61 KiB
61 KiB
FY24Q3 Report
- IROH
- Other
- Other
- Robert Levy [7]
- Eric Gierach [5]
- II [20]
- Devin Walters [9]
- Mia [5]
- Martin Bruchanov [1]
- James Moser [1]
- [20]
- Martin Bruchanov [1]
- Ruslan Yemelianov [2]
- Andrew Parisi [2]
- Scott McLeod [7]
- Sam Waggoner [1]
- t2sw [2]
- Jerome Schneider [1]
- Brooke Swanson [24]
- Yurii Ivanisenko [1]
- James Brock [1]
- ryemelia [6]
- Other
IROH
lead
Guillaume Buisson [12]
ctia [2]
iroh [8]
- fix a flaky test in iroh-web #9250
- Don't use pp-str to log the request in the rate limiter service #9249
- Fix iroh-kafka* logs #9240
- Update the json appender to rename the output level key #9187
- update the logstash-v2 logging preset #9178
- Don't fire disabled webhooks #8741
- upgrade ctia-investigate to use transit+json instead of edn #8623
between 6 month and 7 month old
- A new script to update a record :created in ES #8574
tenzin-config [2]
- setup the IROH json logging appender
- Re-apply the default rate limit for the NGFW Incident promotion client #1063
data
Mario Aquino [41]
iroh [33]
- Threat hunt integration tests #9218
- Threat hunt module instance pagination #9200
- iroh-async Telemetry Identity Data #9166
- Xdr 1086/crud store fields filtering #9147
- iroh-async task (metric) tag #9123
- iroh-metrics in default bootstrap #9118
- Metrics Service (micrometer) #9029
- Disable color logging for test execution #9097
- Carmine & Timbre upgrade v2 #9005
- Loosen Risk Score Incident validation #9013
- Apply risk score valid ranges to incident schemas #8976
- Revert "Upgrade carmine version (#8888)" #9003
- Log Tuning #8978
- Upgrade carmine version #8888
- Fix flaky test #8956
- iroh-async high-traffic adjustments #8835
- Fix disabled threat-hunt test #8814
- Update incident_time when updating incident status #8801
- incident enrichment activity diagram #8712
- Separate Risk score & incident enrichment #8751
- Improve safe-filtering #8731
- iroh-async: Flatten Datadog context #8706
- iroh-async logging & tracing context #8705
- Socket timeout milliseconds (not seconds) #8690
- Risk Score socket-timeout #8687
- Threat Hunt Module Exclusion #8646
- Remove dead code #8626
- Incident Summary migration re-run #8597
- Notification request uses paginated user search #8606
between 6 month and 7 month old
tenzin-config [8]
- Exclude CTIA modules from threat hunt execution #1122
- Add iroh-async client-id to rate unlimited list #1053
- Increase conn-manager thread count after PROD performance monitoring #1042
- Increase thread pool size for EU private intel conn mgr #1039
- Increase connection mgr thread pool for NAM/EU/TEST #1030
- Increase thread pool size for engine connection manager #1012
- Config for skipping Private Intel during investigation threat hunt #1009
- Rerun incident summary migration and update ES index #1001
Guillaume Erétéo [55]
ctia [11]
- remove ES5 support #1419
- Optimize lucene searches #1420
- bump ctim / remove status disposition #1417
- ctim 1.3.15 #1415
- silent this too noisy log #1414
- ctim-1.3.14 #1413
- remove un-store #1410
- fix wait_for for delete search #1399
- incident meta #1391
- Incident status disposition #1389
between 6 month and 7 month old
- Update CODEOWNERS #1387
iroh [41]
- Dump events with dump metrics script #9180
- Sca clean phase 2 #9176
- add backup clusters for delete #9173
- Scripts for SCA issue cleaning #9161
- simplify sorting in telemetry reports #9144
- Add logs to better monitor reports #9142
- Report service: consider missing user/org ids #9134
- filter ids on search #9130
- Generate statistics about modules #9108
- Refactor iops report generation #9099
- bump ctim / remove status disposition #9114
- fix flaky ES test: wait some more #9089
- telemetry report: fix search iteration for batch size 10000 #9082
- reduce logs by adding user-scopes #9078
- tk store: update ES index state #8664
- Add admin maintenance route to load MITRE stix #8967
- ctim 1.3.15 #9068
- limit walk entities to the necessary exports #9039
- ctim 1.3.14 #9016
- Dump ES metrics telemetry events #8999
- script to clean SE false positive incidents and sightings #8846
- MITRE Matrix: dynamic components design #8973
- fix Talos threat hunt #8969
- update the design of static MITRE matrix rendering #8949
- replace lazyseq by iteration in reports #8957
- For Jeetu by G2 #8920
- Some more incident stats #8861
- import mitre matrix backbone #8899
- Mitre coverage static matrix #8882
- add created and modified to IROH CTIM entities #8810
- bundle import activity diagrams #8708
- scoring at bundle import #8694
- Meta incident field #8617
- entitlement-enforcement-jobs-service in default #8612
- incident status_disposition #8587
between 6 month and 7 month old
Ambrose Bonnaire-Sergeant [43]
ctia [15]
- Bump ring-swagger with proof of memory leak fix #1423
- Clojure 1.11.1 -> 1.11.2 #1416
- Revert patch bundle commits #1411
- Fix 2XX response swagger/coercion, ban
:return
#1407 - Remove asset properties/mapping merging during bundle patch #1408
- Fix :body descriptions #1409
- Fix POST /bulk schema checking #1406
- Use prn instead of pprint for logs #1401
- Eval routes and options given to
context
at initialization time #1394 - Use
st/merge
to merge schemas instead ofinto
#1398 - Never match existing asset-* entities when patch-existing=false #1395
- Re-enable incident tests #1393
- Add external_ids to investigation select fields #1392
between 6 month and 7 month old
iroh [24]
- Bump ring-swagger and prove it fixes the memory leak #9244
- Fix typo in debug log #9228
- Debug logs to investigate person assets not being imported #9227
- Update status endpoint to keep conure updated #9209
- Update test for new carmine non-FIFO queues:
queue-status-report-test
#9103 - Make generated tk meta easier to review using pprint #8805
- Restrict possible values for updated asset properties #9022
- Don't forward response headers from CTIA to IROH #9014
- Only subscribe incidents with supported observables #9000
- Fix flaky test #9001
- Redis: Set NX / XX #8970
- Bulk asset update + rescoring route #8963
- Fix logf call #8925
- Fix incident subscription args, and only subscribe incident if observables/identities are non-empty #8921
- Fix DI subscription URL #8914
- Revert patch bundle commits #8903
- Fix swagger description #8905
- Asset properties update and incident rescoring route #8843
- Rescoring task #8869
- Generate valid DI auth tokens for incident subscriptions #8804
- Fix
(reset)
#8799 - Subscribe to incident asset rescoring via DI #8699
- Only pass default patch-existing query params in bundle/import proxy if patch-existing=true #8725
between 6 month and 7 month old
- Enable entity patching in POST /private-intel/bundle/import #8492
integrations
Matthieu Sprunck [22]
iroh [18]
- Rename automation_workflow_disabled to automation_workflow_definition #9196
- Revert "Update the json appender to rename the output level key (#9187)" #9191
- Change Incident Assignment Notification wording #9189
- Add title and link to the incident in the incident assignment notification #9188
- Add a log when an unexpected status is returned from KafkaConnect #9153
- IROH Proxy: Correct handling for path with spaces (%20) #9149
- Build notification type name from notification type #9140
- JMX metrics for clj-http connection manager #8765
- Always decompress the body when status is not 2xx #8527
- Restore default expiration (24h) for the local session token #8747
- Workflow event schema changes #8656
- IROH Proxy: remove headers set by the reverse proxy #8655
- More log context to investigate #8638 #8654
- Add logging info to investigate #8638 #8653
- StackOverflowError temporary fix #8607
between 6 month and 7 month old
Kirill Chernyshov [46]
iroh [39]
- Draft design #9201
- Format redirect url for email notification #9211
- Use static string 'Cisco' as a subtitle #9210
- Coerce incoming notification before email format #9204
- [REFACTORING] Standardize trapperkeeper usage #9177
- Use
notify!
to create notification via API call #9162 - Fix copyright notice in email template #9159
- Add simple template for notification email #9150
- Allow nil as a correlation id #9143
- Fix for EventService initialization #9141
- Respect user notification preferences #9133
- Add default config for NotificationInDelivery #9128
- 8938 e8811 process email notification delivery #9127
- Fix config key #9115
- Fix dev config for NotificationInDeliveryService #9113
- On recieving NotificationRequest notify users according to their preference #9087
- Upgrade clojure 1.11.1 -> 1.11.2 #9072
- Remove maintenance notification type #9069
- 8933 e8811 create notificationindeliveryservice persistence only #9025
- "In App" -> "In-App" #9020
- Add correct :name and :description to notification type meta #9012
- NotificationPreference API real endpoint #8995
- NotificationPreference Service #8982
- Fixes for notification endpoint #8964
- Add notification preference api endpoints #8947
- Initial draft design of notifications delivery #8844
- Refactor data streams service #8793
- DRY'ed out client-creds-token namespace #8783
- Kafka connect monitoring #8278
- Handle undelivered records #8634
- Events data retention enforcement job #8722
- Iroh events data retention implementation #8666
- Iroh events postgres data retention #8693
- Use timbre for logging #8651
- Add draft design for IROH Events data retention #8585
between 6 month and 7 month old
tenzin-config [7]
- Add KafkaProducerService to all envs #1107
- Add email kafka consumer to all envs #1106
- Enable kafka consumer for email notifications #1099
- Add new kafka topics for IROH notifications #1070
- Add ES sink connector v2 to test full migration #1035
- Fix broken data stream on TEST #1034
- Config for DataStreams service #1033
Shafiq [31]
iroh [28]
- Design Automation-Remote target for iroh-proxy #9190
- Trim whitespace when interpolating pipe transforms #9121
- Support for GoogleAPI Authorization #9106
- Refactor proxy health check #9066
- Data retention cleanup of notification services #9064
- Apply data retention policy on iroh-notifications #9054
- Add
:remote
type in configuration spec fields #9046 - Refactor proxy-health-check #9033
- Update proxy-health-check logging #9028
- Update proxy health check logging #9024
- Perform relay-api request based on observable-types #9017
- Add selection of settings for configuration-token auth #9007
- Support for dedicated url setting for iroh-proxy requests #8998
- Route for patching module-type documentation #8981
- Add filtering of notifications using multiple statuses #8974
- Support for transforming interpolated strings. #8945
- Construct token url from base-url setting #8923
- [IROH Proxy] Support for Rubrik and Commvault API services #8902
- [iroh-proxy] Include POST method for proxy health check #8878
- Update relay-module schemas for Checkpoint auth #8875
- [iroh-proxy] Implement Checkpoint Smart-1 authentication #8873
- Fix schema of proxy health check #8827
- Add string matching for health check #8815
- Fallback to iroh-events store when kafka send fails #8786
- Fix mapping for incident events #8703
between 6 month and 7 month old
auth
bartuka [71]
iroh [52]
- add
:content-type :json
explicitly to clj-http #9090 - Brownfield Provisioning - make the
region
field available for TEST purposes only #9079 - Improve logs for Brownfield provisioning #9076
- [IROH Auth] update QA routes for Universal Provisioning flow #9053
- [IROH Auth] Fix access token brownfield provisioning #9049
- [IROH Auth] bugfix - accept empty string as entitlement value for universal provisioning #9021
- [IROH Auth] FMC add re-token proxy request #9011
- [IROH Auth] fix FMC redirect call to
/device
#8987 - [IROH Auth] fix device verification redirection #8979
- fix proxy requests to FMC #8972
- [IROH Auth] FMC OAuth2 and SSE proxies #8840
- [IROH Auth] Improvements to universal provisioning callback #8913
- [IROH Auth] bugfix #4: add
:content-type :json
to callback request #8909 - [IROH Auth] fix payload sent to PIAM callback_url after provisioning was complete #8900
- [IROH Auth] bugfix Universal Provisioning created schema error #8892
- [IROH Auth] bugfix parsing OKTA JWT scopes #8880
- [IROH Auth] Brownfield provisioning - endpoint to attach existing tenant to a SBG product #8806
- [IROH Auth] Support FMC in the
jwks
service #8830 - [IROH Auth] Fix DI onboarding in Universal Provisioning Flow #8813
- Revert "[IROH Auth] support for FMC token in JWKS Service" #8816
- [IROH Auth] support for FMC token in JWKS Service #8808
- [IROH Auth] Check QA
callback_url
to complete provisioning tests #8763 - [IROH Auth] better swagger descriptions for Universal Provisioning #8752
- [IROH Auth] remove empty strings from
client-id
got from Vault #8760 - [IROH Auth] add missing scope to get OKTA JWT #8759
- [IROH Auth] add logs to investigate get okta jwt #8758
- [IROH Auth] bugfix -
client/post
should use:form-params
instead of:body
#8753 - [IROH Auth] bugfixes - arity exception, change
product-response
datatype, changepmap
tomap
#8738 - [IROH Auth] bugfix - fix urls in
POST /tenants
returned value and payload field names #8733 - [IROH Auth] Cache OKTA JWT used for provisioning callback #8727
- [IROH Auth] Improvements on logs and error handling to UniversalProvisioning and JWKSService #8707
- [IROH Auth] Duplicate
universal-provisioning
web routes to accept IROH JWTs #8675 - [IROH Auth] Expose
callbacks packages
store to check Universal Provisioning status #8702 - [IROH Auth] Improve 202 Accepted response for
/universal-provisioning/create-tenants
#8701 - [IROH Auth] Fix name convention to callbacks route in Universal Provisioning flow #8691
- [IROH Auth] Gen OKTA JWT to callback request in Universal Provisioning flow #8673
- bugfix - missing
UniversalProvisioningCallbackService
to deploy IROH nodes #8680 - [IROH Auth] Check pending provisions from time-to-time. Endpoint that will be called by OPS tick #8674
- [IROH Auth] Add callback handler to receive provisioning status from downstream apps #8633
- [IROH Auth] Add support to UserIdentity JWTs in
JWKSService
#8647 - [IROH Auth] Bugfix in JWKSService logic #8659
- [IROH Auth] update docs for Universal Provisioning work #8640
- [IROH Auth] Simplify IROH Web Core by leveraging
JWKSService
for all webservices #8632 - [IROH Auth] Add structure to keep track of onboardings to support async flow in Universal Provisioning #8599
between 6 month and 7 month old
- [IROH Auth] Add support to accept IROH Auth JWTs and External JWTs in a WebService #8528
- [IROH Auth] bump
ring-jwt-middleware
to1.1.5
#8568 - [IROH Auth] check entitlements schema in universal piam flow #8560
- [IROH Auth] fix check of
allowed-origins
forregistration_redirect
query param #8559 - [IROH Auth] move
oauth2-jwkset
tojwks-svc
#8534 - [IROH Auth] - Expose
universal-provisioning-web-service
#8499 - [IROH Auth] move
is-trusted-clients?
toOAuth2ClientService
#8502 - [IROH Auth] add
UniversalProvisioningService
#8459
ring-jwt-middleware [11]
between 6 month and 7 month old
- add test case
- update readme
- fix schema
- log the full jwt when error
- use the default value
- fix tests by adding
post-jwt-format-fn-arg-fn
to config and schema - fix all tests by changing the output of
decode
- Merge pull request #28 from threatgrid/pubkey-fn-arg-fn
- fix config_test
- add test case
- initial commit
tenzin-config [8]
- add fmc client id for each env #1065
- fix url for device verification #1058
- Add FMC Proxy configuration #1056
- fix okta links #1043
- FMC base-urls to configure JWKS #1040
- [IROH Auth] bugfix - add config to okta jwks #1017
- [IROH Auth] add OKTA config for Universal Provisioning flow #1010 #1013
- add universal_provisioning_callbacks store #1011
Yann Esposito [130]
iroh [55]
- improve Client credentials error message to help debug #9213
- Attempt to provide a body to the onboarding with mustache #9151
- provisioning API for Org apps #9195
- Revert "add admin-ui to the gh-pages (#9222)" #9223
- add admin-ui to the gh-pages #9222
- Add sc-enabled? flag to profile API views #9192
- [PIAM Brownfield Provisioning]: Provide a way to update link tenants #9186
- Add apps field to Orgs #9175
- improve response when PIAM returns an error #9183
- fix flaky test invite-test paging #9182
- Support aero configurations #9170
- Fix invites pagination #9138
- Support FMC returning Bearer instead of bearer #9126
- composable jwks test helper #9120
- Sync user-name during SCSO login #9117
- Another IPv6 in URL fix #9084
- Support IPv6 in URL for inspect service #9083
- Update of the login doc #9067
- optimize search user given a list of ids #9018
- Fix link tenant bug #8975
- Upgrade Org to XDR on first entitlement update. #8881
- [IROH-Auth]: Auth Code Grant Client that do not generate any refresh token #8927
- Specialize TAC routes access #8884
- Remove legacy restriction of AO scopes #8890
- Update deps to accept JWT without nbf claim #8872
- New endpoint to ease impersonation usage #8855
- Fix PIAM Universal Provisioning routes #8828
- Should fix open impersonate flaky test #8809
- Keep track of impersonators #8736
- Restrict TAC routes to admins #8794
- Remove with-tk #8779
- Code/Test Improvements #8767
- add a test for matching schema #8770
- Custom Role Design doc #8497
- Attempt to improve error message of match? #8769
- Use
cid
fortrace_id
when present #8754 - Support public client for custom routes #8749
- Add playbook scope #8739
- Fix webhook race condition risk #8728
- Call get-org only once for org-virtual user #8724
- Use a cache for entitlement summaries #8667
- upgrade jetty version #8714
- Remove a forgotten pretty printer #8713
- Fast Event Notifier dispatch using event-type #8650
- Fix DI onboarding #8657
between 6 month and 7 month old
- Generalize default indexes for data retention #8598
- [Data Retention Policy]: Delete incident summaries along incident #8576
- [Provisioning] Introduce
product-instance-id
#8577 - Simply wait a lot more for ES to sync #8553
- Quick fix on the IROH login page #8564
- Prevent org duplication during provisioning #8556
- Declared scopes tree #8537
- Improve constraints against Entitlements #8525
- Fix admin route to support combinators #8377
- Data Retention endpoint returns immediately #8486
iroh-scripts [43]
- fix a bug with trust client
- fix resend-invite
- script to remove flags
- fix a bug in create-super-org
- relink scc script
- prevent id collision
- cleaned-up get-org response
- Added add-flag script here
- CSE client and better patch
- resend-invite
- add SXP riles prod clients
- improve client manipulations
- Updated scripts
- use include
- use local clojure
- Added a better alias for sxo clients
- SXO rules
- added ai client with script
- Fix
- A few new scripts
- Super client should be part of XDR orgs
- Super org should have the XDR flag
- Add admin user
- updated and added scripts
- save and improve client aliases
- save improvements
- create dashboard clients
- Support client aliases in get-client
- Update client with client-aliases
- many new scripts
- added a 1-time script
- Add trusted to get-client
- Improve search and error messages
- Prepare TG to SCSO org migration
between 6 month and 7 month old
- add scope to a client
- Help support cider
- add admin to org
- Improved descriptions
- promote-to-master script
- Fix and small improvements
- Improve robustness
- Scripts for admin
- client-pass
oauth2-client-demo [3]
- pin packages
- reuse authorized url
- added Meraki client to the list
ring-jwt-middleware [7]
- Version 1.1.7-SNAPSHOT
- Version 1.1.6
- Support missing nbf JWT #30
between 6 month and 7 month old
- Version 1.1.6-SNAPSHOT
- Version 1.1.5
- v1.1.5-SNAPSHOT
- Version 1.1.4
scopula [6]
- Version 0.3.3-SNAPSHOT
- Version 0.3.2
- real cljs support
- Version 0.3.2-SNAPSHOT
- Version 0.3.1
- support cljs
tenzin-config [12]
- add iroh gh-pages to allowed login origin #1123
- New SCA env for TEST/STAGING #1114
- configure automatio rules clients to not be rate limited #1111
- interpolation improvements #1112
- Add support for interpolation and self ref #1110
- Remove rate-limit for another SXO client on INT #1087
- Disable rate-limit SXO client for rules #1084
- Double threads dedicated for VirusTotal http calls #1051
- fix vault tpl transformations and checks #1041
- Remove rate-limit for automation #1044
- Check vault templating error #1023
- Add Universal Provisioning Services #1015
xdr-provisioning [4]
- improved re-onboarding script
- use local clojure
- Manage entitlements add-ons
- add a re-provisioning script that rerun onboardings
Olivier Barbeau [50]
iroh [34]
- Add number of incidents to each technique in the Mitre matrix #9157
- Fix events and incidents ES stores for DEV #9154
- E8851: XDR Native & detections #9122
- E8851: Design of changes for XDR native detections #9110
- E8851: Product ordering in the coverage of techniques #9100
- E8851: Product ordering and SCA renaming #9086
- E8851: Add Org's integrations to the Mitre matrix #8993
- E8851: Sorting of Mitre elements #8992
- E8851: Static matrix common to all Orgs #8939
- E8851: Talos MITRE coverage files import #8876
- Design of the Talos MITRE coverage files import #8856
- 'iroh' node type and default services for all node types #8817
- Check the list of services for a node type #8800
- Fix merge error on PR 8784 #8797
- [IROH configuration]: Move role-web-service config to default tk files #8782
- [IROH configuration]: Universal Provisioning Services config refactor #8784
- [IROH configuration]: explicit name for generated conf and meta #8785
- Clean bootstrap.cfg; remove tmp file #8781
- Add few additional tests to iroh services #8762
- rewrite tests #8773
- more info for debugging #8717
- [IROH configuration]: general documentation #8764
- update developer doc for api-gateway #8723
- Some test clean-up #8716
- High volume of SQL queries for a single observe/deliberate call #8682
- Remove the state of module instances in
obfuscate-module-instance
#8670 - E8388: update proxy-endpoints-metadata endpoint and metadata #8663
- E8388: update x-proxy endpoint and IntService ACL filters #8608
- E8388 : Simplifies upgrade/downgrade tests #8635
- Implement
Module Instance service
event handler #8592 - Updates to the design 'entitlement changes for integration modules' #8541
between 6 month and 7 month old
tenzin-config [16]
- add XDR native module types for PROD #1115
- add SCA module-type-id for XDR Native on TEST [temp UI fix] #1109
- add SCA module-type-id for XDR Native [temp UI fix] #1108
- Mitre: Add detections for XDR Native #1098
- product ordering and SCA renaming #1079
- Config for Mitre covering products #1072
- Deep merge for vectors and sets with duplicates check #1032
- Reduce configuration duplicates - config.edn part #1031
- Reduce configuration duplicates - bootstrap.cfg part #1028
- Move role-web-service config to IROH #1026
- Move Universal Provisioning Services config to IROH #1027
- Clean bootstrap cfg #1025
- Remove the
:registration
flag in all environments #963 - Remove the
:merge-users-by-email
flag in all environments #962 - Remove the
:account-activation-optim
flag in all environments as it is now activated everywhere. #961 - Remove the
xdr-roles
flag in all environments #964
(Yogsototh) [62]
iroh-scripts [43]
- fix a bug with trust client
- fix resend-invite
- script to remove flags
- fix a bug in create-super-org
- relink scc script
- prevent id collision
- cleaned-up get-org response
- Added add-flag script here
- CSE client and better patch
- resend-invite
- add SXP riles prod clients
- improve client manipulations
- Updated scripts
- use include
- use local clojure
- Added a better alias for sxo clients
- SXO rules
- added ai client with script
- Fix
- A few new scripts
- Super client should be part of XDR orgs
- Super org should have the XDR flag
- Add admin user
- updated and added scripts
- save and improve client aliases
- save improvements
- create dashboard clients
- Support client aliases in get-client
- Update client with client-aliases
- many new scripts
- added a 1-time script
- Add trusted to get-client
- Improve search and error messages
- Prepare TG to SCSO org migration
between 6 month and 7 month old
- add scope to a client
- Help support cider
- add admin to org
- Improved descriptions
- promote-to-master script
- Fix and small improvements
- Improve robustness
- Scripts for admin
- client-pass
oauth2-client-demo [3]
- pin packages
- reuse authorized url
- added Meraki client to the list
ring-jwt-middleware [6]
- Version 1.1.7-SNAPSHOT
- Version 1.1.6
between 6 month and 7 month old
- Version 1.1.6-SNAPSHOT
- Version 1.1.5
- v1.1.5-SNAPSHOT
- Version 1.1.4
scopula [6]
- Version 0.3.3-SNAPSHOT
- Version 0.3.2
- real cljs support
- Version 0.3.2-SNAPSHOT
- Version 0.3.1
- support cljs
xdr-provisioning [4]
- improved re-onboarding script
- use local clojure
- Manage entitlements add-ons
- add a re-provisioning script that rerun onboardings
iroh-ops
Jerome Schneider [1]
tenzin-config [1]
- IROH migrate to new MSK SASL/SCRAM cluster!
Patrick Patat [1]
tenzin-config [1]
- refactor ops config with new ref system #1113
Other
Other
Robert Levy [7]
iroh [6]
- Inherit properties from type in hierarchical modules #9042
- Format hierarchical modules invalid-parent-id error with context and error type #8901
- Update hardcoded source in Secure Endpoint module #8874
- Expose pagination & search functionality in notifications api #8803
- Fix bug in hierarchical module logic producing empty settings/settings_effective map #8745
- Issue 8158 hierarchical module #8469
tenzin-config [1]
- Revert "Adds cache configuration for CrowdStrike (#1002)" #1005
Eric Gierach [5]
II [20]
iroh [16]
- Keeps Kondo from being run on dev start #9220
- Xdr 1282 Adds new Umbrella service to default services #9214
- Xdr 1282 add v 2 token cache to umbrella integration #9208
- XDR-1411 Fixes inconsistent v1 v2 refer #9197
- 9074 remove settings effective #9075
- 8990 umbrella investigate v2 #9030
- 8958 Adds Missing Umbrella v2 Sightings #8960
- 8498 fix token cache #8911
- 8798 create migration to add parents to existing microsoft defender modules #8870
- Throws exception in parent validation on non-existent parent #8850
- Merges module type props on create and update health check #8845
- Implements v2 threat hunting #8833
- This should fix issue with parent settings not used on create-patch #8822
- Adds insights scope to allowed Automation scopes in gen-ao-jwt #8678
- 8496 token cache fix #8637
between 6 month and 7 month old
- 8496 - relay module token cache #8580
Devin Walters [9]
tenzin-config [9]
- Configure s3-http-client connection pool size for PROD environments #1105
- Turn on reporting pipeline in TEST #1097
- Up hikari pool size in INT for conure #1095
- Configure incident import bucket per PROD env for iroh and iroh-async #1092
- Configure incident pipeline #1091
- Fix bucket name #1083
- Match s3 bucket key #1082
- Add INT and TEST enrichment bucket names to relevant configs #1057
between 6 month and 7 month old
- Add port 443 to ctia base urls #996
Mia [5]
Martin Bruchanov [1]
tenzin-config [1]
- XDRSRE-64: Authentication for public CTIA in INT #1081
James Moser [1]
tenzin-config [1]
- added QA domain to idps email domain whitelists #1085
[20]
iroh [16]
- Keeps Kondo from being run on dev start #9220
- Xdr 1282 Adds new Umbrella service to default services #9214
- Xdr 1282 add v 2 token cache to umbrella integration #9208
- XDR-1411 Fixes inconsistent v1 v2 refer #9197
- 9074 remove settings effective #9075
- 8990 umbrella investigate v2 #9030
- 8958 Adds Missing Umbrella v2 Sightings #8960
- 8498 fix token cache #8911
- 8798 create migration to add parents to existing microsoft defender modules #8870
- Throws exception in parent validation on non-existent parent #8850
- Merges module type props on create and update health check #8845
- Implements v2 threat hunting #8833
- This should fix issue with parent settings not used on create-patch #8822
- Adds insights scope to allowed Automation scopes in gen-ao-jwt #8678
- 8496 token cache fix #8637
between 6 month and 7 month old
- 8496 - relay module token cache #8580
Martin Bruchanov [1]
iroh [1]
- XDR-1344: Final version of deletion script used for PROD change #9174
Ruslan Yemelianov [2]
tenzin-config [2]
- Revert "enable ES auth private-ctia INT"
- enable ES auth private-ctia INT
Andrew Parisi [2]
Scott McLeod [7]
iroh [6]
tenzin-config [1]
- Increase ReportService batch size to ES maximum #1055
Sam Waggoner [1]
tenzin-config [1]
- hydrant/912 add clean hashes importer.
t2sw [2]
Jerome Schneider [1]
iroh [1]
- Upgrade PostgreSQL to 12.15 #8618
Brooke Swanson [24]
iroh [8]
- Maintain behavior for existing events, but also notify s3 if an incid… #9172
- XDR-1769: bump CTIM to 1.3.17. #9226
- Reformat bucket path #9102
- Save to s3 on bundle import. #8977
- Replace CTIA Crud with Conure Calls #8924
- Limit risk score #8906
- Set Limits around observe targets call #8910
- Add no-doc true and prevent explosion due to mismatched types. #8548
tenzin-config [14]
- Failure to configure correct url. #1100
- These were flipped in TEST and we would like to test reports. #1094
- One more time see if the report tab will work. #1088
- Toggle report feature until Infrastructure is stable. #1086
- update config. #1080
- Report in test. #1076
- conure -> base-url. #1073
- Temporary flip this to not spam logs. #1069
- Output buckets. #1068
- Distributor and Conure configs. #1067
- Add base-url for incident export (and incident report). #1064
- Add playbook to conure configs. #1060
- Add ouath2 config for all regions. #1020
- Playbook automation config. #1037
Yurii Ivanisenko [1]
tenzin-config [1]
- tactical-portal moved to vercel #1022
James Brock [1]
easy-purescript-nix [1]
- purs: 0.15.10 -> 0.15.15