at ,,,}
{:entitlement-name "extra-data-retention"
:quantity 90
:created-at ,,,}]
Entitlement ids,
In the config
{:free {,,,}
:essential {:allowed-modules [?]
:apps [:sxo :di :csc :sca :ssx]
:additional-scopes [,,,]
:data-retention-in-GB 200
:rate-limits-per-hour 8000
,,,}
:advantage {:allowed-modules [?]
:apps [:sxo :di :csc :sca :ssx]
:additional-scopes [,,,]
:data-retention-in-GB 1000
:rate-limits-per-hour 8000
,,,}
:premier {:allowed-modules [?]
:apps [:sxo :di :csc :sca :ssx]
:additional-scopes [,,,]
:data-retention-in-GB 2000
:rate-limits-per-hour 8000
,,,}}
An Entitlements data-store.
{:id 0001
:org-id 0001
:created-at ,,,
:entitlement {:tier :premier
:seat-count 4000}
:entitlement-capabilities-snapshot {:allowed-modules [?]
:apps [:sxo :di :csc :sca :ssx]
:additional-scopes [,,,]
:data-retention-in-GB 2000
:rate-limits-per-hour 8000
,,,}}
{:id 0002
:org-id 0001
:created-at ,,,
:entitlement {:extra-data-retention-in-GB 90} }
FOR org 0001
{:summary {:tier :premier
:allowed-modules [?]
:apps [:sxo :di :csc :sca :ssx]
:data-retention-in-GB 2090 ;; <---- 2000 + 90
:rate-limits-per-hour 8000
,,,}
:history [{:id 0001 :org-id 0001
:created-at ,,,
:entitlement-view {:allowed-modules [?]
:apps [:sxo :di :csc :sca :ssx]
:data-retention-in-GB 2000
:rate-limits-per-hour 8000
,,,}}
{:id 0002 :org-id 0001
:created-at ,,,
:entitlement-view {:data-retention-in-GB 200}}]}}
SSE (0-Trust)
Free Entitlement
apps: Secure Client and Device Insight.
Write the doc with an example.
1.a Prior change the scopes required for POST /iroh/provisioning/platform/org
1.b Prior change the scopes required for POST /iroh/provisioning/platform/user
- Create a client with that scope => get a client-id/client-secret
-
Write a script (python/bash/maybe HTML+JS): input: user-email/user-name/org-name/org-address etc…
- get the JWT from client-id/client-secret
- create the ORG
- create the User
Onboard only DI and Secure Client
2023-04-20 Thursday
DONE Create todo list for work work
SCHEDULED: <2023-04-28 Fri> [2023-04-20 Thu 16:30]
- prepare 1-1 tasks
- select to make a iroh-auth call to prevent repeat myself (better group feeling)
MEETING RBAC UI meeting work meeting
CLOCK: [2023-04-20 Thu 16:26]–[2023-04-20 Thu 17:40] => 1:14
[2023-04-20 Thu 16:26]
Agenda
Notes
Actions
2023-W18
2023-05-02 Tuesday
DONE Prepare Quaterly Meeting! quarterly pdf work
SCHEDULED: <2023-05-03 Wed 15:00> [2023-05-02 Tue 17:37]
DONE [#7835] Create and Estimate all tasks related to https://github.com/advthreat/iroh/issues/7835 work
SCHEDULED: <2023-05-03 Wed 11:30> [2023-05-02 Tue 17:36]
MEETING Epic PIAM work meeting
[2023-05-02 Tue 15:30]
MEETING Weekly lead work meeting
CLOCK: [2023-05-02 Tue 15:04]–[2023-05-02 Tue 16:51] => 1:47
[2023-05-02 Tue 15:04]
Agenda (to discuss about)
Notes
@GB: travaille sur la nouvelle API de l'incident manager.
Actions
DONE Prepare Quarterly development work
SCHEDULED: <2023-05-02 Tue 17:00> DEADLINE: <2023-05-05 Fri 12:00> [2023-05-02 Tue 14:44]
DONE Add an XDR beta flag to an Org work
CLOCK: [2023-05-02 Tue 14:34]–[2023-05-02 Tue 14:37] => 0:03
[2023-05-02 Tue 14:34]
DONE Epic Provisioning work
DEADLINE: <2023-05-02 Tue 15:30> SCHEDULED: <2023-05-02 Tue> [2023-05-02 Tue 12:40]
DONE Weekly Leads work
SCHEDULED: <2023-05-02 Tue 15:00> [2023-05-02 Tue 12:40]
DONE Review O's PR about services work
DEADLINE: <2023-05-03 Wed 15:00> SCHEDULED: <2023-05-02 Tue>
CLOCK: [2023-05-03 Wed 17:33]–[2023-05-04 Thu 09:28] => 15:55
[2023-05-02 Tue 10:41]
DONE Discuss with Wanderson about short-token strategy work
DEADLINE: <2023-05-02 Tue 14:40> SCHEDULED: <2023-05-02 Tue> [2023-05-02 Tue 10:41]
2023-05-03 Wednesday
DONE Election CSE work
SCHEDULED: <2023-05-03 Wed 14:00> [2023-05-03 Wed 10:45]
DONE API Design Meeting work
SCHEDULED: <2023-05-03 Wed 18:30> [2023-05-03 Wed 10:29]
DONE Ajouter les beta flags beta-room work
SCHEDULED: <2023-05-03 Wed 11:10> [2023-05-03 Wed 10:19]
DONE Répondre à Paul room work
SCHEDULED: <2023-05-03 Wed 11:00> [2023-05-03 Wed 10:17]
2023-05-04 Thursday
MEETING Weekly IROH work meeting
CLOCK: [2023-05-04 Thu 17:01]–[2023-05-04 Thu 17:59] => 0:58
[2023-05-04 Thu 17:21]
Agenda (to discuss about)
Notes
Actions
DONE IROH Weekly work
SCHEDULED: <2023-05-04 Thu 17:00> [2023-05-04 Thu 11:36]
- Next week Response API in IROH with UI
- Problem with backfill for Jon
DONE QDD Olivier work
SCHEDULED: <2023-05-04 Thu 15:35> [2023-05-04 Thu 11:35]
DONE QDD Wanderson work
SCHEDULED: <2023-05-04 Thu 14:35> [2023-05-04 Thu 11:35]
IN-PROGRESS Personal QDD FY23Q3 work
CLOCK: [2023-05-04 Thu 09:28]–[2023-05-04 Thu 09:59] => 0:31
[2023-05-04 Thu 09:28]
Results
Accomplishments:
- Added support for AND/OR queries in tk-store. Should help
- PIAM (Provisioning / Entitlement start)
- Free Tier Provisioning
- XDR Flags via scopes
- Work closer to PIAM
- Entitlement will be a nice beast
Principles & Behaviors
- Advocate (only positive XDR feedback to the team)
- Customer value (AND/OR queries)
- Learn (clojure in scripts)
- Team for results: engaged team for iroh config issue
Team Impact
- admin-clj scripts should be helpful
- IROH default config should help ops
- PIAM
2023-05-05 Friday
DONE Change the scope for feature-flag API to use cisco/tac work
SCHEDULED: <2023-05-09 Tue 10:00> [2023-05-05 Fri 22:41]
DONE IMPORTANT QDD Returns Actions work
SCHEDULED: <2023-05-11 Thu 10:00> [2023-05-05 Fri 16:24]
Both of you are tagged with not enough implication.
-
Lack of visibility!
- Webex support !
- Webex implication in external discussions with UI, PO, PMs, etc…
- Everyday messages
2023-W19
2023-05-10 Wednesday
IN-PROGRESS Ecrire un kudos pour la team. work
CLOCK: [2023-05-10 Wed 16:13]–[2023-05-10 Wed 16:38] => 0:25
[2023-05-10 Wed 16:13]
Thanks Wanderson and Olivier for your dedication. You prepared the RBAC work for the next quarter so most backend work is already done.
Olivier you managed to update and refactor all the IROH-Auth code to introduce new roles everywhere in the code. You also improved the work so now it is possible to launch specialized IROH nodes.
DONE Merge 7857 work
SCHEDULED: <2023-05-10 Wed> [2023-05-10 Wed 12:04]
DONE Prepare some kudos messages for your teams. work
SCHEDULED: <2023-05-10 Wed 17:00>
CLOCK: [2023-05-10 Wed 16:38]–[2023-05-10 Wed 17:38] => 1:00
[2023-05-10 Wed 10:41]
DONE Fill Talent Assessments in workday work
DEADLINE: <2023-06-01 Thu> SCHEDULED: <2023-05-24 Wed 15:40> [2023-05-10 Wed 10:33]
DONE API Design Meeting work
SCHEDULED: <2023-05-10 Wed 19:00> [2023-05-10 Wed 09:51]
DONE RSA Celebration work
SCHEDULED: <2023-05-10 Wed 18:00> [2023-05-10 Wed 09:50]
DONE Check with Hissan who to contact for Provisioning bug work
SCHEDULED: <2023-05-10 Wed 16:20> [2023-05-10 Wed 09:48]
DONE Propose options for FF in XDR RBAC work
SCHEDULED: <2023-05-10 Wed 16:00> [2023-05-10 Wed 09:47]
DONE Add Jeffrey Zankowits to the XDR beta work
SCHEDULED: <2023-05-10 Wed 16:00> [2023-05-10 Wed 09:46]
2023-05-11 Thursday
MEETING 1-1 Olivier work meeting
CLOCK: [2023-05-11 Thu 15:03]–[2023-05-12 Fri 08:49] => 17:46
[2023-05-11 Thu 15:03]
Agenda (to discuss about)
Notes
Actions
DONE Performance Training work
SCHEDULED: <2023-05-11 Thu 17:00> [2023-05-11 Thu 10:10]
DONE Weekly Team work
SCHEDULED: <2023-05-11 Thu 17:00> [2023-05-11 Thu 10:10]
DONE 1-1 Olivier work
SCHEDULED: <2023-05-11 Thu 15:05> [2023-05-11 Thu 10:09]
DONE 1-1 Wanderson work
SCHEDULED: <2023-05-11 Thu 14:35> [2023-05-11 Thu 10:09]
2023-05-12 Friday
MEETING Orbital work meeting
CLOCK: [2023-05-12 Fri 17:01]–[2023-05-12 Fri 17:39] => 0:38
[2023-05-12 Fri 17:01]
Agenda (to discuss about)
Notes
Purpose EOL of SecureX. Starting after GA. Only supporting existing subscribers.
User management and onboarding.
Ask Eduardo for use cases:
@Eduardo:
After GA, advantage and premier. Access Orbital without.
Flexibility on how to use Orbital.
Actions
Consider all use cases and review them with Engineering.
MEETING PenTest with Chris Duane work meeting
CLOCK: [2023-05-12 Fri 15:45]–[2023-05-12 Fri 16:19] => 0:34
[2023-05-12 Fri 15:45]
Agenda (to discuss about)
Notes
Actions
2023-W20
2023-05-15 Monday
MEETING Q1 priority work meeting
CLOCK: [2023-05-15 Mon 16:52]–[2023-05-15 Mon 17:52] => 1:00
[2023-05-15 Mon 16:52]
Notes
Access Control to allow for feature restriction per monetization option.
- ACL additional roles and more granular.
-
Additional Integrations
- Data Loss Prevention
- IDM solutions
- ISE
- CNAPP solutions
- App Discovery / Insights / AppSec solutions
- Kenna
- Localization: Language Support and internationalization
-
Assess existing integrations for relevancy and functionality
- convert existing into data warehouse
- Assess existing Orchestration content for relevancy and functionality; prune and enhance
- Usage Reporting to support Common Platform display requirements and monetization
- Continue convert integrations
- Continue SCA and XDR convergence
- Ensure continuous analysis of generated incidents against existing data
- Ability for other TD&R solution to poll the XDR data warehouse for conviction
- Incorporate vuln, etc…… into event analysis
- Email security detection enhancement, insight identity potential
- Continue SCA and XDR convergence
- Multi-tenancy for Managed Detection and Response
- OS event logs (windows/linux)
- continue
- telemetry
- AI for playbook
- CSC Management
- Proxying communication traffic and on - premises solutions telemetry
- Mult- tenancy for Managed Detection and Response
- Role - Based Access Control
- Notification Options Improvements
- Common Integrations management
- Data Enhancement for enhanced correlation across Cisco data source
- ACL, Monetization restriction, and multi-tenancy for MDR
- Secure Client Management
- Proxying comm
- Multi tenancy
- Role
- Notification
- Common Integrations management
- Data Enhancements for enhanced correlation across Cisco data sources
DONE Q1 Priorities work
SCHEDULED: <2023-05-15 Mon 16:00> [2023-05-15 Mon 10:36]
2023-05-16 Tuesday
DONE Cisco Performance Training for Leaders work
SCHEDULED: <2023-05-16 Tue 17:00> [2023-05-16 Tue 15:34]
2023-05-17 Wednesday
MEETING RBAC Weekly work meeting
CLOCK: [2023-05-17 Wed 16:31]–[2023-05-17 Wed 17:15] => 0:44
[2023-05-17 Wed 16:31]
- invitation workflow tickets
- revocation endpoint on role change
MEETING SCA Provisioning work meeting
CLOCK: [2023-05-17 Wed 15:58]–[2023-05-17 Wed 16:31] => 0:33
[2023-05-17 Wed 15:58] People: Yann Esposito, Brandon Thacker, Jeff Markey, Michael Schultz, Paul Cichonski
Agenda (to discuss about)
- questions for IROH
Notes
@Jeff: number of tickets, understanding high level @Paul: no push entitlements @Michael: we'll do pull first @Paul: no requirement to enforce requirements for GA
Actions
- [optional] Webhooks for update entitlements?
MEETING API Design Meeting work
SCHEDULED: <2023-05-17 Wed 18:30> [2023-05-17 Wed 11:27]
MEETING RBAC Weekly work
SCHEDULED: <2023-05-17 Wed 16:30> [2023-05-17 Wed 11:24]
MEETING SCA/IROH design discussions work
SCHEDULED: <2023-05-17 Wed 16:00> [2023-05-17 Wed 11:22]
2023-W21
2023-05-23 Tuesday
MEETING RBAC work meeting
CLOCK: [2023-05-23 Tue 16:01]–[2023-05-24 Wed 15:00] => 22:59
[2023-05-23 Tue 16:01]
@Guy: everything ok @Yann:
2023-05-24 Wednesday
MEETING Q1 Planning Session work meeting
CLOCK: [2023-05-24 Wed 15:00]–[2023-05-25 Thu 14:26] => 23:26
[2023-05-24 Wed 15:00]
Agenda (to discuss about)
- Detect people and team that should be involved.
Notes
@Brianna:
Control over the capabilities to meee the monetization options. Thinks like integrations.
Request to define integration more specifically. Anything that is Cisco generated for a 3rd party.
Tiering:
- essentials: limit integration to Cisco based products only built by Cisco
- advantage: allow integration based on 3rd
- premier:
UX Feature Limitation
@IROH <-> @Brianna:
Include addons in the Access Control Work
@christopher: Rate-limits
Question:
- can a customer purchase different tiers? Is the purchase expires?
Actions
2023-05-25 Thursday
MEETING Wanderson 1-1 work meeting
CLOCK: [2023-05-25 Thu 14:26]–[2023-05-26 Fri 15:03] => 24:37
[2023-05-25 Thu 14:26]
Agenda (to discuss about)
Notes
Actions
2023-05-26 Friday
MEETING Q1 Planning Session 2 work meeting
CLOCK: [2023-05-26 Fri 15:03]–[2023-05-26 Fri 19:18] => 4:15
[2023-05-26 Fri 15:03]
Agenda (to discuss about)
Notes
Actions
- New roles for Q1
- Prepare custom role that will be needed for Q2
DONE Gift Card on Cisco Store work
SCHEDULED: <2023-05-26 Fri 14:00> [2023-05-26 Fri 10:53]
DONE Monthly Engineering work
SCHEDULED: <2023-05-26 Fri 18:00> [2023-05-26 Fri 10:51]
DONE XDR Engineering Planning Session 2 work
SCHEDULED: <2023-05-26 Fri 15:00> [2023-05-26 Fri 10:50]
2023-W22
2023-05-30 Tuesday
DONE Check new script PR reviews work
SCHEDULED: <2023-05-30 Tue 14:00> [2023-05-30 Tue 11:25]
DONE Weekly lead work
SCHEDULED: <2023-05-30 Tue 15:00> [2023-05-30 Tue 10:43]
2023-05-31 Wednesday
DONE Check Portal Logout issue webex doc work
SCHEDULED: <2023-06-01 Thu 11:00> [2023-05-31 Wed 18:37]
MEETING Planning FY24Q1 session 3 work meeting
CLOCK: [2023-05-31 Wed 15:02]–[2023-05-31 Wed 18:02] => 3:00
[2023-05-31 Wed 15:02]
Agenda (to discuss about)
Notes
Actions
DONE Planning Session Q1 (3rd) work
SCHEDULED: <2023-05-31 Wed 15:00> [2023-05-31 Wed 09:56]
2023-06-02 Friday
DONE Préparer Team Template work
SCHEDULED: <2023-06-05 Mon 11:00> [2023-06-02 Fri 19:53]
DONE Préparer presentation About me template work
SCHEDULED: <2023-06-05 Mon 11:00> [2023-06-02 Fri 19:52]
2023-W23
2023-06-05 Monday
DONE Message to Paul work
SCHEDULED: <2023-06-05 Mon> [2023-06-05 Mon 16:25]
- start and end dates
- SX upgrade to XDR
- updates and multi-tenancy
- periodic sync and check?
- push limit reached to PIAM
-
Discussion about fixing potential tenant errors:
- wrong org-id for some entreprise_id
- create new tenant instead of updating one existing
Text
Hi Paul, how are you?
I finished a meeting with Brianna, and I have many questions for you regarding the provisioning API and Entitlements. To give you a quick overview, I have questions about:
- start and end dates
- SX upgrade to XDR
- updates and multi-tenancy
- periodic sync and check?
- push limit reached to PIAM
-
Discussion about fixing potential tenant errors:
- wrong org-id for some entreprise_id
- create new tenant instead of updating one existing
Apparently the entitlements will have a start and end date that is not standard. For example, the customer buy tier advanced for 4 months (apparently this is not a fixed time from Brianna). Then two weeks before the end, the customer can renew to buy 6 new months. But then, the start date should start and the end of the first entitlement date. So I think to support this you will need to add a start and end date to the entitlement data structure. My question is do you plan to add a start and end date? If not, how could we achieve control of start or expiration for entitlements?
My next question is about how to upgrade an existing SecureX account to XDR. For now, the provisioning API provide the ability to do so, but this will be only via adding entitlements related to some existing Org. So my guess is that you will need to retrieve the Org ID of the user. Of course you can ask the org-id to the customer and it can manually enters it, but this is error prone. Do you think you would prefer to use a basic OAuth2 client to retrieve the Org id from IROH? Another related question the account endpoint create a new tenant, but while possible using multiple call to the provisioning API do you want me to create a specialized end point for upgrade? From Brianna point of view, she expect to be a lot more upgrade than new tenants, at least during the first few months of XDR launch.
Still regarding upgrades, in the API (the SCIM one) you would like IROH to support, the update endpoint use a PUT but only provides an enterprise_id but not the org_id. But, from my understanding with Brianna, in order to support multi-tenancy (we can imagine some existing SX customer have already multiple orgs inside SecureX) you will need to push the new entitlements for this specific org_id only. So it doesn't appear that the SCIM API is suitable for this case as it does not appear to mention the org_id but only the entreprise_id.
Brianna mentioned that we should probably have a bi-directional sync. So you could via the provisioning API read an write entitlements. But I think as a safeguard, IROH should be able to query PIAM to retrieve the current active entitlements so we could sync it periodically (typically once a day per org). Do you already have or plan to give us a read access to the entitlements? And in particular, how would that work for multiple tenancy? Brianna expect that if a customer has multiple existing SX orgs, then that customer should pay a full Entitlement per SX tenant.
Another feature we might want to build is that when a tenant reach a limit, we should probably push that event to PIAM so you could send a notification to the customer to tell them they should upgrade their entitlements. I think this should probably be on PIAM side.
And last but not least, Brianna asked us to discuss about plans to fix errors. Typically, if a customer provide the wrong org-id to set the Entitlement to. We should be able on both side to change it, if we are going to have recurring syncs this might not be straightforward. Same question about the issue of a customer creating a new XDR tenant, but that customer did in fact want to upgrade from XDR.
I am sorry for this big wall of text, but it should convey most of the open questions I have. Let me know if you prefer a better way to talk about them.
MEETING XDR Monetization deep dive work meeting
CLOCK: [2023-06-05 Mon 14:57]–[2023-06-05 Mon 23:23] => 8:26
[2023-06-05 Mon 14:57]
Agenda (to discuss about)
issue iroh #7912
- telemetry, cisco or 3rd party
Checking both ways to sync between PIAM and IROH. Consistency checks everyday.
Send to PIAM upper limit reached.
Talk to Paul and see if that's more work for them.
Thinks about mistakes of XDR upgrade back to PIAM (switch org entitlements, etc…)
- Ask about upgrade tenant from SX to XDR
- Ask about dates start/end
- Ask about update with just the entreprise_id (multi tenancy)
Notes
Pass via Brianna to add to the requirements
Actions
Provide TAC level to change XDR ad Entitlements.
2023-06-07 Wednesday
DONE Talent Assessment Wanderson work
SCHEDULED: <2023-06-07 Wed>
CLOCK: [2023-06-07 Wed 17:22]–[2023-06-07 Wed 18:42] => 1:20
[2023-06-07 Wed 17:22]
Performance:
- Results
- Behavior
- Team Impact
2023-06-08 Thursday
MEETING TAC Training kickoff work meeting
[2023-06-08 Thu 16:32]
Agenda (to discuss about)
Notes
Actions
MEETING 1-1 Olivier work meeting
CLOCK: [2023-06-08 Thu 15:05]–[2023-06-08 Thu 17:08] => 2:03
[2023-06-08 Thu 15:05]
Agenda (to discuss about)
Notes
Actions
DONE TAC Training work
SCHEDULED: <2023-06-08 Thu 16:30> [2023-06-08 Thu 12:07]
@Namrata: Derek Huckaby Training to limited LA (Limited Availability Release)
5 different training sessions. Providing product overviews, XDR, product components.
What the TMEs will be presenting?
@Derek: technical value, what the customer values are for the features Dive into XDR, the value pitch that TSA is giving our customers. Whose the users of this will be.
@Namrata, provide information to TAC to put together tutorials (see Sukhanti Template Docs)
DONE 1-1 Olivier work
SCHEDULED: <2023-06-08 Thu 15:05> [2023-06-08 Thu 12:07]
2023-06-09 Friday
DONE Preparer XDR TAC/CS Training work
SCHEDULED: <2023-06-15 Thu 15:00> DEADLINE: <2023-06-22 Thu 16:30> [2023-06-09 Fri 23:59]
15min long, Administration with Dar.
Architecture Overview/ Changes, Troubleshooting, Info Including Logging and Tools, Links to Tech Doc
2023-W24
2023-06-12 Monday
MEETING XDR Provisioning Onboarding (SCA) work meeting
[2023-06-12 Mon 21:05]
Agenda (to discuss about)
Notes
Actions
XDR-SCA/PIAM Onboarding Scenario
@Paul
The main place for GA new tenant creation.
@Brianna
We would end up creating duplication. Agreed about the monetization a part of XDR.
Manual process. Attach their tenant-id is much a better world. Our ability who had an entitlement? Sales person enter the order or…
Manual process for GA
@Jyoti UX for upgrade
@Prerna avoid duplication of SCA and XDR tenants.
@Prerna user enter their org-id
.
MEETING 1-1 Jyoti work meeting
[2023-06-12 Mon 19:15]
Agenda (to discuss about)
Notes
Data lake need an OAuth2 client Carol, is the PEM on the data-lake side.
Actions
MEETING RBAC Weekly work meeting
CLOCK: [2023-06-12 Mon 16:30]–[2023-06-13 Tue 06:18] => 13:48
[2023-06-12 Mon 16:30]
IN-PROGRESS Enable xdr-roles in PROD this week
TODO Check the PROD clients that could break for SAT
DONE XDR-SCA/PIAM work
SCHEDULED: <2023-06-12 Mon 21:00> [2023-06-12 Mon 14:14]
DONE 1-1 Jyoti work
SCHEDULED: <2023-06-12 Mon 18:30> [2023-06-12 Mon 14:14]
DONE RBAC Weekly work
SCHEDULED: <2023-06-12 Mon 16:30> [2023-06-12 Mon 14:13]
2023-06-13 Tuesday
IN-PROGRESS Finishing Wanderson PR work
CLOCK: [2023-06-13 Tue 06:18]–[2023-06-14 Wed 18:36] => 36:18
[2023-06-13 Tue 06:18]
2023-06-14 Wednesday
MEETING API Design Meeting work meeting
CLOCK: [2023-06-14 Wed 18:36]–[2023-06-16 Fri 17:01] => 46:25
[2023-06-14 Wed 18:36]
Agenda (to discuss about)
Notes
@GB talk about AMP meeting @Jyoti: Enrichement. Events API instead of something else.
@Jyoti: Ian about detection side.
- @GB was looking to standardize a way
- Brianna complaining we did not follow requirements
2023-06-16 Friday
MEETING Secure Client support after XDR GA work meeting
CLOCK: [2023-06-16 Fri 17:01]–[2023-06-16 Fri 17:35] => 0:34
[2023-06-16 Fri 17:01]
Secure Client-only customer.
Use the UI to manage this solution.
2023-W25
2023-06-20 Tuesday
MEETING Weekly Meeting work meeting
[2023-06-20 Tue 17:01]
Demos:
- Kirill
- Jerome & Patrick
Kirill
IROH Events (more events)
Ops deployement demo
MEETING 1-1 Olivier work meeting
CLOCK: [2023-06-20 Tue 15:35]–[2023-06-21 Wed 14:57] => 23:22
[2023-06-20 Tue 15:35]
Agenda (to discuss about)
Notes
Actions
DONE Fix some dependabot messages work
SCHEDULED: <2023-06-20 Tue 11:00> [2023-06-20 Tue 10:18]
DONE Weekly IROH Sync work
SCHEDULED: <2023-06-20 Tue 17:00> [2023-06-20 Tue 10:16]
DONE 1-1 Olivier work
SCHEDULED: <2023-06-20 Tue 15:30> [2023-06-20 Tue 10:16]
DONE Weekly Leads work
SCHEDULED: <2023-06-20 Tue 15:00> [2023-06-20 Tue 10:15]
2023-06-21 Wednesday
MEETING API Design Meeting work meeting
CLOCK: [2023-06-21 Wed 18:32]–[2023-06-21 Wed 19:42] => 1:10
[2023-06-21 Wed 18:32]
Incidents
All incident sources will come from the Datalake In the short term, sources like Secure Endpoint should be used. We will have a merge API that will use the incident summary.
Provisioning 1
specific values passed [done]
Provisioning 2
SCA integration [done]
Umbrella
@Mark …
2023-06-23 Friday
TODO Imprimer les documents de voyage work
SCHEDULED: <2023-06-22 Thu 14:15> [2023-06-23 Fri 12:03]