yogsototh/deft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deft/reports/FY23Q1-report.org
Yann Esposito (Yogsototh) 0110eee062
save
2024-02-01 15:16:14 +01:00

31 KiB
Raw Permalink Blame History

FY23Q1 Report

IROH

lead

Guillaume Buisson [23]

ctia [1]

between 3 and 4 months old

  • Revert "woke tool added (#1375)"
iroh [6]
  • A new script to update a record :created in ES #8574
  • NotificationRequest Service Design #8264

between 3 and 4 months old

  • Api insights compliance and tooling #8204
  • Revert "Initial API Insights support (#7938)" #8200
  • Initial API Insights support #7938
  • Initial Notification service developer documentation #8166
iroh-offsite-fy24 [15]
  • Added coffee section
  • Added Workstation
  • fixed time
  • Individual Presentations Schedule
  • Adding my retrospective
  • updated program
  • Changed the program
  • moved stuff
  • typo
  • Added schedule CS
  • Update program.org
  • Update program.org
  • Update README.org
  • Added schedule CS
  • Added Program
tenzin-config [1]

between 3 and 4 months old

  • Set the IROH API version #965

data

Mario Aquino [35]

iroh [29]
  • Incident Summary migration re-run #8597
  • Notification request uses paginated user search #8606
  • Add support for role-targetted notification #8557
  • Issue 8438/notification request phase 1 #8470
  • Fix flaky test #8521
  • Use int-req-ctx when calling post-bundle-import #8500
  • Use incident long-id for incident summary lookup #8489
  • Establish timeout limit for incident enrichment #8484
  • Use org virtual user for threat hunt enrichment enqueuing #8458
  • Prevent incident-summary ID patching #8468
  • Limit fields returned by Incident Summary Search #8435
  • Incident summary update migration #8416
  • Incident Summary search max page size increase #8414
  • Update Incident Summary #8386
  • Fix support for sorting on source or title #8392
  • Prevent caching Talos threat hunt if missing judgements #8357
  • Set default page size to 10, max to 25 for incident summary search #8344
  • Prevent empty threat data from saving with threat hunt status #8314
  • Add info logging for visibility into incident determination #8305
  • Incident Summary timestamp and search filters support #8262
  • Incident Summary modification timestamps #8229

between 3 and 4 months old

  • Async metrics doc #7774
  • [Bugfix] Enforce groups filtering when searching incident summaries #8211
  • Prepend bearer prefix if missing #8190
  • Fix CTIA auth parameter #8174
  • Incident Summary Migration (v2) #8167
  • Incident Summary Migration #8092
  • Developer doc for the migration task #8087
  • Issue 8081/configure incident summary index settings #8086
iroh-offsite-fy24 [1]
  • The Mario you know…
tenzin-config [5]
  • Rerun incident summary migration and update ES index #1001
  • Enable incident summary update migration #983
  • Config for incident summary date migration #968

between 3 and 4 months old

  • Adds incident summary migration #958
  • Removes refresh parameter from incident summary index config #948

Guillaume Erétéo [26]

ctia [2]
  • Incident status disposition #1389
  • Update CODEOWNERS #1387
iroh [15]
  • entitlement-enforcement-jobs-service in default #8612
  • incident status_disposition #8587
  • introduce admin common web service for cisco services #8573
  • speed up listing of entilements #8516
  • Update CODEOWNERS #8524
  • Add entitlement summaries endpoint for external policy enforcement jobs #8508
  • ductile 0.4.8 #8453
  • XDR intel retention design #8153
  • Manual Data Deletion of Private Intel Data #8384

between 3 and 4 months old

  • SE and SCA stats #8154
  • Eventually fix incident report flaky test 2 #8171
  • Draft of proposals for migrating enrichment to CONURE #7983
  • Ductile 0.4.7 #8120
  • fix flaky test on incident summary report #8083
  • aliased ES tk-store #7822
iroh-offsite-fy24 [3]
  • fix
  • typos
  • ge
tenzin-config [6]
  • fix config path in README.md #1000

between 3 and 4 months old

  • add back incident in public intel #960
  • disable unsused private/public stores #959
  • wip #951
  • rename incident summary index for new params #950
  • add write alias and rollover #949

Ambrose Bonnaire-Sergeant [23]

ctia [4]
  • New bundle/import option: merge previous incident tactics/techniques #1388
  • Patch existing entities in POST /bundle/import #1383
  • Fix memory leak #1382

between 3 and 4 months old

  • Do not init disabled stores #1379
iroh [6]
  • Enable entity patching in POST /private-intel/bundle/import #8492
  • Fix bad bulk call #8333
  • PATCH /bundle/import pass-thru route #8128
  • Fix memory leak #8243

between 3 and 4 months old

  • Add missing bearer in incident summary #8183
  • Revert "Fix CTIA auth parameter" #8182
iroh-offsite-fy24 [13]
  • Merge branch 'main' of github.com:advthreat/iroh-offsite-fy24
  • wip
  • successes
  • leak
  • 120
  • plumbing
  • flaky
  • stuff
  • schema
  • assess
  • me
  • stuff
  • start

integrations

Matthieu Sprunck [12]

iroh [5]
  • StackOverflowError temporary fix #8607
  • Allow any header name in the remote module auth configuration #8529
  • Add ciscoxdr as a valid Feedback source #8515
  • Fix Duo Admin API Auth (sigv2) for POST requests #8330
  • Remote module: Remove duplicate / in generated URLs #8095
tenzin-config [7]
  • Configure new CSC domain in the provisioning service #988
  • New CSC domain for TEST #987
  • Add missing config to ExtraHop module record #974
  • IROH Proxy config for ExtraHop integration #973
  • Disable all relay apis in the Duo module #971
  • Configure the IROH Proxy for the Duo module #969

between 3 and 4 months old

  • IROH Proxy configuration for PAN Cortex XDR #947

Kirill Chernyshov [24]

iroh [20]
  • Add draft design for IROH Events data retention #8585
  • Fix shutdown process of Kafka Consumer #8558
  • Fixes for CTIA Transfer service #8552
  • Transfer CTIA Events #8514
  • Tiny fix for EventWebservice router #8493
  • Handle a case when no include-filters given #8405
  • Replace symbols in random nonce #8374
  • Add :client-credentials-basic-rfc auth type #8367
  • Add new authentication scheme #8353
  • Add automation events and adjust filters #8349
  • Add include query parameter to incident events #8331
  • Fix sorting for incident events #8317
  • Revert changes to events/search endpoint #8292
  • Deduplicate incident events + note events #8282
  • Trim incident keys to match response schema #8273
  • Fix double uri encoding during passing through parameter to PrivateIntel #8269
  • Add PrivateIntelEventService to default-bootstrap.cfg #8267
  • Add API endpoint to combine events from IROH and PrivateIntel #8245

between 3 and 4 months old

  • Create events for incidents #8162
  • Replace kpow with akhq for kafka cluster ops #8206
tenzin-config [4]
  • Use strict rfc auth method for ExtraHop module #977
  • Fix typo #976
  • Configure Palo Alto Cortex proxy #975

between 3 and 4 months old

  • [TEST, PROD] Enable Kafka services #944

Shafiq [11]

iroh [9]
  • Update iroh-event developer doc #8596
  • Add x-sort header to support search_after pagination #8586
  • Identify trusted service to service req for SE #8495
  • Add error log for unsuccessful proxy health checks #8442
  • Include module flags with proxy-endpoints-metadata response #8439
  • Support Darktrace authentication for IROH-Proxy #8385
  • Generate error message with applied url-template #8332
  • Generate appropriate errors for invalid url template #8322
  • Implement proxy health checks for Relay modules #8250
tenzin-config [2]
  • Add darktrace module #985

between 3 and 4 months old

  • Update rollover settings for iroh-event datastream #946

auth

bartuka [41]

iroh [23]
  • [IROH Auth] Add support to accept IROH Auth JWTs and External JWTs in a WebService #8528
  • [IROH Auth] bump ring-jwt-middleware to 1.1.5 #8568
  • [IROH Auth] check entitlements schema in universal piam flow #8560
  • [IROH Auth] fix check of allowed-origins for registration_redirect query param #8559
  • [IROH Auth] move oauth2-jwkset to jwks-svc #8534
  • [IROH Auth] - Expose universal-provisioning-web-service #8499
  • [IROH Auth] move is-trusted-clients? to OAuth2ClientService #8502
  • [IROH Auth] add UniversalProvisioningService #8459
  • [IROH Auth] Add support to use jwt-pubkey-fn to IROH Web #8450
  • [IROH Auth] add JWKSService with cache-jwks and get-public-keys methods #8449
  • [IROH Auth] Universal Provisioning Flow - Design #8300
  • fix webhook schemas for GET search #8379
  • [IROH Auth] Add allow-all-role-to-login to /profile/accounts #8271
  • [IROH Auth] Get create_org query-param from origin at the /login endpoint #8316
  • [IROH Auth] Add create-org query-param to show Create org options in Reg UI #8308
  • [IROH Auth] make AO scope public #8223

between 3 and 4 months old

  • Revert "[IROH Auth] Add insights:read scope to be visible to Admin … #8225
  • [IROH Auth] Add insights:read scope to be visible to Admin and Master users #8186
  • [IROH Auth] add insights root scope #8185
  • [IROH Auth] emit event on entitlement change #8164
  • Design doc to webhook support on Entitlement create/update #8112
  • NewEvent :created-at is optional for IROH internal calls and mandatory to HTTP events #8121
  • [IROH Auth] Support XDR signup-url #8117
iroh-offsite-fy24 [4]
  • Merge remote-tracking branch 'refs/remotes/origin/main'
  • sync
  • fix
  • retro
ring-jwt-middleware [11]
  • add test case
  • update readme
  • fix schema
  • log the full jwt when error
  • use the default value
  • fix tests by adding post-jwt-format-fn-arg-fn to config and schema
  • fix all tests by changing the output of decode
  • Merge pull request #28 from threatgrid/pubkey-fn-arg-fn
  • fix config_test
  • add test case
  • initial commit
tenzin-config [3]
  • add new automation hosts to webhook runner #979
  • update help-url #967

between 3 and 4 months old

  • config to support signup-url xdr #955

Yann Esposito [63]

iroh [22]
  • Generalize default indexes for data retention #8598
  • [Data Retention Policy]: Delete incident summaries along incident #8576
  • [Provisioning] Introduce product-instance-id #8577
  • Simply wait a lot more for ES to sync #8553
  • Quick fix on the IROH login page #8564
  • Prevent org duplication during provisioning #8556
  • Declared scopes tree #8537
  • Improve constraints against Entitlements #8525
  • Fix admin route to support combinators #8377
  • Data Retention endpoint returns immediately #8486
  • Data retention policy enforcement #8431
  • PIAM: Support filtered out onboardings #8275
  • Improved entitlement doc #8261
  • Expose XDR-enabled? SX-enabled? on whoami #8274

between 3 and 4 months old

  • Fix a URL detection from HTML #8165
  • Revert "Incident Summary Migration" #8163
  • [Monetization]: Fix business logic of data retention #8142
  • Allow braces with iroh-core/strint #8051
  • Remove SecureX branding and attempt to match SCSO branding for invitation and OAuth2 authorization #8111
  • [Registration UI]: Reword to remove SX reference #8110
  • Entitlement summary technical values #8094
  • [PIAM] Make enterprise id mandatory for piam #8069
iroh-offsite-fy24 [2]
  • Update content + reveal
  • Initial commit
iroh-scripts [21]
  • add scope to a client
  • Help support cider
  • add admin to org
  • Improved descriptions
  • promote-to-master script
  • Fix and small improvements
  • Improve robustness
  • Scripts for admin
  • client-pass
  • Improve scripting lib
  • improve error message
  • small rename improved search
  • add search
  • improve + new scripts
  • Provision orgs for developers with some fixed entitlements
  • attempt 2
  • Attempt to fix links in README
  • Improve README.org
  • create an admin util ns
  • add a nice example with get-client.sh
  • initial commit with an example
ring-jwt-middleware [4]
  • Version 1.1.6-SNAPSHOT
  • Version 1.1.5
  • v1.1.5-SNAPSHOT
  • Version 1.1.4
tenzin-config [4]
  • increase rate limit for lab #992
  • Typo fix #989 #991
  • Declare missing service #990
  • Configure Enforce Entitlement Jobs service #989
xdr-provisioning [10]
  • fix exit
  • prevent duplicate onboard calls

between 3 and 4 months old

  • Add a script to cleanup test accounts
  • rename script and improve error
  • minor improvement
  • fix ISO code to use 2 chars only
  • use the env from the table
  • fix tsv-to-commands.sh
  • add tsv-to-commands.sh
  • add an option to force di and csc onboarding even for org upgrade

Olivier Barbeau [29]

iroh [27]
  • Implement Module Instance service event handler #8592
  • Updates to the design 'entitlement changes for integration modules' #8541
  • E8388: add new module-instance events, register Module Instance service as handler #8547
  • E8388: Issue 8531 add state to module instance schema #8544
  • Issue 8389 design entitlement changes for integration modules #8510
  • More modules restrictions tests #8411
  • Modules restrictions: Fix missing known exception #8380
  • Apply entitlements to the IntService #8350
  • Apply entitlements to the ModuleInstance API #8327
  • Clear reason of error when creating a module instance with wrong module type #8320
  • Apply entitlements to the ModuleType API #8303
  • Update search-module-types-response with combinator search query #8290
  • Stores optimization: Update search-module-instances-internal with combinator search query #8287
  • fix test: use two stores #8285
  • Stores optimization: modify load-module-instances and load-module-types #8281
  • [Cleanup] Remove the :xdr-roles feature flag #8205
  • [Cleanup] Remove the :merge-users-by-email feature flag #8198
  • [Cleanup] Remove the :registration feature flag #8199

between 3 and 4 months old

  • Annotated diagram for check_node_types.clj #8133
  • Increases the time allocated to node start-up #8125
  • [IROH configuration]: Checks that each IROH node type starts correctly #8043
  • fix format-style args logs #8119
  • Adapt OrgAccessRequest to XDR #8108
  • Redirect invited user to XDR #8105
  • Duplicate one-click-module-service in bootstrap #8071
  • Start node with type and env #8085
  • matrix config for in-isolation tests #8082
iroh-offsite-fy24 [1]
  • Olivier's retro
tenzin-config [1]

between 3 and 4 months old

  • add first-url for both SX and XDR #952

(Yogsototh) [37]

iroh-offsite-fy24 [2]
  • Update content + reveal
  • Initial commit
iroh-scripts [21]
  • add scope to a client
  • Help support cider
  • add admin to org
  • Improved descriptions
  • promote-to-master script
  • Fix and small improvements
  • Improve robustness
  • Scripts for admin
  • client-pass
  • Improve scripting lib
  • improve error message
  • small rename improved search
  • add search
  • improve + new scripts
  • Provision orgs for developers with some fixed entitlements
  • attempt 2
  • Attempt to fix links in README
  • Improve README.org
  • create an admin util ns
  • add a nice example with get-client.sh
  • initial commit with an example
ring-jwt-middleware [4]
  • Version 1.1.6-SNAPSHOT
  • Version 1.1.5
  • v1.1.5-SNAPSHOT
  • Version 1.1.4
xdr-provisioning [10]
  • fix exit
  • prevent duplicate onboard calls

between 3 and 4 months old

  • Add a script to cleanup test accounts
  • rename script and improve error
  • minor improvement
  • fix ISO code to use 2 chars only
  • use the env from the table
  • fix tsv-to-commands.sh
  • add tsv-to-commands.sh
  • add an option to force di and csc onboarding even for org upgrade

iroh-ops

Jerome Schneider [3]

iroh-offsite-fy24 [3]
  • Jerome: last minute changes
  • add percentages for my day look like
  • add personal presentation

[0]

Other

Other

Robert Levy [5]

iroh [4]
  • change description, title, etc on incident status tile #8362
  • change format of incident-status tile to horizontal bar chart #8345

between 3 and 4 months old

  • null the top-level data key when no rows in ctia datatable tiles #8143
  • when rows null, data.data should be null #8130
tenzin-config [1]
  • Revert "Adds cache configuration for CrowdStrike (#1002)" #1005

Eric Gierach [6]

iroh [6]
  • bumping iroh-engine to 0.15.13 #8520
  • bumping iroh-engine to 0.15.12 #8509
  • Update iroh-engine dep to 0.15.11 #8460
  • updating iroh-engine to 0.15.10 #8295

between 3 and 4 months old

  • updating to iroh-engine 0.15.9 to fix query params #8232
  • updating iroh-engine to 0.15.8 to fix wait_for query param #8224

II [9]

ctia [1]
  • Bumps CTIM version to 1.3.10 #1385
iroh [7]
  • 8496 - relay module token cache #8580
  • Issue 8456 - Uses string instead of regex fake route to fix flaky test #8462
  • Only returns proxy endpoint metadata when v2 is configured #8447
  • 8239 migrate umbrella routes #8247
  • Issue 8383 ao header ids #8433
  • Issue 8429 bump ctim version darktrace #8430

between 3 and 4 months old

  • 8114 - API proxy for Umbrella v2 routes #8228
tenzin-config [1]
  • Adds cache configuration for CrowdStrike #1002

Devin Walters [4]

tenzin-config [4]
  • Add port 443 to ctia base urls #996
  • Add the rest of playbook environment configs #981
  • Add TEST config for playbook service #980
  • Initial playbook config #972

Cisco [1]

iroh-offsite-fy24 [1]
  • Olivier's retro

Ag Ibragimov [1]

ctia [1]
  • Filter incidents on timestamp not created #1377

[9]

ctia [1]
  • Bumps CTIM version to 1.3.10 #1385
iroh [7]
  • 8496 - relay module token cache #8580
  • Issue 8456 - Uses string instead of regex fake route to fix flaky test #8462
  • Only returns proxy endpoint metadata when v2 is configured #8447
  • 8239 migrate umbrella routes #8247
  • Issue 8383 ao header ids #8433
  • Issue 8429 bump ctim version darktrace #8430

between 3 and 4 months old

  • 8114 - API proxy for Umbrella v2 routes #8228
tenzin-config [1]
  • Adds cache configuration for CrowdStrike #1002

Andrew Parisi [3]

tenzin-config [3]
  • [data-retention/update-entitlement-route-information] #1004
  • [gh-607/mark-sightings-internal-based-on-module-type-map-fix-mistake] #984
  • conure-607/mark-sightings-internal-based-on-module-type-map #982

shafjama [1]

iroh-offsite-fy24 [1]
  • Last minute

Scott McLeod [8]

iroh [8]
  • Filter out empty xdr-org summary reports #8472
  • XDR Org Incident Stats Summaries #8441
  • Tansform aggregate service to accept a list of AggQuery #8387
  • Add summary stats #8348
  • Add enterprise-id to incident report #8258

between 3 and 4 months old

  • Add percentiles aggregation #8197
  • Add stats aggregation #8189
  • Update Incident Report Service schemas #8159

Matthieu Sprunck [1]

iroh-offsite-fy24 [1]
  • Matthieu's retro

Patrick Patat [1]

iroh-offsite-fy24 [1]
  • add presentation

t2sw [2]

ctia [1]
  • Update CODEOWNERS #1390
iroh [1]
  • add new endpoint for role service to query roles by an org id; update… #8364

Jerome Schneider [1]

iroh [1]
  • Upgrade riemann server (#8253) #8254

Brooke Swanson [1]

tenzin-config [1]
  • Up distributor worker counts for test and prod. #993

Jillian Flook [1]

tenzin-config [1]
  • update dashboard UserResearchCTA #997

(msprunck) [1]

iroh-offsite-fy24 [1]
  • Matthieu's retro

Pawan Bahuguna [2]

tenzin-config [2]
  • Updated Playbook URL in all regions #998
  • SXOPS-937 Add New Services #995

James Brock [1]

easy-purescript-nix [1]
  • Upgrades