831 lines
31 KiB
Org Mode
831 lines
31 KiB
Org Mode
* 2021
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W03.org][2021-W03]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W04.org][2021-W04]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W05.org][2021-W05]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W06.org][2021-W06]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W07.org][2021-W07]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W08.org][2021-W08]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W09.org][2021-W09]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W10.org][2021-W10]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W11.org][2021-W11]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W12.org][2021-W12]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W13.org][2021-W13]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W14.org][2021-W14]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W15.org][2021-W15]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W16.org][2021-W16]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W17.org][2021-W17]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W18.org][2021-W18]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W19.org][2021-W19]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W20.org][2021-W20]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W21.org][2021-W21]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W22.org][2021-W22]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W23.org][2021-W23]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W24.org][2021-W24]]
|
||
** [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/2021-W25.org][2021-W25]]
|
||
** 2021-W33
|
||
#+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work"
|
||
#+CAPTION: Clock summary at [2021-08-19 Thu 11:04]
|
||
| Timestamp | Tags | Headline | Time | | | |
|
||
|------------------------+------------+----------------------------------------------+------+------+------+------|
|
||
| | | *Total time* | *4:40* | | | |
|
||
|------------------------+------------+----------------------------------------------+------+------+------+------|
|
||
| <2021-08-16 Mon> | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-W33][2021-W33]] | | 4:40 | | |
|
||
| | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-08-16 Monday][2021-08-16 Monday]] | | | 1:52 | |
|
||
| [2021-08-16 Mon 15:11] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Fix Carlos Hidalgo account][Fix Carlos Hidalgo account]] | | | | 0:20 |
|
||
| <2021-08-16 Mon> | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*create an issue about email search case sensitivity][create an issue about email...]] | | | | 1:32 |
|
||
| | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-08-17 Tuesday][2021-08-17 Tuesday]] | | | 2:48 | |
|
||
| <2021-08-18 Wed> | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Add scope to TG clients][Add scope to TG clients]] | | | | 0:38 |
|
||
| <2021-08-17 Tue> | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Write an issue about 1-click module setup][Write an issue about 1-click...]] | | | | 2:03 |
|
||
| [2021-08-17 Tue 15:44] | work, chat | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Jyoti about CDO 1-click module setup][Jyoti about CDO 1-click module setup]] | | | | 0:07 |
|
||
#+END:
|
||
|
||
#+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work"
|
||
#+CAPTION: Clock summary at [2021-08-17 Tue 15:45]
|
||
| Timestamp | Tags | Headline | Time | | | |
|
||
|------------------------+------+----------------------------------------+------+------+------+------|
|
||
| | | *Total time* | *1:52* | | | |
|
||
|------------------------+------+----------------------------------------+------+------+------+------|
|
||
| | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-W33][2021-W33]] | | 1:52 | | |
|
||
| | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-08-16 Monday][2021-08-16 Monday]] | | | 1:52 | |
|
||
| [2021-08-16 Mon 15:11] | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Fix Carlos Hidalgo account][Fix Carlos Hidalgo account]] | | | | 0:20 |
|
||
| <2021-08-16 Mon> | work | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*create an issue about email search case sensitivity][create an issue about email...]] | | | | 1:32 |
|
||
#+END:
|
||
|
||
*** 2021-08-16 Monday
|
||
**** DONE Fix Carlos Hidalgo account :work:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-08-16 Mon 15:11]--[2021-08-16 Mon 15:31] => 0:20
|
||
:END:
|
||
[2021-08-16 Mon 15:11]
|
||
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*create an issue about email search case sensitivity][create an issue about email search case sensitivity]]
|
||
**** DONE create an issue about email search case sensitivity :work:
|
||
SCHEDULED: <2021-08-16 Mon>
|
||
:LOGBOOK:
|
||
CLOCK: [2021-08-17 Tue 14:16]--[2021-08-17 Tue 15:44] => 1:28
|
||
CLOCK: [2021-08-16 Mon 15:03]--[2021-08-16 Mon 15:07] => 0:04
|
||
:END:
|
||
[2021-08-16 Mon 15:03]
|
||
- ref :: https://github.com/threatgrid/response/issues/818
|
||
|
||
***** Fix email case sensitivity
|
||
|
||
> Related https://github.com/threatgrid/response/issues/818
|
||
|
||
We often need to search by email. The main issue being that, currently our
|
||
search mechanism does not support case insensitive matches.
|
||
|
||
We have 4 possible solutions:
|
||
|
||
1. Lower case the user email at creation. We need to also update the user
|
||
emails in our DB. The safest route to achieve this will be via the
|
||
iroh-migration service.
|
||
2. Keep the email case sensitive and add a new case insensitive field =lc-user-email=
|
||
for example. But same as for case 1, we need to perform a DB migration to
|
||
add this new field to all existing user in DB.
|
||
3. Add support for case insensitive search in tk-store, perhaps with a new
|
||
tk-store service, or improving current =CRUDStoreService.=
|
||
4. Add a specific service just for search user emails that could take care
|
||
of this specific case by using a Postgres specific query. This could
|
||
also be the occasion to provide a tk-store hole in the abstraction service.
|
||
|
||
The simplest is probably option 1.
|
||
Option 2 would be slightly more complex and we would not lose any detail.
|
||
Option 3 seems the most generic one, and we could totally imagine we would
|
||
appreciate a case insensitive search support.
|
||
Option 4 looks like a specific case of 3.
|
||
|
||
My preference then goes to option 3, but we need to understand if this is
|
||
not too difficult to achieve, what would be the API? The most natural one
|
||
would probably add an option along =filter-map= like =case-insensitive-fields=.
|
||
One issue would be to write the support for case insensitive match for =atom=
|
||
and =redis=.
|
||
|
||
|
||
**** TODO Interview Steven Collins
|
||
:LOGBOOK:
|
||
CLOCK: [2021-08-16 Mon 15:49]--[2021-08-16 Mon 19:04] => 3:15
|
||
:END:
|
||
|
||
*** 2021-08-17 Tuesday
|
||
**** DONE Add scope to TG clients :work:
|
||
DEADLINE: <2021-08-18 Wed>
|
||
:LOGBOOK:
|
||
CLOCK: [2021-08-17 Tue 17:54]--[2021-08-17 Tue 18:32] => 0:38
|
||
:END:
|
||
[2021-08-17 Tue 17:54]
|
||
|
||
In tenzin config:
|
||
|
||
#+begin_src
|
||
- INT: 34d94c8c-2041-4708-8172-ebe2df295ca7-2
|
||
- TEST: f993f6a0-8075-43e0-a9e5-dae9c3980513
|
||
- NAM: 7b8d9fef-bd93-4ef3-88af-ae4174ee02e5
|
||
- EU: a1662193-9155-44fd-aa1f-43afd42c889c
|
||
#+end_src
|
||
**** DONE Write an issue about 1-click module setup :work:
|
||
SCHEDULED: <2021-08-17 Tue>
|
||
:LOGBOOK:
|
||
CLOCK: [2021-08-17 Tue 15:51]--[2021-08-17 Tue 17:54] => 2:03
|
||
:END:
|
||
[2021-08-17 Tue 15:51]
|
||
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/Cisco.org.gpg::*Activation Optimization][Activation Optimization]]
|
||
**** CHAT Jyoti about CDO 1-click module setup :work:chat:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-08-17 Tue 15:44]--[2021-08-17 Tue 15:51] => 0:07
|
||
:END:
|
||
[2021-08-17 Tue 15:44]
|
||
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/Cisco.org.gpg::*Epics][Epics]]
|
||
|
||
*** 2021-08-19 Thursday
|
||
#+BEGIN: clocktable :scope subtree :maxlevel 4 :timestamp t :link t :tags t :narrow 36! :match "work"
|
||
#+CAPTION: Clock summary at [2021-08-19 Thu 17:43]
|
||
| Timestamp | Tags | Headline | Time | | | |
|
||
|------------------------+---------------+-----------------------------------+------+---+------+------|
|
||
| | | *Total time* | *1:39* | | | |
|
||
|------------------------+---------------+-----------------------------------+------+---+------+------|
|
||
| | | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*2021-08-19 Thursday][2021-08-19 Thursday]] | | | 1:39 | |
|
||
| [2021-08-19 Thu 16:04] | work, meeting | \_ [[file:/Users/esposito/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Interview Olivier Barbeau][Interview Olivier Barbeau]] | | | | 1:39 |
|
||
#+END:
|
||
|
||
**** MEETING Interview Olivier Barbeau :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-08-19 Thu 16:04]--[2021-08-19 Thu 17:43] => 1:39
|
||
:END:
|
||
[2021-08-19 Thu 16:04]
|
||
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/Cisco.org.gpg::*Self Presentation][Self Presentation]]
|
||
|
||
** 2021-W35
|
||
|
||
*** 2021-09-02 Thursday
|
||
**** MEETING Weekly meeting :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-09-02 Thu 17:06]--[2021-09-02 Thu 20:00] => 2:54
|
||
:END:
|
||
[2021-09-02 Thu 17:06]
|
||
|
||
Guillaume start about the *Design Planning* github project.
|
||
|
||
- SecureX session
|
||
- High Impact Incident
|
||
|
||
Sorry
|
||
|
||
** 2021-W36
|
||
|
||
*** 2021-09-08 Wednesday
|
||
**** MEETING 1-click module setup weekly meeting :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-09-08 Wed 17:30]--[2021-09-08 Wed 18:22] => 0:52
|
||
:END:
|
||
[2021-09-08 Wed 17:30]
|
||
- ref :: https://miro.com/app/board/o9J_l57_gro=/
|
||
|
||
Miro dashboard from Chloe:
|
||
|
||
https://miro.com/app/board/o9J_l57_gro=/
|
||
|
||
|
||
Discussion:
|
||
|
||
When to TEST, tomorrow.
|
||
Asking for client_id in TEST.
|
||
|
||
|
||
Client-id: client-555c1f7a-b57b-4a6b-9f0b-015e311a6d06
|
||
|
||
*** 2021-09-09 Thursday
|
||
**** MEETING Interview: Florin Braghis :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-09-09 Thu 15:49]--[2021-09-09 Thu 18:45] => 2:56
|
||
:END:
|
||
[2021-09-09 Thu 15:49]
|
||
|
||
** 2021-W37
|
||
|
||
*** 2021-09-14 Tuesday
|
||
**** IN-PROGRESS Device Grant :work:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-09-14 Tue 19:31]--[2021-09-14 Tue 20:35] => 1:04
|
||
:END:
|
||
[2021-09-14 Tue 19:31]
|
||
- ref ::
|
||
|
||
*** 2021-09-16 Thursday
|
||
**** MEETING Team weekly :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-09-16 Thu 17:25]--[2021-09-17 Fri 14:32] => 21:07
|
||
:END:
|
||
[2021-09-16 Thu 17:25]
|
||
|
||
Ambrose, Irina, Guillaume, Matt, Yann
|
||
|
||
TO MENTION: Device Grant with FMC => Public clients
|
||
|
||
***** Incident discussion
|
||
|
||
*** 2021-09-17 Friday
|
||
**** MEETING Presenting the projects :work:meeting:
|
||
[2021-09-17 Fri 14:32]
|
||
- ref :: https://github.com/advthreat/iroh/projects
|
||
.
|
||
|
||
***** Pres
|
||
|
||
****** General
|
||
|
||
******* Project Organization
|
||
|
||
Every project has an owner (main point of contact for the FT)
|
||
Now only leads, but could be anyone in the future.
|
||
|
||
****** [Design] Shared IROH Auth Session
|
||
|
||
Goal of this Project which is not an official FT is to reflect and write
|
||
proposals to reach the feeling of a shared session across all Cisco
|
||
Security products via SecureX.
|
||
|
||
+ solution using cookies
|
||
+ solution using Open ID Connect
|
||
.
|
||
****** [Design] High Impact Incident
|
||
|
||
/Guillaume Ereteo/ made an awesome work to provide multiple proposals to be
|
||
able to deliver the feature as fast as possible.
|
||
|
||
1. filter on source (only AMP)
|
||
2. Add severity on incident model
|
||
3. Incident with high impact via an IROH route: https://github.com/advthreat/iroh/issues/5710
|
||
+ needs the proxy from Ambrose
|
||
+ need sync with engine team too
|
||
|
||
****** SecureX Suite Session Improvement
|
||
|
||
Delivered yesterday in v1.81
|
||
Limit the number of interstitial pages between SecureX and CTR/SSE
|
||
|
||
+ For orbital, missing the Launch button, the back end work is done as we do
|
||
not need any SXSO app link.
|
||
|
||
****** [HOLD] Cisco Secure Client Integration
|
||
|
||
Still no work to be done by the IROH Services team
|
||
|
||
****** Hiring
|
||
|
||
Since last meeting two new hires will join us in next few weeks.
|
||
Kiril and Olivier.
|
||
|
||
Kiril lives in Germany and Olivier in France.
|
||
|
||
****** 1-Click Module Setup
|
||
|
||
In progress integration by CDO and SWC
|
||
|
||
/Irina/ worked to provide the vault metadata API for SWC.
|
||
|
||
AMP is in the QA test phase.
|
||
|
||
****** ModuleType updates
|
||
|
||
Just saw the rename of "Threat Grid" into "Secure Malware Analytics"
|
||
|
||
****** [HOLD] CTIA Hydrant support
|
||
****** CTIA Incident Manager Improvement
|
||
****** Bug Squashing
|
||
|
||
+ Fix a bug where a user could login to org that reject non-admin user login
|
||
+ Fix a refresh token bug that would provide too much scopes to an access token
|
||
+ Login Page url parsing potential discrepancy fixed
|
||
|
||
****** [HOLD] ES 7 Migration
|
||
****** Device Insights Integration
|
||
|
||
- Wanderson: Webhooks work, trigger a notification for every
|
||
module-instance configuration change.
|
||
|
||
****** AppLinks API
|
||
****** SSE API Extension & OAuth2 Device Grant
|
||
+ FMC ⇒ public clients for Device Grants
|
||
****** Incident Assignment Notifications
|
||
|
||
/Ambrose/ worked to make IROH a proxy to private intel for incident
|
||
assignments notifications.
|
||
Should be delivered in v1.82
|
||
|
||
** 2021-W39
|
||
|
||
*** 2021-09-29 Wednesday
|
||
**** MEETING Interview :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-09-29 Wed 16:12]--[2021-09-29 Wed 19:30] => 3:18
|
||
:END:
|
||
[2021-09-29 Wed 16:12]
|
||
- ref :: [[file:~/dev/ring-jwt-middleware/src/ring_jwt_middleware/core.clj::jwt-check-fn (s/=> s/Any s/Str JwtClaims)]]
|
||
|
||
*** 2021-10-01 Friday
|
||
**** MEETING App Links :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-01 Fri 17:26]--[2021-10-01 Fri 19:07] => 1:41
|
||
:END:
|
||
[2021-10-01 Fri 17:26]
|
||
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Secure Client][Secure Client]]
|
||
**** MEETING Secure Client :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-01 Fri 15:55]--[2021-10-01 Fri 17:26] => 1:31
|
||
:END:
|
||
[2021-10-01 Fri 15:55]
|
||
|
||
Meeting link:
|
||
https://cisco.webex.com/cisco/j.php?MTID=m5814a8530a0870a19a57230bfd6d4b0e
|
||
|
||
** 2021-W40
|
||
|
||
*** 2021-10-05 Tuesday
|
||
**** MEETING DI weekly :work:meeting:
|
||
[2021-10-05 Tue 15:30]
|
||
|
||
#+begin_quote
|
||
From Yuri
|
||
|
||
Hi,
|
||
Things I’d like to discuss on our today sync meeting:
|
||
1. The integration modules screen:
|
||
a. When will all the modules be updated with the relevant text?
|
||
b. When will all the modules be deployed to production?
|
||
c. Same goes for the DI module? Need help in updating its text and taking it to production as well
|
||
d. The filter by capability for device insights currently shows an empty result in production
|
||
2. Integration code
|
||
a. Is there still some integration code that is pending?
|
||
i. What is the status of https://github.com/advthreat/iroh/issues/5680?
|
||
ii. Any other open issues?
|
||
b. Any blockers that you see for deploying to production?
|
||
3. Assets API QA?
|
||
#+end_quote
|
||
|
||
1.a. doc team
|
||
1.b
|
||
|
||
2.a
|
||
|
||
**** IN-PROGRESS Training Interviewing :work:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-05 Tue 14:44]--[2021-10-05 Tue 15:30] => 0:46
|
||
:END:
|
||
[2021-10-05 Tue 14:44]
|
||
***** Past Perf Predict the Future
|
||
|
||
*Behaviorial questions*
|
||
|
||
- tell me about a time when...
|
||
- Where and how have you used ,,, to achieve ,,,
|
||
- Walk me through the system/process/etc...
|
||
|
||
*Behavioral questions better*
|
||
|
||
More specific to their experience, not generic.
|
||
|
||
- concise
|
||
- clear
|
||
- relevant
|
||
- practiced
|
||
- tailored to the job
|
||
|
||
***** Real Purpose of interviewing
|
||
|
||
Predict whether or not they'd be successful in our company
|
||
|
||
Evidence?
|
||
- Yes, specific examples
|
||
- Yes, demonstration
|
||
|
||
What the candidate will think about the question.
|
||
|
||
****** Clear on hiring criteria
|
||
|
||
*skills & knownledge, attributes, achievements, motivations*
|
||
|
||
targeted probing behavioral interviewing.
|
||
|
||
Go deep, specific, examples.
|
||
Ask the *how* to detect liars, lack of honesty.
|
||
|
||
- what ,,, what did you do, what was your role, etc...
|
||
Question need specific responses.
|
||
|
||
Do brainteasers work? no
|
||
Use problem solving questions; how would you do/solve/etc...?
|
||
|
||
Examples:
|
||
|
||
- role play question. ×
|
||
- problem they solved. ✓
|
||
|
||
|
||
What work-related experience(s) changed your opinion(s) on something?
|
||
|
||
****** On Question to rule them all?
|
||
|
||
Combination question.
|
||
Find combo questions.
|
||
|
||
*Probing*
|
||
|
||
*** 2021-10-07 Thursday
|
||
**** MEETING DI blockers :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-07 Thu 18:01]--[2021-10-08 Fri 17:33] => 23:32
|
||
:END:
|
||
[2021-10-07 Thu 18:01]
|
||
|
||
#+begin_quote
|
||
@Yuri:
|
||
|
||
I’ve opened the issues there, still need to set priorities.
|
||
Here is the list of the issues I’m currently aware of that are important
|
||
for the release:
|
||
|
||
1. https://github.com/advthreat/iroh/issues/5680 - didn’t open a new ticket for this one, since it already has tracking.
|
||
2. Umbrella module -
|
||
a. Allow configuring only DI relevant fields - https://github.com/threatgrid/response/issues/933 b. Placement of fields https://github.com/threatgrid/response/issues/934 c. Add explanations of DI relevant fields - https://github.com/threatgrid/response/issues/935 d. Umbrella doesn't send the external reference info - https://github.com/threatgrid/response/issues/936
|
||
3. filtering for the device insights SecureX modules in the Integration Modules screen - results in an empty set - https://github.com/threatgrid/response/issues/937
|
||
|
||
If you know of something else, please add here
|
||
|
||
@Matt:
|
||
2.a is also tracked here https://github.com/advthreat/iroh/issues/5821
|
||
#+end_quote
|
||
|
||
|
||
1. Doc discussion 30min
|
||
2. show time (Yuri share chat)
|
||
|
||
|
||
|
||
**** IN-PROGRESS support :work:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-07 Thu 16:45]--[2021-10-07 Thu 18:01] => 1:16
|
||
:END:
|
||
[2021-10-07 Thu 16:45]
|
||
- ref :: https://github.com/threatgrid/tenzin/issues/1530
|
||
|
||
new-org
|
||
|
||
#+begin_src js
|
||
{
|
||
"id": "00000000-0000-0000-6473-000028fbaa95",
|
||
"name": "GATE/Tier3",
|
||
"enabled?": true,
|
||
"created-at": "2021-10-07T17:00:00.000Z",
|
||
"scim-status": "activated",
|
||
"additional-scopes": [
|
||
"iroh-master:read",
|
||
"iroh-admin:read",
|
||
"iroh-master/tac",
|
||
"iroh-auth:read"]
|
||
}
|
||
#+end_src
|
||
|
||
Idp Mapping INT/TEST
|
||
|
||
#+begin_src js
|
||
{
|
||
"idp": "sxso",
|
||
"user-identity-id": "00uox5862kEG8G0CD0h7",
|
||
"enabled?": true
|
||
}
|
||
#+end_src
|
||
|
||
IdP Mapping PROD
|
||
|
||
#+begin_src js
|
||
{
|
||
"idp": "sxso",
|
||
"user-identity-id": "00u4dmbgyjnx4glS2357",
|
||
"enabled?": true
|
||
}
|
||
#+end_src
|
||
|
||
|
||
Users to invite:
|
||
|
||
|
||
#+begin_src js
|
||
|
||
[{"invitee-email":"ashakarc@cisco.com","role":"admin"},
|
||
{"invitee-email":"bmacer@cisco.com", "role":"admin"},
|
||
{"invitee-email":"caknowle@cisco.com","role":"admin"},
|
||
{"invitee-email":"cdeleanu@cisco.com","role":"admin"},
|
||
{"invitee-email":"daphgalm@cisco.com","role":"admin"},
|
||
{"invitee-email":"djanulik@cisco.com","role":"admin"},
|
||
{"invitee-email":"bmahsan@cisco.com", "role":"admin"},
|
||
{"invitee-email":"majacob2@cisco.com","role":"admin"},
|
||
{"invitee-email":"sorianto@cisco.com","role":"admin"},
|
||
{"invitee-email":"stabulic@cisco.com","role":"admin"}]
|
||
#+end_src
|
||
|
||
**** CHAT check continu :work:chat:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-07 Thu 10:07]--[2021-10-07 Thu 16:45] => 6:38
|
||
:END:
|
||
[2021-10-07 Thu 10:07]
|
||
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*support DI JWT signature][support DI JWT signature]]
|
||
**** CHAT support DI JWT signature :work:chat:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-07 Thu 09:45]--[2021-10-07 Thu 10:04] => 0:19
|
||
:END:
|
||
[2021-10-07 Thu 09:45]
|
||
- ref :: https://github.com/advthreat/iroh/issues/5680
|
||
|
||
**** IN-PROGRESS client update via admin for CMD :work:support:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-07 Thu 09:27]--[2021-10-07 Thu 09:45] => 0:18
|
||
:END:
|
||
[2021-10-07 Thu 09:27]
|
||
- ref :: https://github.com/advthreat/iroh/issues/5827
|
||
|
||
Cisco Secure Email Cloud Mailbox
|
||
|
||
- module NAM client-0be615ab-b0ff-4c12-8a85-f16c95e7d396
|
||
- ribbon NAM client-e36ba40b-5710-402d-b036-ada6d7817c55
|
||
- module EU client-6fc3230c-936a-40c1-ad73-f9f28700804e
|
||
- ribbon EU client-164688ee-cd5d-44b6-be3d-5e255955e969
|
||
|
||
|
||
**** CHAT Check webex matinal. :work:chat:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-07 Thu 09:26]--[2021-10-07 Thu 09:27] => 0:01
|
||
:END:
|
||
[2021-10-07 Thu 09:26]
|
||
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/journal/2021/2021-10-07.org::*09:20][09:20]]
|
||
**** PAUSE Journal :pause:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-07 Thu 09:20]--[2021-10-07 Thu 09:26] => 0:06
|
||
:END:
|
||
[2021-10-07 Thu 09:20]
|
||
|
||
*** 2021-10-08 Friday
|
||
**** MEETING IDB decomissioning :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-08 Fri 20:33]--[2021-10-08 Fri 23:01] => 2:28
|
||
:END:
|
||
[2021-10-08 Fri 20:33]
|
||
- ref :: [[file:~/dev/iroh/services/iroh-auth/test/iroh_auth/oauth2_web_service_test.clj][file:~/dev/iroh/services/iroh-auth/test/iroh_auth/oauth2_web_service_test.clj]]
|
||
|
||
- SSE side decomission
|
||
|
||
Chander Goyal
|
||
|
||
context; SX released as a platform, SSE had a PingFed ID Broker.
|
||
Also for CSA.
|
||
|
||
We want to user IROH-Auth.
|
||
We want to use directly IROH-Auth.
|
||
|
||
CSA Migration was launched.
|
||
SSE-side done.
|
||
|
||
CSA should be completed very soon.
|
||
Let's not change PingFed.
|
||
|
||
Nov 1919 -> nobody left in PingFed at SSE.
|
||
|
||
Very limited knowledge.
|
||
The license was Cisco Wideside license.
|
||
end in 2022.
|
||
|
||
We want to duplicate PingFed.
|
||
**** MEETING Customer Manager :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-08 Fri 17:33]--[2021-10-08 Fri 20:33] => 3:00
|
||
:END:
|
||
[2021-10-08 Fri 17:33]
|
||
- ref :: ,,,
|
||
|
||
** 2021-W41
|
||
|
||
*** 2021-10-14 Thursday
|
||
**** IN-PROGRESS Write Customer Manager doc :work:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-14 Thu 15:23]--[2021-10-14 Thu 16:33] => 1:10
|
||
:END:
|
||
[2021-10-14 Thu 15:23]
|
||
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*write attack on Webhooks with JWT from emitters][write attack on Webhooks with JWT from emitters]]
|
||
**** IN-PROGRESS write attack on Webhooks with JWT from emitters :work:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-14 Thu 14:58]--[2021-10-14 Thu 15:23] => 0:25
|
||
:END:
|
||
[2021-10-14 Thu 14:58]
|
||
|
||
Attack using access_token/id_token from emitters and not webhook owner.
|
||
|
||
Webhooks are a generic mechanism; but here we only focus on webhook used by
|
||
internal Cisco team integration.
|
||
|
||
So the webhook mechanism should be used to push a trusted API that a
|
||
changed occurred in SecureX (typically module instance change).
|
||
|
||
The call must be authenticated by the API.
|
||
The call should also optionally contain access/refresh tokens to the
|
||
destination so the integration team could access IROH as the event's
|
||
emitter user.
|
||
|
||
The issue is that, nothing is explicitly done to prevent any user to get an
|
||
access/id token generated from the same client we use to forge the
|
||
authentication headers.
|
||
So it means, that a SecureX user from any org that could get access to its
|
||
own access token/id token (which is entirely possible, and easy to get for
|
||
DI as their client is public).
|
||
So any user could call the API endpoint to fake real webhook events, and
|
||
potentially using cross-tenancy/cross-user false events.
|
||
|
||
So to mitigate this issue, we suggest to:
|
||
|
||
1. Always use the owner of the webhook & the client of the team to build
|
||
id_tokens, (if possible not access_token).
|
||
The forged JWT should have a specific audience (this is already the case
|
||
for DI at least). The API team *MUST* check that the =sub= claim matches the
|
||
=owner-id= field of the webhook as well as verifying the JWT signature.
|
||
2. Provide the emitter tokens in the body of the HTTP call made during
|
||
webhook trigger.
|
||
|
||
|
||
- With 1, we prevent this cross-tenant/cross-user attack.
|
||
- With 2, we not only provide even more data than before but the team could
|
||
directly use the token without using the "custom route" to retrieve the
|
||
refresh token (as it is already provided in the webhook HTTP body)
|
||
|
||
** 2021-W42
|
||
|
||
*** 2021-10-18 Monday
|
||
**** TODO Write Weekly todos :work:
|
||
[2021-10-18 Mon 10:56]
|
||
- ref ::
|
||
***** DONE Check Wanderson PRs/Webhooks
|
||
SCHEDULED: <2021-10-18 Mon>
|
||
***** DONE Customer Manager Doc
|
||
SCHEDULED: <2021-10-19 Tue>
|
||
***** TODO IROH-Auth tour
|
||
****** DONE Organize invitations for IROH-Auth tour + bugfix, etc...
|
||
DEADLINE: <2021-10-18 Mon>
|
||
***** DONE Discuss Exceptions organization
|
||
SCHEDULED: <2021-10-18 Mon>
|
||
*** 2021-10-19 Tuesday
|
||
**** DONE whitelist synopsis.com in TEST :work:
|
||
DEADLINE: <2021-10-19 Tue>
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-19 Tue 09:04]--[2021-10-19 Tue 16:03] => 6:59
|
||
:END:
|
||
[2021-10-19 Tue 09:04]
|
||
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Olivier][Olivier]]
|
||
|
||
*** 2021-10-21 Thursday
|
||
**** MEETING Weekly IROH Service Team :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-21 Thu 17:16]--[2021-10-21 Thu 17:25] => 0:09
|
||
:END:
|
||
[2021-10-21 Thu 17:16]
|
||
***** Remark to tell
|
||
|
||
- Internal JWT generation, with/without client.
|
||
- Next week IROH-Auth tour probably record this.
|
||
|
||
|
||
**** MEETING FMC - Device Grant OAuth2 Flow Sync :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-21 Thu 16:27]--[2021-10-21 Thu 16:51] => 0:24
|
||
:END:
|
||
[2021-10-21 Thu 16:27]
|
||
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Secure Client][Secure Client]]
|
||
|
||
Updated Target Date.
|
||
No blocking issue or concerns.
|
||
|
||
We just finish delivering the feature.
|
||
|
||
Good to go for 7.2 release (in April).
|
||
Maybe maintenance release 7.0.2 in Feb.
|
||
|
||
**** MEETING Secure Client :work:meeting:me:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-21 Thu 15:32]--[2021-10-21 Thu 16:12] => 0:40
|
||
:END:
|
||
[2021-10-21 Thu 15:32]
|
||
|
||
Jyoti discuss with a document how the 1-click module setup
|
||
should work and the constraints to obey.
|
||
|
||
*** 2021-10-22 Friday
|
||
**** MEETING Engineering Team :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-22 Fri 17:03]--[2021-10-22 Fri 18:36] => 1:33
|
||
:END:
|
||
[2021-10-22 Fri 17:03]
|
||
|
||
- Working closely to finalize 1-click module setup to work.
|
||
We faced an issue in using the same client for both the ribbon and the
|
||
1-click module setup.
|
||
This not really a blocker and a fix is in the way.
|
||
|
||
** 2021-W43
|
||
|
||
*** 2021-10-25 Monday
|
||
**** MEETING IROH-Auth Overview :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-25 Mon 13:57]--[2021-10-25 Mon 17:26] => 3:29
|
||
:END:
|
||
[2021-10-25 Mon 13:57]
|
||
- ref ::
|
||
|
||
- services/iroh-auth
|
||
- lib/iroh-web/{core.clj,compojure-api.clj}
|
||
-
|
||
|
||
*** 2021-10-26 Tuesday
|
||
**** MEETING AO :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-26 Tue 17:43]--[2021-10-27 Wed 10:00] => 16:17
|
||
:END:
|
||
[2021-10-26 Tue 17:43]
|
||
- ref ::
|
||
|
||
.
|
||
**** MEETING IROH-Auth tour :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-26 Tue 14:25]--[2021-10-26 Tue 17:43] => 3:18
|
||
:END:
|
||
[2021-10-26 Tue 14:25]
|
||
- ref :: [[file:~/dev/iroh/dev-resources/config.edn::}}]]
|
||
|
||
***** org-level entities (clients)
|
||
1. makes user-id/owner-id optional ×
|
||
2. hack the User service, to create a fake org-level user.
|
||
|
||
#+begin_src clojure
|
||
(get-user org-id)
|
||
|
||
=> {:user-id org-id
|
||
:org-id org-id
|
||
:role "admin"
|
||
:scopes ,,,,}
|
||
#+end_src
|
||
|
||
search for entities, you should search for the owned entities + (if you are
|
||
an admin for the admin-level entities.)
|
||
|
||
during the ~create-client~ to add the ability to create client with that
|
||
specific owner.
|
||
|
||
Fun: filter-map => list of filter-map
|
||
|
||
|
||
#+begin_src clojure
|
||
;; inside an Org
|
||
{:addtional-scopes #{"cisco/user:read"}}
|
||
;;
|
||
{:addtional-scopes
|
||
{:user #{}
|
||
:admin #{"cisco/user:read"}}}
|
||
#+end_src
|
||
|
||
****** Hidden migration
|
||
|
||
(get-org ,,,,)
|
||
|
||
****** IROH-Crud
|
||
|
||
TK-Store => provide a minimalist abstraction to Databases.
|
||
IROH-CRUD => provide CRUD-only related abstractions
|
||
search that
|
||
|
||
#+begin_src clojure
|
||
(search ,,,,)
|
||
|
||
(iroh-crud/search-with-admin
|
||
{:,,,, :user-id xxx :org-id xxx})
|
||
=> (tk-store/search {:filter-map [{:user-id xxxx ,,,}
|
||
{:user-id xxxx :org-id org-id}]
|
||
|
||
})
|
||
#+end_src
|
||
|
||
****** update entities
|
||
|
||
To decide later:
|
||
|
||
1. any admin should be allowed to update the org-level entities.
|
||
2. some specific admin only should be allowed to update the org-level
|
||
entites (use another scope maybe?)
|
||
|
||
Probably option 1.
|
||
|
||
*** 2021-10-27 Wednesday
|
||
**** IN-PROGRESS preparation IROH Auth Tour :work:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-10-27 Wed 12:06]--[2021-10-27 Wed 12:07] => 0:01
|
||
:END:
|
||
[2021-10-27 Wed 12:06]
|
||
|
||
- Continue on "org-level entities"
|
||
- Doc on JWT client expectations
|
||
- :load-path "" Dispatch work
|
||
- Dig if necessary
|