1309 lines
68 KiB
Org Mode
1309 lines
68 KiB
Org Mode
#+title: FY23Q3 Report
|
|
#+subtitle: logs goes 4 months back
|
|
#+date: 2023-05-03
|
|
#+options: H:6 ^:nil
|
|
* IROH
|
|
** lead
|
|
|
|
|
|
*** Guillaume Buisson [25]
|
|
|
|
**** ctia [5]
|
|
|
|
- Fixed Riemann ES configuration [[https://github.com/advthreat/ctia/pull/1360][#1360]]
|
|
- Allow setting ~allow_partial_search_results~ in ES queries [[https://github.com/advthreat/ctia/pull/1359][#1359]]
|
|
- Bump CTIM to 1.3.6 [[https://github.com/advthreat/ctia/pull/1355][#1355]]
|
|
- Note Entity API changes [[https://github.com/advthreat/ctia/pull/1342][#1342]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- CTIM Note entity Support [[https://github.com/advthreat/ctia/pull/1330][#1330]]
|
|
**** iroh [16]
|
|
|
|
- Initial Incident Response Design Draft [[https://github.com/advthreat/iroh/pull/7398][#7398]]
|
|
- Fix Target enrichment feature flag check [[https://github.com/advthreat/iroh/pull/7740][#7740]]
|
|
- Bump clj-momo to 0.4.0 [[https://github.com/advthreat/iroh/pull/7723][#7723]]
|
|
- Update Orchestration Workflow Event fixtures [[https://github.com/advthreat/iroh/pull/7677][#7677]]
|
|
- Observe-Targets route Enhancements [[https://github.com/advthreat/iroh/pull/7668][#7668]]
|
|
- Temporary implementation of observe-targets in the Relay module [[https://github.com/advthreat/iroh/pull/7656][#7656]]
|
|
- Revert "Enrich WebService route"
|
|
- Revert "Initial WebService for testing"
|
|
- Initial WebService for testing
|
|
- Enrich WebService route
|
|
- Additional Note/Event sample data [[https://github.com/advthreat/iroh/pull/7654][#7654]]
|
|
- Support the Note Entity in Private Intel [[https://github.com/advthreat/iroh/pull/7605][#7605]]
|
|
- Mitre and Risk Score based Incidents Review [[https://github.com/advthreat/iroh/pull/6990][#6990]]
|
|
- Properly define the OpenAPI metadata for the Enrich API [[https://github.com/advthreat/iroh/pull/7532][#7532]]
|
|
- Unhide Swagger UI Responses [[https://github.com/advthreat/iroh/pull/7529][#7529]]
|
|
- Updated Note designs [[https://github.com/advthreat/iroh/pull/7508][#7508]]
|
|
**** tenzin-config [4]
|
|
|
|
- Add the SXO clients to the High Impact allowed sources [[https://github.com/advthreat/tenzin-config/pull/876][#876]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- CTIA Note Entity setup [[https://github.com/advthreat/tenzin-config/pull/836][#836]]
|
|
- Disable the Kafka Event Hook for Private Intel [[https://github.com/advthreat/tenzin-config/pull/835][#835]]
|
|
- Double the rate limit of the dcloud organization [[https://github.com/advthreat/tenzin-config/pull/824][#824]]
|
|
** data
|
|
|
|
|
|
*** Mario Aquino [30]
|
|
|
|
**** iroh [17]
|
|
|
|
- Add audiences to client [[https://github.com/advthreat/iroh/pull/7812][#7812]]
|
|
- OrgTokenProviderService [[https://github.com/advthreat/iroh/pull/7731][#7731]]
|
|
- Handle additional variation on mitre-attack source_name [[https://github.com/advthreat/iroh/pull/7755][#7755]]
|
|
- Match on mitre-attack as source_name to find variations [[https://github.com/advthreat/iroh/pull/7754][#7754]]
|
|
- Remove high impact severity checking [[https://github.com/advthreat/iroh/pull/7580][#7580]]
|
|
- Iterate over all orgs for threat hunt execution [[https://github.com/advthreat/iroh/pull/7601][#7601]]
|
|
- Check authorization header [[https://github.com/advthreat/iroh/pull/7597][#7597]]
|
|
- Fix test broken by missing auth header [[https://github.com/advthreat/iroh/pull/7588][#7588]]
|
|
- Use mk-int-request-context for calls that may go to modules [[https://github.com/advthreat/iroh/pull/7587][#7587]]
|
|
- Improve logging for risk score asset resolution [[https://github.com/advthreat/iroh/pull/7581][#7581]]
|
|
- Update CTIM to align w version used by CTIA [[https://github.com/advthreat/iroh/pull/7576][#7576]]
|
|
- Reduce threat hunt ctia investigate module timeouts [[https://github.com/advthreat/iroh/pull/7527][#7527]]
|
|
- Error handling around risk score calculation attempt [[https://github.com/advthreat/iroh/pull/7512][#7512]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Replace unsupported trojan source detector [[https://github.com/advthreat/iroh/pull/7481][#7481]]
|
|
- Service interface tech-debt [[https://github.com/advthreat/iroh/pull/7475][#7475]]
|
|
- One iroh-async session queue for all tasks [[https://github.com/advthreat/iroh/pull/7472][#7472]]
|
|
- CTIM v1.2.0 [[https://github.com/advthreat/iroh/pull/7459][#7459]]
|
|
**** tenzin-config [13]
|
|
|
|
- Enable config for incident enrichment [[https://github.com/advthreat/tenzin-config/pull/880][#880]]
|
|
- Removes AWS Auth credentials no longer needed by queue-monitor [[https://github.com/advthreat/tenzin-config/pull/867][#867]]
|
|
- Update async worker count for new server specs [[https://github.com/advthreat/tenzin-config/pull/861][#861]]
|
|
- AWS Credentials for CloudWatch interaction [[https://github.com/advthreat/tenzin-config/pull/842][#842]]
|
|
- Remove configs to allow threat hunting for all orgs [[https://github.com/advthreat/tenzin-config/pull/853][#853]]
|
|
- Make all incidents imported via Swagger UI high impact [[https://github.com/advthreat/tenzin-config/pull/847][#847]]
|
|
- Remove iroh-investigate and iroh-incident configs [[https://github.com/advthreat/tenzin-config/pull/837][#837]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Use correct urls for PROD iroh [[https://github.com/advthreat/tenzin-config/pull/832][#832]]
|
|
- Updates sessions-config for iroh-investigate and iroh-incident [[https://github.com/advthreat/tenzin-config/pull/826][#826]]
|
|
- iroh-queue-monitor config update [[https://github.com/advthreat/tenzin-config/pull/820][#820]]
|
|
- Increases number of threat hunt orgs [[https://github.com/advthreat/tenzin-config/pull/812][#812]]
|
|
- Redis for iroh-async [[https://github.com/advthreat/tenzin-config/pull/815][#815]]
|
|
- Adds config for iroh-async deployment group
|
|
|
|
*** Guillaume Erétéo [16]
|
|
|
|
**** ctia [6]
|
|
|
|
- add total-hits headers to metric responses [[https://github.com/advthreat/ctia/pull/1363][#1363]]
|
|
- add tactics/techniques to incident search filters [[https://github.com/advthreat/ctia/pull/1356][#1356]]
|
|
- Incident score schema check [[https://github.com/advthreat/ctia/pull/1353][#1353]]
|
|
- Relationships: add target_ref and source_ref as enumerable field [[https://github.com/advthreat/ctia/pull/1354][#1354]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- verdict fix [[https://github.com/advthreat/ctia/pull/1333][#1333]]
|
|
- add techniques to enumerable fields [[https://github.com/advthreat/ctia/pull/1331][#1331]]
|
|
**** iroh [5]
|
|
|
|
- introduce aggregation in crud store [[https://github.com/advthreat/iroh/pull/7734][#7734]]
|
|
- Add Scott to CODEOWNERS [[https://github.com/advthreat/iroh/pull/7782][#7782]]
|
|
- first stats [[https://github.com/advthreat/iroh/pull/7765][#7765]]
|
|
- Incident summary design [[https://github.com/advthreat/iroh/pull/7704][#7704]]
|
|
- threat hunt status incident status Open [[https://github.com/advthreat/iroh/pull/7709][#7709]]
|
|
**** tenzin-config [5]
|
|
|
|
- Activate scoring in TEST and PROD for 1.116 [[https://github.com/advthreat/tenzin-config/pull/851][#851]]
|
|
- Add PCTIA as high impact by default [[https://github.com/advthreat/tenzin-config/pull/849][#849]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- update incident mappings [[https://github.com/advthreat/tenzin-config/pull/822][#822]]
|
|
- IROH Swagger UI to high impact sources [[https://github.com/advthreat/tenzin-config/pull/830][#830]]
|
|
- prepare actor migration [[https://github.com/advthreat/tenzin-config/pull/814][#814]]
|
|
|
|
*** Ambrose Bonnaire-Sergeant [11]
|
|
|
|
**** ctia [7]
|
|
|
|
- Push sighting store's coercion pattern into def-es-store [[https://github.com/advthreat/ctia/pull/1361][#1361]]
|
|
- Remove log4j [[https://github.com/advthreat/ctia/pull/1347][#1347]]
|
|
- Fix bulk relationships between transient asset mappings/fields [[https://github.com/advthreat/ctia/pull/1343][#1343]]
|
|
- Filter by scores test [[https://github.com/advthreat/ctia/pull/1341][#1341]]
|
|
- Scores dynamic mapping [[https://github.com/advthreat/ctia/pull/1340][#1340]]
|
|
- Don't mix user params with internal extensions [[https://github.com/advthreat/ctia/pull/1339][#1339]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Sort on incident score [[https://github.com/advthreat/ctia/pull/1327][#1327]]
|
|
**** iroh [4]
|
|
|
|
- new incident scores format [[https://github.com/advthreat/iroh/pull/7578][#7578]]
|
|
- Strip ctia keys [[https://github.com/advthreat/iroh/pull/7521][#7521]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Improve stubservice error messages [[https://github.com/advthreat/iroh/pull/7478][#7478]]
|
|
- Prep Mia for incident scoring impl [[https://github.com/advthreat/iroh/pull/7397][#7397]]
|
|
** integrations
|
|
|
|
|
|
*** Matthieu Sprunck [32]
|
|
|
|
**** iroh [17]
|
|
|
|
- E7469: Event API extension design [[https://github.com/advthreat/iroh/pull/7462][#7462]]
|
|
- Implements OR, AND, NOT boolean combinators for ElasticSearch [[https://github.com/advthreat/iroh/pull/7752][#7752]]
|
|
- Add a dedicated IROH Auth configuration to Swagger [[https://github.com/advthreat/iroh/pull/7738][#7738]]
|
|
- Remote: Return an error when tiles/data is not supported [[https://github.com/advthreat/iroh/pull/7732][#7732]]
|
|
- Remove support for access token in Swagger UI [[https://github.com/advthreat/iroh/pull/7729][#7729]]
|
|
- Remote: IROH Proxy handler should not be called in case of errors [[https://github.com/advthreat/iroh/pull/7717][#7717]]
|
|
- Add missing dependency to int-web-service [[https://github.com/advthreat/iroh/pull/7712][#7712]]
|
|
- Configures ModuleRecords with a map [[https://github.com/advthreat/iroh/pull/7690][#7690]]
|
|
- Bump to CTIM 1.3.7 [[https://github.com/advthreat/iroh/pull/7696][#7696]]
|
|
- Create High Impact incident event [[https://github.com/advthreat/iroh/pull/7679][#7679]]
|
|
- Bump to CTIM 1.3.5 [[https://github.com/advthreat/iroh/pull/7642][#7642]]
|
|
- Add new High Impact Incident event types [[https://github.com/advthreat/iroh/pull/7606][#7606]]
|
|
- Bump to CTIM 1.3.4 [[https://github.com/advthreat/iroh/pull/7626][#7626]]
|
|
- Bump to CTIM 1.3.3 [[https://github.com/advthreat/iroh/pull/7616][#7616]]
|
|
- Allow settings prefixed by custom_ to be derived in proxy config [[https://github.com/advthreat/iroh/pull/7509][#7509]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Fix client credentials auth for CrowdStrike integration [[https://github.com/advthreat/iroh/pull/7502][#7502]]
|
|
- Add API Key auth type to the Relay module [[https://github.com/advthreat/iroh/pull/7488][#7488]]
|
|
**** tenzin-config [15]
|
|
|
|
- Revert "Revert "Remove support for access token in Swagger UI (#868)" (#871)" [[https://github.com/advthreat/tenzin-config/pull/874][#874]]
|
|
- Allow SXO internal hosts for webhook calls [[https://github.com/advthreat/tenzin-config/pull/872][#872]]
|
|
- Revert "Remove support for access token in Swagger UI (#868)" [[https://github.com/advthreat/tenzin-config/pull/871][#871]]
|
|
- Remove invalid module configuration keys [[https://github.com/advthreat/tenzin-config/pull/870][#870]]
|
|
- Remove support for access token in Swagger UI [[https://github.com/advthreat/tenzin-config/pull/868][#868]]
|
|
- Remove one-click-module services from iroh application [[https://github.com/advthreat/tenzin-config/pull/865][#865]]
|
|
- Change the IROH modules configuration format [[https://github.com/advthreat/tenzin-config/pull/864][#864]]
|
|
- Change Orbital URL in TEST [[https://github.com/advthreat/tenzin-config/pull/848][#848]]
|
|
- Remove the tiles APIs from the Orbital module record [[https://github.com/advthreat/tenzin-config/pull/845][#845]]
|
|
- Add CrowdStrike proxy configuration [[https://github.com/advthreat/tenzin-config/pull/841][#841]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Fix SentinelOne module record conf [[https://github.com/advthreat/tenzin-config/pull/834][#834]]
|
|
- Support of IROH Proxy for SentinelOne [[https://github.com/advthreat/tenzin-config/pull/828][#828]]
|
|
- Revert connection manager changes in PROD (2nd attempt) [[https://github.com/advthreat/tenzin-config/pull/827][#827]]
|
|
- Revert changes in PROD and reduce nb of threads in INT and TEST [[https://github.com/advthreat/tenzin-config/pull/825][#825]]
|
|
- Increase the number of threads used by the connection manager of the Relay module [[https://github.com/advthreat/tenzin-config/pull/823][#823]]
|
|
|
|
*** Kirill Chernyshov [11]
|
|
|
|
**** ctia [2]
|
|
|
|
- Exception handling for bundle export [[https://github.com/advthreat/ctia/pull/1351][#1351]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Default "no-pagination" for feed [[https://github.com/advthreat/ctia/pull/1336][#1336]]
|
|
**** iroh [9]
|
|
|
|
- Fix configuration option for event signer [[https://github.com/advthreat/iroh/pull/7777][#7777]]
|
|
- Add signer options for EventService [[https://github.com/advthreat/iroh/pull/7776][#7776]]
|
|
- Simplify kafka-producer integration test [[https://github.com/advthreat/iroh/pull/7769][#7769]]
|
|
- Send event from EventService to kafka topic [[https://github.com/advthreat/iroh/pull/7552][#7552]]
|
|
- Return promise after sending event to kafka [[https://github.com/advthreat/iroh/pull/7556][#7556]]
|
|
- IROH-crypto lib [[https://github.com/advthreat/iroh/pull/7544][#7544]]
|
|
- KafkaProducerService [[https://github.com/advthreat/iroh/pull/7524][#7524]]
|
|
- Introduce iroh-kafka library [[https://github.com/advthreat/iroh/pull/7505][#7505]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Remove Onyx and Aeron services [[https://github.com/advthreat/iroh/pull/7489][#7489]]
|
|
|
|
*** Shafiq [5]
|
|
|
|
**** iroh [4]
|
|
|
|
- Add create-event HTTP API [[https://github.com/advthreat/iroh/pull/7557][#7557]]
|
|
- Add search endpoint for iroh-events [[https://github.com/advthreat/iroh/pull/7528][#7528]]
|
|
- Add integration test-case for iroh-events search [[https://github.com/advthreat/iroh/pull/7513][#7513]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Separate event-handlers from EventNotifierService [[https://github.com/advthreat/iroh/pull/7437][#7437]]
|
|
**** tenzin-config [1]
|
|
|
|
- Configure internal-event-web-service [[https://github.com/advthreat/tenzin-config/pull/844][#844]]
|
|
** auth
|
|
|
|
|
|
*** Olivier Barbeau [23]
|
|
|
|
**** iroh [22]
|
|
|
|
- fix http status code [[https://github.com/advthreat/iroh/pull/7838][#7838]]
|
|
- Rework of the script ~check-changelog-update-time~ [[https://github.com/advthreat/iroh/pull/7658][#7658]]
|
|
- RBAC: additional XDR tests [[https://github.com/advthreat/iroh/pull/7634][#7634]]
|
|
- GitHub Actions: do test coverage only once [[https://github.com/advthreat/iroh/pull/7607][#7607]]
|
|
- Increase Java Heap size for code coverage - Github Actions workflow [[https://github.com/advthreat/iroh/pull/7585][#7585]]
|
|
- add workdir for the check [[https://github.com/advthreat/iroh/pull/7573][#7573]]
|
|
- disable test [[https://github.com/advthreat/iroh/pull/7566][#7566]]
|
|
- Fail build if html not updated [[https://github.com/advthreat/iroh/pull/7559][#7559]]
|
|
- RBAC: enable the new XDR role 'Security Analyst Tier 2' [[https://github.com/advthreat/iroh/pull/7545][#7545]]
|
|
- Issue 7538 refactor of role retrieval [[https://github.com/advthreat/iroh/pull/7540][#7540]]
|
|
- automated 'revert role' operation with test [[https://github.com/advthreat/iroh/pull/7537][#7537]]
|
|
- RBAC: Retrocompatibility of the Provisioning API [[https://github.com/advthreat/iroh/pull/7507][#7507]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Refactor around ~ifn-pred~ [[https://github.com/advthreat/iroh/pull/7491][#7491]]
|
|
- set job timeouts to 90 minutes [[https://github.com/advthreat/iroh/pull/7506][#7506]]
|
|
- set job timeouts to 60 minutes [[https://github.com/advthreat/iroh/pull/7504][#7504]]
|
|
- Test coverage v2 [[https://github.com/advthreat/iroh/pull/7498][#7498]]
|
|
- wait for hook to be finished before testing [[https://github.com/advthreat/iroh/pull/7497][#7497]]
|
|
- Add test coverage report to the Iroh GitHub Actions workflow [[https://github.com/advthreat/iroh/pull/7453][#7453]]
|
|
- RBAC for Org Access Request [[https://github.com/advthreat/iroh/pull/7465][#7465]]
|
|
- Issue 7333 rbac invitation service [[https://github.com/advthreat/iroh/pull/7454][#7454]]
|
|
- RBAC: new XDR tests for login and oauth-clients [[https://github.com/advthreat/iroh/pull/7418][#7418]]
|
|
- Issue 7413 move steps out of setup job [[https://github.com/advthreat/iroh/pull/7414][#7414]]
|
|
**** tenzin-config [1]
|
|
|
|
- sets the ~:xdr-roles~ feature flag in INT and TEST [[https://github.com/advthreat/tenzin-config/pull/840][#840]]
|
|
|
|
*** (Yogsototh) [5]
|
|
|
|
**** xdr-provisioning [5]
|
|
|
|
- Improve help regarding setting env vars
|
|
- Improve the command line parsing
|
|
- rename script to .sh
|
|
- Add onboarding of DI and CSC
|
|
- Initial provisioning Script
|
|
|
|
*** bartuka [15]
|
|
|
|
**** iroh [13]
|
|
|
|
- [IROH Auth] introducing ~TimeService~ in ~AuthService~ [[https://github.com/advthreat/iroh/pull/7806][#7806]]
|
|
- [IROH Auth] allow only ~iroh-core.time~ in oauth2.core ns [[https://github.com/advthreat/iroh/pull/7793][#7793]]
|
|
- [IROH Auth] - Update IROH Web middleware to build short JWTs with profile data [[https://github.com/advthreat/iroh/pull/7671][#7671]]
|
|
- [IROH Auth] - update ~check-refresh-token~ function [[https://github.com/advthreat/iroh/pull/7669][#7669]]
|
|
- [IROH Auth] - Update Design docs for Short JWT Epic [[https://github.com/advthreat/iroh/pull/7670][#7670]]
|
|
- [IROH Auth] ~/profile/permissions~ endpoint [[https://github.com/advthreat/iroh/pull/7562][#7562]]
|
|
- Patch ~compojure-api~ to allow endpoints with string-keys (without keywordize the request ~:body~) [[https://github.com/advthreat/iroh/pull/7574][#7574]]
|
|
- [IROH Auth] Include route ~/profile/scopes~ [[https://github.com/advthreat/iroh/pull/7553][#7553]]
|
|
- [IROH Auth] - Store Short JWTs [[https://github.com/advthreat/iroh/pull/7476][#7476]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- [IROH Auth] refactor ~gen-short-tokens~ to avoid code duplication [[https://github.com/advthreat/iroh/pull/7485][#7485]]
|
|
- Allow wildcard login origin in TEST env [[https://github.com/advthreat/iroh/pull/7474][#7474]]
|
|
- [IROH Auth] Generate Short JWT tokens [[https://github.com/advthreat/iroh/pull/7450][#7450]]
|
|
- [IROH Auth] Short JWT design [[https://github.com/advthreat/iroh/pull/7436][#7436]]
|
|
**** tenzin [1]
|
|
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Update GPG Wanderson Ferreira [[https://github.com/advthreat/tenzin/pull/2648][#2648]]
|
|
**** tenzin-config [1]
|
|
|
|
- add postgres and redis-cache store for IROH Auth JWTs [[https://github.com/advthreat/tenzin-config/pull/839][#839]]
|
|
|
|
*** Yann Esposito [44]
|
|
|
|
**** ctia [1]
|
|
|
|
- bump snakeyaml to address CVE-2022-38751 [[https://github.com/advthreat/ctia/pull/1346][#1346]]
|
|
**** iroh [30]
|
|
|
|
- Add a missing option to disable default configs [[https://github.com/advthreat/iroh/pull/7805][#7805]]
|
|
- Add a script to init tokens without login in [[https://github.com/advthreat/iroh/pull/7794][#7794]]
|
|
- Fix schema for Response [[https://github.com/advthreat/iroh/pull/7804][#7804]]
|
|
- Add support to onboard a single app [[https://github.com/advthreat/iroh/pull/7796][#7796]]
|
|
- Add a role instrospection route to help the UI and other clients [[https://github.com/advthreat/iroh/pull/7785][#7785]]
|
|
- Fix scopes declaration for execute-workflow route [[https://github.com/advthreat/iroh/pull/7799][#7799]]
|
|
- Fix a Swagger bug due to schema name conflict [[https://github.com/advthreat/iroh/pull/7790][#7790]]
|
|
- Web api search improvements [[https://github.com/advthreat/iroh/pull/7728][#7728]]
|
|
- add profile and notification to ao-jwt [[https://github.com/advthreat/iroh/pull/7726][#7726]]
|
|
- Tk store combinator search queries (AND, OR, NOT) [[https://github.com/advthreat/iroh/pull/7691][#7691]]
|
|
- Fix a case where the body is =nil= [[https://github.com/advthreat/iroh/pull/7685][#7685]]
|
|
- Add xdr-instance-id field to the orgs [[https://github.com/advthreat/iroh/pull/7707][#7707]]
|
|
- PIAM: Provisioning onboard endpoint [[https://github.com/advthreat/iroh/pull/7659][#7659]]
|
|
- Add ff scope script [[https://github.com/advthreat/iroh/pull/7680][#7680]]
|
|
- added a script to add feature-flag scopes from command line [[https://github.com/advthreat/iroh/pull/7676][#7676]]
|
|
- prefer to use client from DB than client from config [[https://github.com/advthreat/iroh/pull/7672][#7672]]
|
|
- Align scopes to SXO behaviour [[https://github.com/advthreat/iroh/pull/7673][#7673]]
|
|
- fix lein start [[https://github.com/advthreat/iroh/pull/7663][#7663]]
|
|
- PIAM provisioning no idp-mapping for create user [[https://github.com/advthreat/iroh/pull/7655][#7655]]
|
|
- Default bootstrap & config [[https://github.com/advthreat/iroh/pull/6868][#6868]]
|
|
- Add Entitlements to Orgs [[https://github.com/advthreat/iroh/pull/7631][#7631]]
|
|
- Remove yaml to supported format for profile API [[https://github.com/advthreat/iroh/pull/7632][#7632]]
|
|
- Fix a flaky test in either_test.clj [[https://github.com/advthreat/iroh/pull/7610][#7610]]
|
|
- Role Matrix representation in the code. [[https://github.com/advthreat/iroh/pull/7583][#7583]]
|
|
- fix some wording only for admin users view [[https://github.com/advthreat/iroh/pull/7579][#7579]]
|
|
- Improve User login logs situation [[https://github.com/advthreat/iroh/pull/7555][#7555]]
|
|
- Added a composable redis.nix [[https://github.com/advthreat/iroh/pull/7535][#7535]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Fix template rendering during invite confirmation [[https://github.com/advthreat/iroh/pull/7480][#7480]]
|
|
- Display virtual users in the batch get users [[https://github.com/advthreat/iroh/pull/7473][#7473]]
|
|
- Add the UI session logout into IROH-Auth [[https://github.com/advthreat/iroh/pull/7431][#7431]]
|
|
**** tenzin [2]
|
|
|
|
- use iroh.main for all nodes types [[https://github.com/advthreat/tenzin/pull/2862][#2862]]
|
|
- Update iroh.job.jinja [[https://github.com/advthreat/tenzin/pull/2861][#2861]]
|
|
**** tenzin-config [6]
|
|
|
|
- fix missing iroh-async web-services [[https://github.com/advthreat/tenzin-config/pull/884][#884]]
|
|
- align iroh and iroh-async confs [[https://github.com/advthreat/tenzin-config/pull/883][#883]]
|
|
- Add CSC onboarding URLs [[https://github.com/advthreat/tenzin-config/pull/875][#875]]
|
|
- fix provisioning service [[https://github.com/advthreat/tenzin-config/pull/863][#863]]
|
|
- PIAM config change (+ boostrap cleanup) [[https://github.com/advthreat/tenzin-config/pull/677][#677]]
|
|
- add perf.orbital.threatgrid.com to allowed login origin [[https://github.com/advthreat/tenzin-config/pull/854][#854]]
|
|
**** xdr-provisioning [5]
|
|
|
|
- Improve help regarding setting env vars
|
|
- Improve the command line parsing
|
|
- rename script to .sh
|
|
- Add onboarding of DI and CSC
|
|
- Initial provisioning Script
|
|
** iroh-ops
|
|
|
|
|
|
*** Patrick Patat [19]
|
|
|
|
**** iroh-ops [18]
|
|
|
|
- Merge pull request #69 from advthreat/riemann-asg
|
|
- Merge pull request #66 from advthreat/pg-cname
|
|
- Merge pull request #65 from advthreat/minor-fix
|
|
- Merge pull request #64 from advthreat/vector-docker
|
|
- Merge pull request #63 from advthreat/asg-refresh
|
|
- Merge pull request #61 from advthreat/auto-deploy
|
|
- Merge pull request #60 from advthreat/webex-notif
|
|
- Merge pull request #57 from advthreat/qualys
|
|
- Merge pull request #56 from advthreat/dynamodb_backup
|
|
- Merge pull request #55 from advthreat/iroh-queue
|
|
- Merge pull request #52 from advthreat/nomad-job
|
|
- Merge pull request #54 from advthreat/vault-stats
|
|
- Merge pull request #48 from advthreat/vault-pki
|
|
- Merge pull request #47 from advthreat/nomad-docker-config
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Merge pull request #41 from advthreat/codebuild-fix
|
|
- Merge pull request #40 from advthreat/ansible-codebuild
|
|
- Merge pull request #37 from advthreat/fix-host
|
|
- Merge pull request #35 from advthreat/instances_route53
|
|
**** tenzin [1]
|
|
|
|
- allows iroh-ops dev platform to access redis [[https://github.com/advthreat/tenzin/pull/2755][#2755]]
|
|
|
|
*** Jerome Schneider [81]
|
|
|
|
**** iroh-ops [24]
|
|
|
|
- render s3 artefacts generic and create a releases bucket
|
|
- datadog: improve logging
|
|
- add vector support for os logging
|
|
- tf peering: don't peering public subnets
|
|
- Add Datadog agent on all instances and specific setup for Nomad and Consul
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- vpnator: remove cloudtrail support for the moment
|
|
- ansible: migrate jerschne on master
|
|
- iam_lambda_ec2_route53: re-add rights on EC2
|
|
- improve iam management and adapt Ansible for it
|
|
- tfw: manage correctly workspaces
|
|
- switch jerschne on ansible master
|
|
- Create a new env and manage terraform workspaces
|
|
- dev: cleaning configuration
|
|
- only one s3 bucket and dynamodb table per account for tfstates
|
|
- Ansible: add Mitogen to improve performances (issue #26)
|
|
- requirements.txt: add missing dependencies
|
|
- vim: add a vimrc example
|
|
- scripts/tfw: fixed json debugging message and exit message when it failed
|
|
- README is a markdown file
|
|
- README.md: fix path
|
|
- Migrate iroh-ops TF to Terraform Wrapper (tfw)
|
|
- Add a Terraform Wrapper (tfw) that improve Terraform var files
|
|
- ansible add a quick readme and a requirements.txt
|
|
- TF: add kafka support
|
|
**** tenzin [57]
|
|
|
|
- Upgrade TF AWS provider
|
|
- iroh-async: resize ASG and add downscaling support
|
|
- iroh: add iroh signer certificates
|
|
- ASG: Drain Nomad nodes before terminating instances
|
|
- PROD AP: allows iroh-queue-monitor to put metric in Cloudwatch
|
|
- PROD EU: allows iroh-queue-monitor to put metric in Cloudwatch
|
|
- PROD US: allows iroh-queue-monitor to put metric in Cloudwatch
|
|
- STAGE: allows iroh-queue-monitor to put metric in Cloudwatch
|
|
- TEST: allows iroh-queue-monitor to put metric in Cloudwatch
|
|
- INT: allows iroh-queue-monitor to put metric in Cloudwatch
|
|
- Terraform: configure vault provider
|
|
- iroh-async: resize instances and memory usage
|
|
- PROD EU: Conure add IAM policy
|
|
- PROD APJC: Conure add IAM policy
|
|
- PROD NAM: Conure add IAM policy
|
|
- STAGE: add Conure support
|
|
- TEST: add new Conure IAM role
|
|
- INT: add new Conure IAM role
|
|
- iroh allows iroh-internal.*.iroh.site domains
|
|
- add private-ctia-update-index-state on TEST,STAGE and PROD
|
|
- STAGE: add iroh-internal support
|
|
- PROD US: add iroh-internal support
|
|
- PROD EU: add iroh-internal support
|
|
- PROD APJC: add iroh-internal support
|
|
- TEST: add iroh-internal support
|
|
- INT: add iroh-internal support
|
|
- RDS PostgreSQL: force SSL connections by default
|
|
- add private-ctia-update-index-state job to update ES index mapping
|
|
- Iroh Async use custom metrics to scale
|
|
- remove iroh-tooling
|
|
- iroh-admin INT: revert breaking instance change
|
|
- Caddy private: allow es-metrics for iroh-ops
|
|
- allows iroh-ops dev platform to access to private caddy
|
|
- PostgreSQL Conure change instances for PROD and TEST
|
|
- add Conure RDS PostgreSQL on PROD and TEST
|
|
- PROD EU: destroy iroh-investigate and iroh-incident
|
|
- PROD APJC: destroy iroh-incident and iroh-investigate
|
|
- PROD NAM: remove iroh-incident and iroh-investigate
|
|
- TEST: destroy iroh-incident and iroh-investigate
|
|
- improve
|
|
- iroh-async: add downscaling!
|
|
- INT/TEST: fixed iroh-admin conf to allow iroh-queue-monitor
|
|
- INT: new RDS PostgreSQL for Conure
|
|
- INT: remove iroh-incident and iroh-investigate
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Nomad jobs: fix MaxParallel when auto scaling is enabled!
|
|
- iroh job: change the grace period from 120s to 180s
|
|
- iroh-queue-monitor: migrate it on full https and allow access from private rp
|
|
- elasticache: change creation timeout
|
|
- add dedicated Elasticache Redis for iroh-async
|
|
- PROD APJC: add iroh-async support
|
|
- PROD EU: add iroh-async support
|
|
- PROD US: add iroh-async support
|
|
- TEST: add iroh-async support
|
|
- add a new iroh-async to replace iroh-investigate and iroh-incident
|
|
- iroh-admin nomad job: extend grace delay and add one more status check
|
|
- prod US: this PR allows tier3 engineers to manage SES suppression list
|
|
- allow iroh-tooling to access to RDS PostgreSQL
|
|
* Other
|
|
** Other
|
|
|
|
|
|
*** krishna Ganugapenta [32]
|
|
|
|
**** tenzin [31]
|
|
|
|
- Mia Lehrer(milhrer) gpg key updated [[https://github.com/advthreat/tenzin/pull/2725][#2725]]
|
|
- Securex-news decommission from tenzin [[https://github.com/advthreat/tenzin/pull/2876][#2876]]
|
|
- ASG size bumped to negate excessive CPU useage [[https://github.com/advthreat/tenzin/pull/2869][#2869]]
|
|
- updated SG rules count for iroh-front-end [[https://github.com/advthreat/tenzin/pull/2866][#2866]]
|
|
- IAM policy to access cloudtrail logs s3 bucket [[https://github.com/advthreat/tenzin/pull/2840][#2840]]
|
|
- Fixing asea modules not in sync with AWS infra [[https://github.com/advthreat/tenzin/pull/2828][#2828]]
|
|
- logstash-cloudtrail versions updated in jobs.sls [[https://github.com/advthreat/tenzin/pull/2812][#2812]]
|
|
- IROH_ASYNC asg capacity increase [[https://github.com/advthreat/tenzin/pull/2813][#2813]]
|
|
- Logstash-cloudtrail filter settings have modified [[https://github.com/advthreat/tenzin/pull/2808][#2808]]
|
|
- Asea services tf modules removed from TEST to sync with AWS infra [[https://github.com/advthreat/tenzin/pull/2800][#2800]]
|
|
- tenzin-config files updated to intelligence app [[https://github.com/advthreat/tenzin/pull/2779][#2779]]
|
|
- Fixing logstash config file permission issue [[https://github.com/advthreat/tenzin/pull/2765][#2765]]
|
|
- Added read and write permission to logstash.yml [[https://github.com/advthreat/tenzin/pull/2763][#2763]]
|
|
- prestart task added to prevent permissions error [[https://github.com/advthreat/tenzin/pull/2762][#2762]]
|
|
- Added a new set variable for logstash-cloudtrail [[https://github.com/advthreat/tenzin/pull/2760][#2760]]
|
|
- Fixing logstash-cloudtrail nomad job config temp [[https://github.com/advthreat/tenzin/pull/2759][#2759]]
|
|
- Added a missing template for logstash-cloudtrail [[https://github.com/advthreat/tenzin/pull/2757][#2757]]
|
|
- Logstash-cloudtrail job to collect logs [[https://github.com/advthreat/tenzin/pull/2756][#2756]]
|
|
- XDR decommission from nomad cluster [[https://github.com/advthreat/tenzin/pull/2684][#2684]]
|
|
- SQS queue url fixed for logstash-cloudtrail nomad job [[https://github.com/advthreat/tenzin/pull/2710][#2710]]
|
|
- SQS queue url has got updated to logstash-cloudtrail job [[https://github.com/advthreat/tenzin/pull/2709][#2709]]
|
|
- filebeat and beats configuration updated [[https://github.com/advthreat/tenzin/pull/2707][#2707]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Removal of accesskey/secret key from logstash-cloudtrail job [[https://github.com/advthreat/tenzin/pull/2702][#2702]]
|
|
- Added vault policy to oss nodes to fix logstash-cloudtrail nomad job issue [[https://github.com/advthreat/tenzin/pull/2700][#2700]]
|
|
- Caddy port lable fix for logstash-cloudtrail job [[https://github.com/advthreat/tenzin/pull/2698][#2698]]
|
|
- Logstash job to retrieve cloudtrail logs from S3 [[https://github.com/advthreat/tenzin/pull/2696][#2696]]
|
|
- Enabled securex-ui-incidents for PROD [[https://github.com/advthreat/tenzin/pull/2650][#2650]]
|
|
- XDR shell app PROD config added [[https://github.com/advthreat/tenzin/pull/2624][#2624]]
|
|
- Conure DB access policy updated [[https://github.com/advthreat/tenzin/pull/2627][#2627]]
|
|
- xdr-apps configuration removed form caddy public [[https://github.com/advthreat/tenzin/pull/2649][#2649]]
|
|
- Caddy Path based routing changes reverted [[https://github.com/advthreat/tenzin/pull/2623][#2623]]
|
|
**** tenzin-config [1]
|
|
|
|
- Securex-news removal from tenzin and tenzin-config [[https://github.com/advthreat/tenzin-config/pull/869][#869]]
|
|
|
|
*** Tancredi Orlando [1]
|
|
|
|
**** easy-purescript-nix [1]
|
|
|
|
- purs-tidy: 0.9.0 -> 0.9.2
|
|
|
|
*** milehrer [15]
|
|
|
|
**** iroh-engine [15]
|
|
|
|
- move forward if no new targets or asset
|
|
- prepare for 0.15.4
|
|
- decouple first asset check from asset enrichment
|
|
- change ->instant to parse
|
|
- write asset-enrich pipeline v1
|
|
- Prepare for v0.14.6
|
|
- update iroh service-wrapper to expect resolve-latest
|
|
- add resolve-latest-assets iroh protocol and endpoint
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- prepare for v0.14.5
|
|
- the less we talk about this, the better
|
|
- prepare for version 0.14.4
|
|
- make data in enrichment bundles align with real life
|
|
- prepare for 0.14.3
|
|
- remove deprecated trojansource step from github workflow
|
|
- remove transient id generation from assets as DI now does it instead
|
|
|
|
*** Joel Holdbrooks [2]
|
|
|
|
**** iroh-engine [2]
|
|
|
|
- Merge pull request #1373 from advthreat/noprompt-patch-1
|
|
- Update unit_test.yml
|
|
|
|
*** Michael Whitley [3]
|
|
|
|
**** response [3]
|
|
|
|
- Update access-request.md
|
|
- Update access-request.md
|
|
- Update access-request.md
|
|
|
|
*** Sofiia Mykytiuk [43]
|
|
|
|
**** tenzin [43]
|
|
|
|
- Update VPNator in TEST, STAGE and PROD [[https://github.com/advthreat/tenzin/pull/2932][#2932]]
|
|
- Update STAGE docs S3 bucket [[https://github.com/advthreat/tenzin/pull/2938][#2938]]
|
|
- Update VPNator lambda functions in INT [[https://github.com/advthreat/tenzin/pull/2929][#2929]]
|
|
- Update min capacity for ASG in backup regions [[https://github.com/advthreat/tenzin/pull/2917][#2917]]
|
|
- Update readme in terraform folders for backup regions [[https://github.com/advthreat/tenzin/pull/2896][#2896]]
|
|
- Saltstack changes for backup regions [[https://github.com/advthreat/tenzin/pull/2822][#2822]]
|
|
- ROAdmin role for STAGE and PROD [[https://github.com/advthreat/tenzin/pull/2909][#2909]]
|
|
- Update saml in terraform to sync with AWS STAGE and PROD accounts [[https://github.com/advthreat/tenzin/pull/2910][#2910]]
|
|
- ROAdmin role for INT [[https://github.com/advthreat/tenzin/pull/2903][#2903]]
|
|
- Add nodes to ES-metrics cluster in EU [[https://github.com/advthreat/tenzin/pull/2905][#2905]]
|
|
- Remove Data VPNator from PROD [[https://github.com/advthreat/tenzin/pull/2868][#2868]]
|
|
- Terraform changes for backup regions [[https://github.com/advthreat/tenzin/pull/2882][#2882]]
|
|
- Remove modules needed for S3 batch operations [[https://github.com/advthreat/tenzin/pull/2884][#2884]]
|
|
- Disable replication for es-metrics [[https://github.com/advthreat/tenzin/pull/2850][#2850]]
|
|
- Update infrastructure diagram with second VPN [[https://github.com/advthreat/tenzin/pull/2871][#2871]]
|
|
- Remove data-vpnator from INT [[https://github.com/advthreat/tenzin/pull/2855][#2855]]
|
|
- PKI update for backup regions [[https://github.com/advthreat/tenzin/pull/2842][#2842]]
|
|
- Update vpnator script for new OPS setup [[https://github.com/advthreat/tenzin/pull/2817][#2817]]
|
|
- Fix module deletition [[https://github.com/advthreat/tenzin/pull/2825][#2825]]
|
|
- Remove cleaner lambda setup from INT, TEST [[https://github.com/advthreat/tenzin/pull/2823][#2823]]
|
|
- Module to setup new vpnator for OPS VPN in INT [[https://github.com/advthreat/tenzin/pull/2816][#2816]]
|
|
- Modules to setup VPNator for OPS VPN in PROD [[https://github.com/advthreat/tenzin/pull/2814][#2814]]
|
|
- BCP: Update readme with bastion info [[https://github.com/advthreat/tenzin/pull/2456][#2456]]
|
|
- Terraform modules update for TEST backup region [[https://github.com/advthreat/tenzin/pull/2796][#2796]]
|
|
- New PROD VPNator setup for non-ops VPN setup [[https://github.com/advthreat/tenzin/pull/2748][#2748]]
|
|
- Remove not needed permissions for kms-ssm in STAGE [[https://github.com/advthreat/tenzin/pull/2733][#2733]]
|
|
- Changing KMS key in Vault unseal config in STAGE [[https://github.com/advthreat/tenzin/pull/2732][#2732]]
|
|
- Adding permissions to kms-vault key [[https://github.com/advthreat/tenzin/pull/2712][#2712]]
|
|
- Remove permissions for kms-ssm from hashistack policy INT and TEST [[https://github.com/advthreat/tenzin/pull/2719][#2719]]
|
|
- Terraform modules update for TEST backup region [[https://github.com/advthreat/tenzin/pull/2724][#2724]]
|
|
- Changing unseal configuration for Vault in INT [[https://github.com/advthreat/tenzin/pull/2718][#2718]]
|
|
- Permissions for kms-vault key in INT and STAGE [[https://github.com/advthreat/tenzin/pull/2706][#2706]]
|
|
- KMS vault key material for INT and STAGE [[https://github.com/advthreat/tenzin/pull/2705][#2705]]
|
|
- New kms-vault key material [[https://github.com/advthreat/tenzin/pull/2711][#2711]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Permissions for new kms-vault key in TEST backup region [[https://github.com/advthreat/tenzin/pull/2695][#2695]]
|
|
- Fix permissions for kms-vault key [[https://github.com/advthreat/tenzin/pull/2692][#2692]]
|
|
- Changing kms key in autounseal Vault config for TEST [[https://github.com/advthreat/tenzin/pull/2680][#2680]]
|
|
- Update README.md [[https://github.com/advthreat/tenzin/pull/2686][#2686]]
|
|
- Update salt to read datadog api key from SSM [[https://github.com/advthreat/tenzin/pull/2679][#2679]]
|
|
- Adding permissions for new kms-vault key for hashistack nodes in TEST env [[https://github.com/advthreat/tenzin/pull/2670][#2670]]
|
|
- Adding permissions for datadog ssm parameter [[https://github.com/advthreat/tenzin/pull/2663][#2663]]
|
|
- Comment not needed references [[https://github.com/advthreat/tenzin/pull/2656][#2656]]
|
|
- KMS Vault key [[https://github.com/advthreat/tenzin/pull/2668][#2668]]
|
|
|
|
*** Will Lorand [1]
|
|
|
|
**** iroh [1]
|
|
|
|
- Update summary.org [[https://github.com/advthreat/iroh/pull/7603][#7603]]
|
|
|
|
*** Dmytro Budko [5]
|
|
|
|
**** tenzin [5]
|
|
|
|
- SXOPS-630 Invalidate a CloudFront cache for INT/TEST after push changes [[https://github.com/advthreat/tenzin/pull/2897][#2897]]
|
|
- SXOPS-191 Terraform: Bring INT and Test into sync with AWS (DOCS INT/TEST) [[https://github.com/advthreat/tenzin/pull/2889][#2889]]
|
|
- SXOPS-616 DataDog agent not able to collect metrics (SLM) from ES [[https://github.com/advthreat/tenzin/pull/2878][#2878]]
|
|
- SXOPS-539 EC2 Keypair rotation for INT and TEST [[https://github.com/advthreat/tenzin/pull/2787][#2787]]
|
|
- SXOPS-539 Offboard Vadym Kiz [[https://github.com/advthreat/tenzin/pull/2784][#2784]]
|
|
|
|
*** Cisco Boz [1]
|
|
|
|
**** tenzin [1]
|
|
|
|
- Replace Threat Response -> XDR for 502 pages on caddy-* public & private [[https://github.com/advthreat/tenzin/pull/2934][#2934]]
|
|
|
|
*** Patrick Patat [72]
|
|
|
|
**** iroh-ops [71]
|
|
|
|
- install and config riemann on asg
|
|
- add riemann & reimann_telemetry servers
|
|
- add vault token for ansible
|
|
- add rds pg cname and bump tf min version to 1.4
|
|
- install vector after all (due to app log deps)
|
|
- add vector config for docker with nomad
|
|
- add auto instance refresh
|
|
- disable notready service add the end of ansible run
|
|
- remove unattended-upgrades pkg and ignore qualys server
|
|
- setup a lambda that run ansible nomad-jobs when a new app version is pushed to s3
|
|
- override nomad jobs version with versions.json from s3 bucket artefacts (needed for auto deployement)
|
|
- add codebuild fail notification via webex
|
|
- simplify sg rule and rename a boolean var
|
|
- add doc for qualys setup
|
|
- add qualys instances and extends customasation of instances, asg & sgs
|
|
- create an aws backup vault and plan for dynamodb backup
|
|
- create redis-async.iroh.dev.sh cname to tenzin's redis
|
|
- add add iroh-queue-monitor, add http check for nomad jobs
|
|
- config vault telemetry to send data to datadog
|
|
- add role nomad-jobs with exemple job iroh & hello, add related caddy config for private rp
|
|
- add python-nomad to manage job, add dogstatsd as volume & add metadata from docker
|
|
- add iroh-ro vault policy
|
|
- add vault ca to ssm, put vault ca on caddy vm & update nomad config for vault and docker
|
|
- create custom modules for vault and aws private acm & configure vault internal pki
|
|
- allow vault servers to query aws private acm
|
|
- add docker registry and app_server role for docker registry use
|
|
- move docker repo conf to linux base & update nomad config
|
|
- add .yml to group_vars files
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- create one codebuild job per env
|
|
- change codebuild default env var to '' and fix missing env var in user_data
|
|
- create codebuild ansible-run and replace user_data local ansible with codebuild trigger
|
|
- push new admin key in user admin authorized keys
|
|
- fix hostname config
|
|
- add lambda to create/delete ec2 dns record on start and terminate
|
|
- centralize apt config & set hostname and prompt
|
|
- configure vault server & add caddy vault config
|
|
- refactor route53 lb cnames creation
|
|
- upgrade vault instances config
|
|
- split iam in mutliple file and add iam for vault instances
|
|
- add dynamodb for vault
|
|
- add CODEOWNERS file
|
|
- remove openvpn push dns (useless with iroh.sh)
|
|
- upgrade tf and ansible for caddy https with letsencrypt
|
|
- upgrade dns config with iroh.sh & iroh.services
|
|
- secure all comunications between consul nomad and rps
|
|
- do not redeploy instances on ami upgrade
|
|
- refactor pki
|
|
- fix: encode in base64 ssm parameters
|
|
- Revert "temporaly disable encrypt communication for nomad and consul"
|
|
- pki for internal certs
|
|
- use ansible-pull in user_data to config vm at first boot
|
|
- use t4.small instead of t4.nano
|
|
- add linux users config
|
|
- fix: add hashicorp apt in vaul role
|
|
- upgrade for private rp
|
|
- add role and playbook for caddy private rp
|
|
- move hashicorp's apt config to role nomad & consul (do need it on all vms)
|
|
- add bastion and openvpn role, playbook and group_vars
|
|
- temporaly disable encrypt communication for nomad and consul
|
|
- replace _ with - in node name (need to be dns compatible)
|
|
- add python3-boto3 to linux_base_pkgs
|
|
- temporary allow everything from vpn
|
|
- disable source_dest_check for vpn and add bastion dns name
|
|
- upgrade for vpn server
|
|
- ansible typos and code style
|
|
- refactoring asgs & security groups
|
|
- refactor terraform asgs
|
|
- use boolean value instead of strings, add tags in tasks and other minor fixes
|
|
- improve ansible.cfg, remove debug, fix unbound config
|
|
- add load_balancer, app_server private_rp, remove caps from ressource names
|
|
- ansible bootstrap
|
|
**** tenzin [1]
|
|
|
|
- allows iroh-ops dev platform to access rds
|
|
|
|
*** Yurii Ivanisenko [12]
|
|
|
|
**** tenzin [11]
|
|
|
|
- Add muhammad imran (muhammim) gpg key [[https://github.com/advthreat/tenzin/pull/2899][#2899]]
|
|
- Give Muhammad Imran (muhammim) SSH access [[https://github.com/advthreat/tenzin/pull/2898][#2898]]
|
|
- removed walkme-ci tf module files and vpn users [[https://github.com/advthreat/tenzin/pull/2841][#2841]]
|
|
- removed all saltstack entries with user vilakkak [[https://github.com/advthreat/tenzin/pull/2818][#2818]]
|
|
- removed TF module CloudWatch-lambda-sca-whitelist-testing [[https://github.com/advthreat/tenzin/pull/2804][#2804]]
|
|
- added diagrams for CTR_AWS and TAC-portal [[https://github.com/advthreat/tenzin/pull/2717][#2717]]
|
|
- align with INT lambda settings for Thousendeyes WL and TEST R53 recor… [[https://github.com/advthreat/tenzin/pull/2715][#2715]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- fix CSP directives for visibility.amp in APJC and EU regions [[https://github.com/advthreat/tenzin/pull/2689][#2689]]
|
|
- fixed tab instead of spaces in caddy.yaml NAM [[https://github.com/advthreat/tenzin/pull/2681][#2681]]
|
|
- Caddy public job - added templates for TAC certificates [[https://github.com/advthreat/tenzin/pull/2674][#2674]]
|
|
- Added configs for TAC portal prod [[https://github.com/advthreat/tenzin/pull/2666][#2666]]
|
|
**** tenzin-config [1]
|
|
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Added config.json for Tactical-portal in PROD regions [[https://github.com/advthreat/tenzin-config/pull/817][#817]]
|
|
|
|
*** Robert Levy [5]
|
|
|
|
**** iroh [5]
|
|
|
|
- fix dev-resources config to use the correct key signer-ops instead of signer [[https://github.com/advthreat/iroh/pull/7778][#7778]]
|
|
- Add registered trademark to MITRE tile title [[https://github.com/advthreat/iroh/pull/7775][#7775]]
|
|
- Incidents' Detection Sources Tile [[https://github.com/advthreat/iroh/pull/7725][#7725]]
|
|
- top-targeted assets tile for control center (ctia investigate module) [[https://github.com/advthreat/iroh/pull/7689][#7689]]
|
|
- MITRE Attack incidents tile [[https://github.com/advthreat/iroh/pull/7523][#7523]]
|
|
|
|
*** Mia [36]
|
|
|
|
**** iroh [22]
|
|
|
|
- Update risk score docs to include overview of enrich-targets process [[https://github.com/advthreat/iroh/pull/7773][#7773]]
|
|
- log asset retrieval failure [[https://github.com/advthreat/iroh/pull/7743][#7743]]
|
|
- Separate risk score engine calls [[https://github.com/advthreat/iroh/pull/7742][#7742]]
|
|
- log bundle [[https://github.com/advthreat/iroh/pull/7737][#7737]]
|
|
- Flag observe targets [[https://github.com/advthreat/iroh/pull/7697][#7697]]
|
|
- remove verbose logs from risk score calculation [[https://github.com/advthreat/iroh/pull/7618][#7618]]
|
|
- FIXME temp log bundle-import-payload [[https://github.com/advthreat/iroh/pull/7609][#7609]]
|
|
- handle explicit nil cases for asset value [[https://github.com/advthreat/iroh/pull/7604][#7604]]
|
|
- Correct describe assets [[https://github.com/advthreat/iroh/pull/7600][#7600]]
|
|
- adjust logging [[https://github.com/advthreat/iroh/pull/7596][#7596]]
|
|
- Resolve latest asset log params [[https://github.com/advthreat/iroh/pull/7594][#7594]]
|
|
- add asset:read scope to token used for engine-service [[https://github.com/advthreat/iroh/pull/7571][#7571]]
|
|
- Iroh engine latest assets [[https://github.com/advthreat/iroh/pull/7554][#7554]]
|
|
- Update bundle import [[https://github.com/advthreat/iroh/pull/7542][#7542]]
|
|
- Fix risk score bundle import [[https://github.com/advthreat/iroh/pull/7534][#7534]]
|
|
- fix a typo in engine config introduce default consistent with engine [[https://github.com/advthreat/iroh/pull/7525][#7525]]
|
|
- Fix risk score auth [[https://github.com/advthreat/iroh/pull/7517][#7517]]
|
|
- Fix risk score auth [[https://github.com/advthreat/iroh/pull/7516][#7516]]
|
|
- Fix risk score auth with tests this time [[https://github.com/advthreat/iroh/pull/7515][#7515]]
|
|
- add auth token to bundle export header in risk score [[https://github.com/advthreat/iroh/pull/7514][#7514]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- implement final risk score [[https://github.com/advthreat/iroh/pull/7486][#7486]]
|
|
- 7342 preliminary risk score [[https://github.com/advthreat/iroh/pull/7460][#7460]]
|
|
**** iroh-engine [13]
|
|
|
|
- Merge pull request #1385 from advthreat/v0.15.4-rc
|
|
- Merge pull request #1384 from advthreat/separate-add-assets-and-enrich-targets
|
|
- Merge pull request #1371 from advthreat/testy-tests
|
|
- Merge pull request #1367 from advthreat/v0.14.6-rc
|
|
- Merge pull request #1366 from advthreat/add-resolve-latest-assets
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Merge pull request #1365 from advthreat/v0.14.5-rc
|
|
- Merge pull request #1364 from advthreat/change-test-again
|
|
- Merge branch 'main' into change-test-again
|
|
- Merge pull request #1363 from advthreat/v0.14.4-rc
|
|
- Merge pull request #1362 from advthreat/calculate-preliminary-risk-score
|
|
- Merge pull request #1360 from advthreat/v0.14.3-rc
|
|
- Merge pull request #1359 from advthreat/remove-trojansource
|
|
- Merge pull request #1358 from advthreat/remove-transient-ids
|
|
**** tenzin-config [1]
|
|
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- flip feature flag in INT for score-based incident enrichment [[https://github.com/advthreat/tenzin-config/pull/833][#833]]
|
|
|
|
*** Devin Walters [5]
|
|
|
|
**** iroh-engine [5]
|
|
|
|
- Prepare 0.15.2
|
|
- Coerce to instant after reading as ZDT
|
|
- Assert sightings
|
|
- Let up
|
|
- Use investigable-observables, promises delivered, add verdict
|
|
|
|
*** Vadym Kiz [3]
|
|
|
|
**** tenzin [3]
|
|
|
|
- SXOPS-361 GitHub self-hosted runners for SecureX UI monorepo [[https://github.com/advthreat/tenzin/pull/2635][#2635]]
|
|
- Datadog: enable slm_stats [[https://github.com/advthreat/tenzin/pull/2778][#2778]]
|
|
- SSH access - jbusboom [[https://github.com/advthreat/tenzin/pull/2738][#2738]]
|
|
|
|
*** Ag Ibragimov [8]
|
|
|
|
**** iroh [4]
|
|
|
|
- Unassigned Incidents Tile should show relative time [[https://github.com/advthreat/iroh/pull/7824][#7824]]
|
|
- Control center: Navigate to Incidents page from tile [[https://github.com/advthreat/iroh/pull/7760][#7760]]
|
|
- Control Center -- Detection Sources Tile: Fixes query parenthesizing [[https://github.com/advthreat/iroh/pull/7759][#7759]]
|
|
- API work for unassigned incidents [[https://github.com/advthreat/iroh/pull/7682][#7682]]
|
|
**** tenzin-config [4]
|
|
|
|
- adds :xdr-site-url [[https://github.com/advthreat/tenzin-config/pull/885][#885]]
|
|
- adds detection sources config for PROD [[https://github.com/advthreat/tenzin-config/pull/881][#881]]
|
|
- additional client_id for incident sources [[https://github.com/advthreat/tenzin-config/pull/877][#877]]
|
|
- adds incident sources: test, int [[https://github.com/advthreat/tenzin-config/pull/873][#873]]
|
|
|
|
*** Justin Woo [2]
|
|
|
|
**** easy-purescript-nix [2]
|
|
|
|
- Merge pull request #219 from turlando/purs-tidy-0.9.2
|
|
- Merge pull request #218 from paluh/master
|
|
|
|
*** dependabot[bot] [0]
|
|
|
|
|
|
*** Sam Waggoner [4]
|
|
|
|
**** ctia [1]
|
|
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- threatgrid/ctim/#381 Migrate actor 1.2.0 [[https://github.com/advthreat/ctia/pull/1323][#1323]]
|
|
**** tenzin-config [3]
|
|
|
|
- Add hydrant es-metrics configs for events.
|
|
- Fix hydrant-talos-ta-blog misnamed http-options.
|
|
- advthreat/hydrant#721 update talos blog http-options.
|
|
|
|
*** II [9]
|
|
|
|
**** iroh [7]
|
|
|
|
- Issue 7455 - Minor cleanup from XDR tiles merge [[https://github.com/advthreat/iroh/pull/7695][#7695]]
|
|
- 6963 implements one-click module wrapper endpoint [[https://github.com/advthreat/iroh/pull/7315][#7315]]
|
|
- Issue 7647 AMP observe targets [[https://github.com/advthreat/iroh/pull/7661][#7661]]
|
|
- Issue 7647 - IObserveTargetModule protocol [[https://github.com/advthreat/iroh/pull/7651][#7651]]
|
|
- Ao shortcut use unique names [[https://github.com/advthreat/iroh/pull/7627][#7627]]
|
|
- Ao docs formatting fixes [[https://github.com/advthreat/iroh/pull/7625][#7625]]
|
|
- Issue 7550 ao workflow exec shortcut [[https://github.com/advthreat/iroh/pull/7617][#7617]]
|
|
**** tenzin-config [2]
|
|
|
|
- Adds one-click service to bootstrap.cfg files [[https://github.com/advthreat/tenzin-config/pull/862][#862]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Tac portal PROD login origins [[https://github.com/advthreat/tenzin-config/pull/821][#821]]
|
|
|
|
*** Eric Gierach [10]
|
|
|
|
**** iroh [3]
|
|
|
|
- Fix attack graph simplification [[https://github.com/advthreat/iroh/pull/7747][#7747]]
|
|
- latest simplification logic (edges not considered) [[https://github.com/advthreat/iroh/pull/7662][#7662]]
|
|
- update notable events to match what the Engine client is producing for CTR [[https://github.com/advthreat/iroh/pull/7614][#7614]]
|
|
**** iroh-engine [7]
|
|
|
|
- Merge pull request #1387 from advthreat/v0.15.5-rc
|
|
- Prepare for 0.15.5 release.
|
|
- Merge pull request #1386 from advthreat/enrich-all-targets
|
|
- Fix typo in log
|
|
- Merge pull request #1370 from advthreat/dependabot/npm_and_yarn/webpack-5.76.0
|
|
- Merge branch 'main' into dependabot/npm_and_yarn/webpack-5.76.0
|
|
- Merge pull request #1368 from advthreat/dependabot/npm_and_yarn/xmldom/xmldom-and-mountebank-0.8.4
|
|
|
|
*** Adam Sayer [26]
|
|
|
|
**** tenzin [25]
|
|
|
|
- webexbox fix on saltmaster [[https://github.com/advthreat/tenzin/pull/2937][#2937]]
|
|
- increase ES storage iops/throughput [[https://github.com/advthreat/tenzin/pull/2927][#2927]]
|
|
- Vercel CICD accept 409 and watch http state
|
|
- Add Vercel CI/CD to Saltmaster [[https://github.com/advthreat/tenzin/pull/2920][#2920]]
|
|
- Update hydrant container version [[https://github.com/advthreat/tenzin/pull/2891][#2891]]
|
|
- snort filename fix [[https://github.com/advthreat/tenzin/pull/2890][#2890]]
|
|
- Update hydrant container to 1.36 in INT [[https://github.com/advthreat/tenzin/pull/2888][#2888]]
|
|
- remove jq verify usage [[https://github.com/advthreat/tenzin/pull/2885][#2885]]
|
|
- Fix - Extract Talos Snort Rule files for Importer [[https://github.com/advthreat/tenzin/pull/2880][#2880]]
|
|
- github runner salt and terraform [[https://github.com/advthreat/tenzin/pull/2875][#2875]]
|
|
- update securex-ui in INT for latest NVM profiles [[https://github.com/advthreat/tenzin/pull/2873][#2873]]
|
|
- Route53 Module refactor [[https://github.com/advthreat/tenzin/pull/2851][#2851]]
|
|
- Revert "SXOPS-361 GitHub self-hosted runners for SecureX UI monorepo (#2635)" [[https://github.com/advthreat/tenzin/pull/2859][#2859]]
|
|
- github-runner ASG [[https://github.com/advthreat/tenzin/pull/2852][#2852]]
|
|
- Update r53 module to allow geolocation [[https://github.com/advthreat/tenzin/pull/2844][#2844]]
|
|
- Cloud9 ami APJC EU [[https://github.com/advthreat/tenzin/pull/2803][#2803]]
|
|
- Cloud9 AMI to NAM [[https://github.com/advthreat/tenzin/pull/2792][#2792]]
|
|
- Bash to replace ES instances [[https://github.com/advthreat/tenzin/pull/2777][#2777]]
|
|
- Upgrade 6th gen ec2 and cloud9 AMI for TEST [[https://github.com/advthreat/tenzin/pull/2775][#2775]]
|
|
- Int cloud9 ami refresh [[https://github.com/advthreat/tenzin/pull/2768][#2768]]
|
|
- Allow instance refresh on ASG module [[https://github.com/advthreat/tenzin/pull/2766][#2766]]
|
|
- VPC peer TEST-STAGE for qa-macos instance [[https://github.com/advthreat/tenzin/pull/2734][#2734]]
|
|
- Stage salt [[https://github.com/advthreat/tenzin/pull/2716][#2716]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Allow ingress from IROH to ES private storage [[https://github.com/advthreat/tenzin/pull/2652][#2652]]
|
|
- Allow ingress from IROH to es private storage INT [[https://github.com/advthreat/tenzin/pull/2630][#2630]]
|
|
**** tenzin-config [1]
|
|
|
|
- Stage env configs [[https://github.com/advthreat/tenzin-config/pull/785][#785]]
|
|
|
|
*** Tomasz Rybarczyk [1]
|
|
|
|
**** easy-purescript-nix [1]
|
|
|
|
- purs: 0.15.7 -> 0.15.8
|
|
|
|
*** Chris Duane [2]
|
|
|
|
**** response [2]
|
|
|
|
- Update access-request.md
|
|
- Create security-event.md
|
|
|
|
*** [9]
|
|
|
|
**** iroh [7]
|
|
|
|
- Issue 7455 - Minor cleanup from XDR tiles merge [[https://github.com/advthreat/iroh/pull/7695][#7695]]
|
|
- 6963 implements one-click module wrapper endpoint [[https://github.com/advthreat/iroh/pull/7315][#7315]]
|
|
- Issue 7647 AMP observe targets [[https://github.com/advthreat/iroh/pull/7661][#7661]]
|
|
- Issue 7647 - IObserveTargetModule protocol [[https://github.com/advthreat/iroh/pull/7651][#7651]]
|
|
- Ao shortcut use unique names [[https://github.com/advthreat/iroh/pull/7627][#7627]]
|
|
- Ao docs formatting fixes [[https://github.com/advthreat/iroh/pull/7625][#7625]]
|
|
- Issue 7550 ao workflow exec shortcut [[https://github.com/advthreat/iroh/pull/7617][#7617]]
|
|
**** tenzin-config [2]
|
|
|
|
- Adds one-click service to bootstrap.cfg files [[https://github.com/advthreat/tenzin-config/pull/862][#862]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Tac portal PROD login origins [[https://github.com/advthreat/tenzin-config/pull/821][#821]]
|
|
|
|
*** John Jardine [30]
|
|
|
|
**** tenzin [30]
|
|
|
|
- Update SW versions, sort changes to the top [[https://github.com/advthreat/tenzin/pull/2864][#2864]]
|
|
- Add instances to handle new 3rd party integrations [[https://github.com/advthreat/tenzin/pull/2870][#2870]]
|
|
- Add capacity in OSS to support logstash-cloudtrail [[https://github.com/advthreat/tenzin/pull/2865][#2865]]
|
|
- Terraform edits to deconflict some values and make more generic [[https://github.com/advthreat/tenzin/pull/2853][#2853]]
|
|
- Create S3 Bucket, user, group, policy [[https://github.com/advthreat/tenzin/pull/2839][#2839]]
|
|
- Update integrations-crowdstrike to 1.0.2 in all regions [[https://github.com/advthreat/tenzin/pull/2833][#2833]]
|
|
- Move all Hydrant jobs to v1.35 (adds coas support) [[https://github.com/advthreat/tenzin/pull/2826][#2826]]
|
|
- Bash defaults: Remove TMOUT, assign set -o vi & dir [[https://github.com/advthreat/tenzin/pull/2829][#2829]]
|
|
- Check single certificate [[https://github.com/advthreat/tenzin/pull/2830][#2830]]
|
|
- Align hydrant jobs on 4 minute multiples. [[https://github.com/advthreat/tenzin/pull/2821][#2821]]
|
|
- Updated ssh keypairs for EU NAM and APJC [[https://github.com/advthreat/tenzin/pull/2791][#2791]]
|
|
- SXOPS-529: SSH Default configuration changes [[https://github.com/advthreat/tenzin/pull/2774][#2774]]
|
|
- Check if integrations-healthcheck is working. [[https://github.com/advthreat/tenzin/pull/2772][#2772]]
|
|
- Update sumram.gpg
|
|
- Make script outputs comparable by using same sort order [[https://github.com/advthreat/tenzin/pull/2761][#2761]]
|
|
- SXOPS-435: Add hydrant-talos-coas fixes for other regions [[https://github.com/advthreat/tenzin/pull/2751][#2751]]
|
|
- Quote cron entry to prevent YAML interpolation [[https://github.com/advthreat/tenzin/pull/2750][#2750]]
|
|
- Default Jason Busboom to absent to prevent global access [[https://github.com/advthreat/tenzin/pull/2743][#2743]]
|
|
- Updated rev-proxy for securex-ui-automate.test.iroh.site [[https://github.com/advthreat/tenzin/pull/2744][#2744]]
|
|
- Added gpg key for Atul Anand
|
|
- SXOPS-491 Add securex ui automate support for TEST [[https://github.com/advthreat/tenzin/pull/2729][#2729]]
|
|
- Need to add securex-ui-automate.int.iroh.site to ACME [[https://github.com/advthreat/tenzin/pull/2723][#2723]]
|
|
- SXOPS-491 Add securex ui automate support [[https://github.com/advthreat/tenzin/pull/2722][#2722]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Fix comment, fix error file content check [[https://github.com/advthreat/tenzin/pull/2683][#2683]]
|
|
- Backport v1.112 fixes to master [[https://github.com/advthreat/tenzin/pull/2682][#2682]]
|
|
- Initial commit [[https://github.com/advthreat/tenzin/pull/2671][#2671]]
|
|
- Add error handling to cert check [[https://github.com/advthreat/tenzin/pull/2651][#2651]]
|
|
- Initial Vercel Postman API [[https://github.com/advthreat/tenzin/pull/2633][#2633]]
|
|
- INT: Merge Consul overrides into jobs.sls [[https://github.com/advthreat/tenzin/pull/2646][#2646]]
|
|
- SXOPS-412: Trend Micro XDR Integration Relay INT and TEST [[https://github.com/advthreat/tenzin/pull/2617][#2617]]
|
|
|
|
*** Michael Pendergrass [4]
|
|
|
|
**** iroh [4]
|
|
|
|
- Engine 0.15.5 [[https://github.com/advthreat/iroh/pull/7768][#7768]]
|
|
- add more attribute relation types [[https://github.com/advthreat/iroh/pull/7660][#7660]]
|
|
- More graph changes [[https://github.com/advthreat/iroh/pull/7643][#7643]]
|
|
- add graph output to incident summary [[https://github.com/advthreat/iroh/pull/7549][#7549]]
|
|
|
|
*** Scott McLeod [4]
|
|
|
|
**** iroh [4]
|
|
|
|
- Improve performance of IncidentReportService [[https://github.com/advthreat/iroh/pull/7745][#7745]]
|
|
- Add filters to Incident Report [[https://github.com/advthreat/iroh/pull/7727][#7727]]
|
|
- Add test to verify paging [[https://github.com/advthreat/iroh/pull/7564][#7564]]
|
|
- Use search_after paging for incident report (#7461) [[https://github.com/advthreat/iroh/pull/7539][#7539]]
|
|
|
|
*** Matthieu Sprunck [3]
|
|
|
|
**** ctia [3]
|
|
|
|
- Bump CTIM to 1.3.7 [[https://github.com/advthreat/ctia/pull/1357][#1357]]
|
|
- Bump to CTIM 1.3.5 [[https://github.com/advthreat/ctia/pull/1349][#1349]]
|
|
- Bump to CTIM 1.3.4 [[https://github.com/advthreat/ctia/pull/1345][#1345]]
|
|
|
|
*** Jerome Schneider [10]
|
|
|
|
**** iroh-ops [9]
|
|
|
|
- Merge pull request #68 from advthreat/split-releases-artefacts
|
|
- Merge pull request #51 from advthreat/logging-vector
|
|
- Merge pull request #46 from advthreat/datadog
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Merge pull request #42 from advthreat/vpnator-rm-cloudtrail
|
|
- Merge pull request #36 from advthreat/stricter-iam
|
|
- Merge pull request #34 from advthreat/fix-tfw
|
|
- Merge pull request #16 from advthreat/tfw-fixes
|
|
- Merge pull request #13 from advthreat/tf-wrapper
|
|
- Merge pull request #12 from advthreat/ansible
|
|
**** tenzin [1]
|
|
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- iroh(-async): improve memory management to avoid memory cgroup oom [[https://github.com/advthreat/tenzin/pull/2693][#2693]]
|
|
|
|
*** t2sw [1]
|
|
|
|
**** iroh [1]
|
|
|
|
- modify get-tiles and get-tiles-data endpoints for xdr query parameter [[https://github.com/advthreat/iroh/pull/7757][#7757]]
|
|
|
|
*** bswanson [81]
|
|
|
|
**** iroh [10]
|
|
|
|
- Engine version bump. [[https://github.com/advthreat/iroh/pull/7730][#7730]]
|
|
- Asset correlation [[https://github.com/advthreat/iroh/pull/7708][#7708]]
|
|
- READY FOR REVIEW: observe-targets to iroh engine. [[https://github.com/advthreat/iroh/pull/7683][#7683]]
|
|
- Fix empty source breaking schema. [[https://github.com/advthreat/iroh/pull/7687][#7687]]
|
|
- BUG FIX: events were pulled from wrong key. [[https://github.com/advthreat/iroh/pull/7678][#7678]]
|
|
- Add Assets to Summary and Events incident endpoints [[https://github.com/advthreat/iroh/pull/7666][#7666]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Add Eric and Mia to codeowners. [[https://github.com/advthreat/iroh/pull/7501][#7501]]
|
|
- Add extra fields to summary events [[https://github.com/advthreat/iroh/pull/7482][#7482]]
|
|
- Add optional keys owner and groups to :incident-id/events schema. [[https://github.com/advthreat/iroh/pull/7449][#7449]]
|
|
- Allow port key in the private-intel service context [[https://github.com/advthreat/iroh/pull/7435][#7435]]
|
|
**** iroh-engine [68]
|
|
|
|
- Merge pull request #1383 from advthreat/v0.15.3-rc
|
|
- Update changelog.
|
|
- Prepare for 0.15.3 release
|
|
- Merge pull request #1381 from advthreat/proper-no-op
|
|
- Merge branch 'main' into proper-no-op
|
|
- Merge pull request #1382 from advthreat/codeowners
|
|
- Add folks to codeowners, remove our previous humans.
|
|
- Update release to remove unused project.clj
|
|
- Cleanup tests.
|
|
- Update tests to reflect passthrough behavior.
|
|
- failing tests, but no-op.
|
|
- Merge pull request #1380 from advthreat/v0.15.2-rc
|
|
- Merge pull request #1379 from advthreat/superstitious-p
|
|
- Merge pull request #1378 from advthreat/v0.15.1-rc
|
|
- Release v0.15.1.
|
|
- Merge pull request #1377 from advthreat/remove-original-sightings
|
|
- Don't print 100s of sightings :D
|
|
- Add logging.
|
|
- Remove CTIM dependency.
|
|
- Data for you and data for me
|
|
- Cabinet of curiosities be gone.
|
|
- Datums test.
|
|
- new asset responses.
|
|
- Check no-op case for assets-for-new-targets.
|
|
- Add assets and asset mappings.
|
|
- Remove fake test that described itself as real.
|
|
- Use add-latest-asset-info from enrich ns.
|
|
- Add failing observe-target-observables-test.
|
|
- Do not pass back the relationships or sightings from the original bundle.
|
|
- Merge pull request #1374 from advthreat/v0.15.0-rc
|
|
- Release candidate 0.15.0
|
|
- Merge pull request #1372 from advthreat/asset-enrich
|
|
- Merge branch 'main' into asset-enrich
|
|
- Only need to wrap around exception.
|
|
- Magic sauce for cljs vs clj.
|
|
- Add test for ->instant.
|
|
- Fix let<.
|
|
- promesify everything.
|
|
- PR feedback, add p/let.
|
|
- PR feedback.
|
|
- map observable keys (this shouldn't matter, but for consistency and safety sake.)
|
|
- Refactor exists? because it's a function.
|
|
- Update src/iroh/engine/asset/enrich.cljc
|
|
- Fix IrohServiceWrapper call.
|
|
- move time fns into time ns.
|
|
- A bit more function now.
|
|
- IT LIVESSSS.
|
|
- Add emit_observe_targets_enrich.js
|
|
- Wiring through observable call.
|
|
- mountebank.
|
|
- Getting farther through the pipeline.
|
|
- Resolve linter errors.
|
|
- more promises for us.
|
|
- cleanup nested whens.
|
|
- Try to call targets.
|
|
- it puts the promise on the code.
|
|
- Smaller functions.
|
|
- Clean up more test ns.
|
|
- Cleanup tests.
|
|
- Merge branch 'main' into asset-enrich
|
|
- Move logic into previous function.
|
|
- Add resolve latest mountebank test.
|
|
- Some unit tests.
|
|
- prepare for the sightening.
|
|
- extract targets from enriched response.
|
|
- Break out a couple more small functions.
|
|
- Implement some small helper functions.
|
|
- Pull in used sighting ns and reference observable var.
|
|
**** tenzin-config [3]
|
|
|
|
- Add config for prod and fix test typo. [[https://github.com/advthreat/tenzin-config/pull/846][#846]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Add iroh base url to conure config. [[https://github.com/advthreat/tenzin-config/pull/829][#829]]
|
|
- Add necessary conure config. [[https://github.com/advthreat/tenzin-config/pull/811][#811]]
|
|
|
|
*** Pawan Bahuguna [31]
|
|
|
|
**** tenzin [31]
|
|
|
|
- Sxops 191 - custom_response_body [[https://github.com/advthreat/tenzin/pull/2933][#2933]]
|
|
- Added health check header [[https://github.com/advthreat/tenzin/pull/2921][#2921]]
|
|
- Added Health check header to crowdstrike for testing [[https://github.com/advthreat/tenzin/pull/2916][#2916]]
|
|
- Increased the Max size to 6 [[https://github.com/advthreat/tenzin/pull/2908][#2908]]
|
|
- Updated the version to 7.0.7 to sync with AWS [[https://github.com/advthreat/tenzin/pull/2907][#2907]]
|
|
- SXOPS-621 - Enable IAM Access Advisor in all envs [[https://github.com/advthreat/tenzin/pull/2894][#2894]]
|
|
- Removed Event Processor Role [[https://github.com/advthreat/tenzin/pull/2881][#2881]]
|
|
- SXOPS 191 Update TEST VPC Peering [[https://github.com/advthreat/tenzin/pull/2879][#2879]]
|
|
- Changed version to 7.0.5, already present in aws [[https://github.com/advthreat/tenzin/pull/2877][#2877]]
|
|
- Updated desired capacity, min and max size [[https://github.com/advthreat/tenzin/pull/2874][#2874]]
|
|
- SXOPS-490 Docker version health check [[https://github.com/advthreat/tenzin/pull/2837][#2837]]
|
|
- Added CU, IR, KP, SY [[https://github.com/advthreat/tenzin/pull/2854][#2854]]
|
|
- Added artifacts and XDR to ordered_cache_behavior - Already in AWS [[https://github.com/advthreat/tenzin/pull/2848][#2848]]
|
|
- SXOPS-191-Updated VPC peering connection [[https://github.com/advthreat/tenzin/pull/2835][#2835]]
|
|
- Added docker container version check [[https://github.com/advthreat/tenzin/pull/2815][#2815]]
|
|
- SAML sync with AWS [[https://github.com/advthreat/tenzin/pull/2824][#2824]]
|
|
- enabled intelligence in prod [[https://github.com/advthreat/tenzin/pull/2807][#2807]]
|
|
- SXOPS-535 Micro Frontend Ribbon [[https://github.com/advthreat/tenzin/pull/2806][#2806]]
|
|
- int-iroh-registration-ui User is already present in AWS [[https://github.com/advthreat/tenzin/pull/2801][#2801]]
|
|
- Removed CloudWatch-CSIRT.tf [[https://github.com/advthreat/tenzin/pull/2788][#2788]]
|
|
- updated the asg_max_size to 6 [[https://github.com/advthreat/tenzin/pull/2781][#2781]]
|
|
- Added instance refresh [[https://github.com/advthreat/tenzin/pull/2780][#2780]]
|
|
- Enabling watchdog check on Crowdstrike [[https://github.com/advthreat/tenzin/pull/2773][#2773]]
|
|
- SXOPS-490 Add/Update 3rd Party Integrations health checks [[https://github.com/advthreat/tenzin/pull/2767][#2767]]
|
|
- Added TLS - automate MFE [[https://github.com/advthreat/tenzin/pull/2753][#2753]]
|
|
- PROD automate MFE [[https://github.com/advthreat/tenzin/pull/2752][#2752]]
|
|
- [SXOPS-497] Create 3rd Party Integrations for Cybereason & Crowdstrike (INT/TEST) [[https://github.com/advthreat/tenzin/pull/2747][#2747]]
|
|
- Added dbudko pabahugu to VPN list [[https://github.com/advthreat/tenzin/pull/2728][#2728]]
|
|
- Sxops 484 onboard dmytro dbudko [[https://github.com/advthreat/tenzin/pull/2727][#2727]]
|
|
- SXOPS-476 Decom Nomad task securex-ui-incidents from Tenzin [[https://github.com/advthreat/tenzin/pull/2699][#2699]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- enable prod [[https://github.com/advthreat/tenzin/pull/2662][#2662]]
|
|
|
|
*** Trent Boyd [2]
|
|
|
|
**** tenzin-config [2]
|
|
|
|
- chore: add https dev urls to xdr projects [[https://github.com/advthreat/tenzin-config/pull/886][#886]]
|
|
- feat: add configs for securex-ui-intelligence job [[https://github.com/advthreat/tenzin-config/pull/852][#852]]
|
|
|
|
*** Devin Walters [12]
|
|
|
|
**** tenzin [7]
|
|
|
|
- Set tmpdir to /local for conure task [[https://github.com/advthreat/tenzin/pull/2930][#2930]]
|
|
- Mount datadog socket in conure task [[https://github.com/advthreat/tenzin/pull/2922][#2922]]
|
|
- Remove Conure access to IROH RDS instance [[https://github.com/advthreat/tenzin/pull/2742][#2742]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Capture the rest of a log message as 'message_text' for clj stack logs [[https://github.com/advthreat/tenzin/pull/2660][#2660]]
|
|
- Grok pattern which captures message for the clj stack [[https://github.com/advthreat/tenzin/pull/2658][#2658]]
|
|
- Add RMI server hostname [[https://github.com/advthreat/tenzin/pull/2640][#2640]]
|
|
- Include configuration for hikari monitoring via JMX [[https://github.com/advthreat/tenzin/pull/2639][#2639]]
|
|
**** tenzin-config [5]
|
|
|
|
- Specify JWK per environment [[https://github.com/advthreat/tenzin-config/pull/866][#866]]
|
|
- Update conure username in prod environments [[https://github.com/advthreat/tenzin-config/pull/860][#860]]
|
|
- Update conure db username in TEST [[https://github.com/advthreat/tenzin-config/pull/856][#856]]
|
|
- Update conure configuration [[https://github.com/advthreat/tenzin-config/pull/843][#843]]
|
|
- Test out dedicated conure postgres instance [[https://github.com/advthreat/tenzin-config/pull/838][#838]]
|
|
|
|
*** Martin Bruchanov [20]
|
|
|
|
**** tenzin [20]
|
|
|
|
- Adding data nodes to lower file system utilization [[https://github.com/advthreat/tenzin/pull/2940][#2940]]
|
|
- Adding vercel deploy to sudo for consul [[https://github.com/advthreat/tenzin/pull/2936][#2936]]
|
|
- Increasing number of data nodes to the current state [[https://github.com/advthreat/tenzin/pull/2935][#2935]]
|
|
- Security groups for OPS VPN in INT [[https://github.com/advthreat/tenzin/pull/2924][#2924]]
|
|
- Added CLI parameters for ES administration tools [[https://github.com/advthreat/tenzin/pull/2915][#2915]]
|
|
- Removing salt references for terminated OPs instance [[https://github.com/advthreat/tenzin/pull/2900][#2900]]
|
|
- Updated contacts of EDF team [[https://github.com/advthreat/tenzin/pull/2895][#2895]]
|
|
- Fixed JSON validation for IROH query [[https://github.com/advthreat/tenzin/pull/2887][#2887]]
|
|
- Fixed correct hostname and SSM keys [[https://github.com/advthreat/tenzin/pull/2893][#2893]]
|
|
- OPS OpenVPN salt deployment [[https://github.com/advthreat/tenzin/pull/2883][#2883]]
|
|
- Renaming data-openvpn to ops-openvpn [[https://github.com/advthreat/tenzin/pull/2845][#2845]]
|
|
- Increasing edf-reporting and iops-reporting memory allocation [[https://github.com/advthreat/tenzin/pull/2838][#2838]]
|
|
- Added list of Consul UI hostnames [[https://github.com/advthreat/tenzin/pull/2789][#2789]]
|
|
- Tool for quick SSH to Consul leader [[https://github.com/advthreat/tenzin/pull/2785][#2785]]
|
|
- Cleaning up intel2x hostname [[https://github.com/advthreat/tenzin/pull/2654][#2654]]
|
|
- Second VPN server for Non-OPS access [[https://github.com/advthreat/tenzin/pull/2735][#2735]]
|
|
- Fixed duplicated uid in user profile [[https://github.com/advthreat/tenzin/pull/2740][#2740]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- NAM ElasticSearch clean up: DNS, S3 bucket for snapshots [[https://github.com/advthreat/tenzin/pull/2697][#2697]]
|
|
- Updating hostnames, fixed error with missing authentication [[https://github.com/advthreat/tenzin/pull/2637][#2637]]
|
|
- Tranfer of existing roles from one ES cluter to another [[https://github.com/advthreat/tenzin/pull/2634][#2634]]
|
|
|
|
*** Michael Simonson [3]
|
|
|
|
**** tenzin [2]
|
|
|
|
- Adds input buckets for non-int envs [[https://github.com/advthreat/tenzin/pull/2863][#2863]]
|
|
- SXOPs-hydrant-talos-coa-importer [[https://github.com/advthreat/tenzin/pull/2741][#2741]]
|
|
**** tenzin-config [1]
|
|
|
|
- Issue SXOPs-562: Hydrant Manual Removal Importer [[https://github.com/advthreat/tenzin-config/pull/859][#859]]
|
|
|
|
*** John Jardine [5]
|
|
|
|
**** tenzin [4]
|
|
|
|
- Revert "Move all Hydrant jobs to v1.35 (adds coas support)"
|
|
- Revert "Include STAGE in hydrant container version update"
|
|
- Include STAGE in hydrant container version update
|
|
- Move all Hydrant jobs to v1.35 (adds coas support)
|
|
**** tenzin-config [1]
|
|
|
|
- Importer was missing the config files [[https://github.com/advthreat/tenzin-config/pull/850][#850]]
|
|
|
|
*** Gayan Jayasundara [7]
|
|
|
|
**** tenzin [7]
|
|
|
|
- Bump crowdstrike and SentinalOne - Ian requested [[https://github.com/advthreat/tenzin/pull/2904][#2904]]
|
|
- Bump crowdstrike into 1.0.2a - Bug fix from Ian [[https://github.com/advthreat/tenzin/pull/2846][#2846]]
|
|
- SXOPS-512 Bump crowdstrike and sentinelone versions [[https://github.com/advthreat/tenzin/pull/2802][#2802]]
|
|
|
|
_between 3 and 4 months old_
|
|
|
|
- Migrate securex-ui-incidents from Nomad to Vercel - non-prod - DNS [[https://github.com/advthreat/tenzin/pull/2691][#2691]]
|
|
- securex-ui-control-center - non-prod vercel [[https://github.com/advthreat/tenzin/pull/2690][#2690]]
|
|
- Update cyberprotect integration to latest (2.0.6) [[https://github.com/advthreat/tenzin/pull/2673][#2673]]
|
|
- Redirect XDR int to Vercel [[https://github.com/advthreat/tenzin/pull/2667][#2667]]
|