yogsototh/deft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deft/reports/FY23Q3-report.html
Yann Esposito (Yogsototh) 136c8c4be4
save
2023-08-09 15:00:50 +02:00

2292 lines
96 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="dcterms.date" content="2023-05-03" />
<title>FY23Q3 Report</title>
<style>
html {
line-height: 1.5;
font-family: Georgia, serif;
font-size: 20px;
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 1em;
}
h1 {
font-size: 1.8em;
}
}
@media print {
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
font-size: 85%;
margin: 0;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
</style>
<style>
body { font-family: monospace; font-size: 14px; line-height: 1.5em; max-width: 60em; margin: 0 auto; padding-top: 0; }
h1,h2,h3,h4 { margin: 0.25em 0; }
header { margin-bottom: 0; }
header h1 { border: none; }
h1 { border-top: solid 10px; border-bottom: solid 10px; margin-bottom: 1em; padding: 0.5em 0; width: 100%; text-align: center;}
h2 { border-top: solid; text-align: center; margin-top: 1em; padding-top: 1em; }
h3 { margin-left: 1em; color: #cb4b16; }
h4 { margin-left: 2em; }
u { display: inline-block; margin-left: 2.75em; opacity: 0.3; }
hr { opacity: 0; }
a { color: #06a;}
ul { margin-left: 3em; }
#TOC ul { margin-left: 0.5em; }
li { clear: both; }
li > a { float: right; }
nav li a { float: none; }
blockquote { opacity: 0.7; }
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">FY23Q3 Report</h1>
<p class="subtitle">logs goes 4 months back</p>
<p class="date">2023-05-03</p>
</header>
<nav id="TOC" role="doc-toc">
<ul>
<li><a href="#iroh">IROH</a>
<ul>
<li><a href="#lead">lead</a>
<ul>
<li><a href="#guillaume-buisson-25">Guillaume Buisson [25]</a>
<ul>
<li><a href="#ctia-5">ctia [5]</a></li>
<li><a href="#iroh-16">iroh [16]</a></li>
<li><a href="#tenzin-config-4">tenzin-config [4]</a></li>
</ul></li>
</ul></li>
<li><a href="#data">data</a>
<ul>
<li><a href="#mario-aquino-30">Mario Aquino [30]</a>
<ul>
<li><a href="#iroh-17">iroh [17]</a></li>
<li><a href="#tenzin-config-13">tenzin-config [13]</a></li>
</ul></li>
<li><a href="#guillaume-erétéo-16">Guillaume Erétéo [16]</a>
<ul>
<li><a href="#ctia-6">ctia [6]</a></li>
<li><a href="#iroh-5">iroh [5]</a></li>
<li><a href="#tenzin-config-5">tenzin-config [5]</a></li>
</ul></li>
<li><a href="#ambrose-bonnaire-sergeant-11">Ambrose Bonnaire-Sergeant
[11]</a>
<ul>
<li><a href="#ctia-7">ctia [7]</a></li>
<li><a href="#iroh-4">iroh [4]</a></li>
</ul></li>
</ul></li>
<li><a href="#integrations">integrations</a>
<ul>
<li><a href="#matthieu-sprunck-32">Matthieu Sprunck [32]</a>
<ul>
<li><a href="#iroh-17-1">iroh [17]</a></li>
<li><a href="#tenzin-config-15">tenzin-config [15]</a></li>
</ul></li>
<li><a href="#kirill-chernyshov-11">Kirill Chernyshov [11]</a>
<ul>
<li><a href="#ctia-2">ctia [2]</a></li>
<li><a href="#iroh-9">iroh [9]</a></li>
</ul></li>
<li><a href="#shafiq-5">Shafiq [5]</a>
<ul>
<li><a href="#iroh-4-1">iroh [4]</a></li>
<li><a href="#tenzin-config-1">tenzin-config [1]</a></li>
</ul></li>
</ul></li>
<li><a href="#auth">auth</a>
<ul>
<li><a href="#olivier-barbeau-23">Olivier Barbeau [23]</a>
<ul>
<li><a href="#iroh-22">iroh [22]</a></li>
<li><a href="#tenzin-config-1-1">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#yogsototh-5">(Yogsototh) [5]</a>
<ul>
<li><a href="#xdr-provisioning-5">xdr-provisioning [5]</a></li>
</ul></li>
<li><a href="#bartuka-15">bartuka [15]</a>
<ul>
<li><a href="#iroh-13">iroh [13]</a></li>
<li><a href="#tenzin-1">tenzin [1]</a></li>
<li><a href="#tenzin-config-1-2">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#yann-esposito-44">Yann Esposito [44]</a>
<ul>
<li><a href="#ctia-1">ctia [1]</a></li>
<li><a href="#iroh-30">iroh [30]</a></li>
<li><a href="#tenzin-2">tenzin [2]</a></li>
<li><a href="#tenzin-config-6">tenzin-config [6]</a></li>
<li><a href="#xdr-provisioning-5-1">xdr-provisioning [5]</a></li>
</ul></li>
</ul></li>
<li><a href="#iroh-ops">iroh-ops</a>
<ul>
<li><a href="#patrick-patat-19">Patrick Patat [19]</a>
<ul>
<li><a href="#iroh-ops-18">iroh-ops [18]</a></li>
<li><a href="#tenzin-1-1">tenzin [1]</a></li>
</ul></li>
<li><a href="#jerome-schneider-81">Jerome Schneider [81]</a>
<ul>
<li><a href="#iroh-ops-24">iroh-ops [24]</a></li>
<li><a href="#tenzin-57">tenzin [57]</a></li>
</ul></li>
</ul></li>
</ul></li>
<li><a href="#other">Other</a>
<ul>
<li><a href="#other-1">Other</a>
<ul>
<li><a href="#krishna-ganugapenta-32">krishna Ganugapenta [32]</a>
<ul>
<li><a href="#tenzin-31">tenzin [31]</a></li>
<li><a href="#tenzin-config-1-3">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#tancredi-orlando-1">Tancredi Orlando [1]</a>
<ul>
<li><a href="#easy-purescript-nix-1">easy-purescript-nix [1]</a></li>
</ul></li>
<li><a href="#milehrer-15">milehrer [15]</a>
<ul>
<li><a href="#iroh-engine-15">iroh-engine [15]</a></li>
</ul></li>
<li><a href="#joel-holdbrooks-2">Joel Holdbrooks [2]</a>
<ul>
<li><a href="#iroh-engine-2">iroh-engine [2]</a></li>
</ul></li>
<li><a href="#michael-whitley-3">Michael Whitley [3]</a>
<ul>
<li><a href="#response-3">response [3]</a></li>
</ul></li>
<li><a href="#sofiia-mykytiuk-43">Sofiia Mykytiuk [43]</a>
<ul>
<li><a href="#tenzin-43">tenzin [43]</a></li>
</ul></li>
<li><a href="#will-lorand-1">Will Lorand [1]</a>
<ul>
<li><a href="#iroh-1">iroh [1]</a></li>
</ul></li>
<li><a href="#dmytro-budko-5">Dmytro Budko [5]</a>
<ul>
<li><a href="#tenzin-5">tenzin [5]</a></li>
</ul></li>
<li><a href="#cisco-boz-1">Cisco Boz [1]</a>
<ul>
<li><a href="#tenzin-1-2">tenzin [1]</a></li>
</ul></li>
<li><a href="#patrick-patat-72">Patrick Patat [72]</a>
<ul>
<li><a href="#iroh-ops-71">iroh-ops [71]</a></li>
<li><a href="#tenzin-1-3">tenzin [1]</a></li>
</ul></li>
<li><a href="#yurii-ivanisenko-12">Yurii Ivanisenko [12]</a>
<ul>
<li><a href="#tenzin-11">tenzin [11]</a></li>
<li><a href="#tenzin-config-1-4">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#robert-levy-5">Robert Levy [5]</a>
<ul>
<li><a href="#iroh-5-1">iroh [5]</a></li>
</ul></li>
<li><a href="#mia-36">Mia [36]</a>
<ul>
<li><a href="#iroh-22-1">iroh [22]</a></li>
<li><a href="#iroh-engine-13">iroh-engine [13]</a></li>
<li><a href="#tenzin-config-1-5">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#devin-walters-5">Devin Walters [5]</a>
<ul>
<li><a href="#iroh-engine-5">iroh-engine [5]</a></li>
</ul></li>
<li><a href="#vadym-kiz-3">Vadym Kiz [3]</a>
<ul>
<li><a href="#tenzin-3">tenzin [3]</a></li>
</ul></li>
<li><a href="#ag-ibragimov-8">Ag Ibragimov [8]</a>
<ul>
<li><a href="#iroh-4-2">iroh [4]</a></li>
<li><a href="#tenzin-config-4-1">tenzin-config [4]</a></li>
</ul></li>
<li><a href="#justin-woo-2">Justin Woo [2]</a>
<ul>
<li><a href="#easy-purescript-nix-2">easy-purescript-nix [2]</a></li>
</ul></li>
<li><a href="#dependabotbot-0">dependabot[bot] [0]</a></li>
<li><a href="#sam-waggoner-4">Sam Waggoner [4]</a>
<ul>
<li><a href="#ctia-1-1">ctia [1]</a></li>
<li><a href="#tenzin-config-3">tenzin-config [3]</a></li>
</ul></li>
<li><a href="#ii-9">II [9]</a>
<ul>
<li><a href="#iroh-7">iroh [7]</a></li>
<li><a href="#tenzin-config-2">tenzin-config [2]</a></li>
</ul></li>
<li><a href="#eric-gierach-10">Eric Gierach [10]</a>
<ul>
<li><a href="#iroh-3">iroh [3]</a></li>
<li><a href="#iroh-engine-7">iroh-engine [7]</a></li>
</ul></li>
<li><a href="#adam-sayer-26">Adam Sayer [26]</a>
<ul>
<li><a href="#tenzin-25">tenzin [25]</a></li>
<li><a href="#tenzin-config-1-6">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#tomasz-rybarczyk-1">Tomasz Rybarczyk [1]</a>
<ul>
<li><a href="#easy-purescript-nix-1-1">easy-purescript-nix [1]</a></li>
</ul></li>
<li><a href="#chris-duane-2">Chris Duane [2]</a>
<ul>
<li><a href="#response-2">response [2]</a></li>
</ul></li>
<li><a href="#section">[9]</a>
<ul>
<li><a href="#iroh-7-1">iroh [7]</a></li>
<li><a href="#tenzin-config-2-1">tenzin-config [2]</a></li>
</ul></li>
<li><a href="#john-jardine-30">John Jardine [30]</a>
<ul>
<li><a href="#tenzin-30">tenzin [30]</a></li>
</ul></li>
<li><a href="#michael-pendergrass-4">Michael Pendergrass [4]</a>
<ul>
<li><a href="#iroh-4-3">iroh [4]</a></li>
</ul></li>
<li><a href="#scott-mcleod-4">Scott McLeod [4]</a>
<ul>
<li><a href="#iroh-4-4">iroh [4]</a></li>
</ul></li>
<li><a href="#matthieu-sprunck-3">Matthieu Sprunck [3]</a>
<ul>
<li><a href="#ctia-3">ctia [3]</a></li>
</ul></li>
<li><a href="#jerome-schneider-10">Jerome Schneider [10]</a>
<ul>
<li><a href="#iroh-ops-9">iroh-ops [9]</a></li>
<li><a href="#tenzin-1-4">tenzin [1]</a></li>
</ul></li>
<li><a href="#t2sw-1">t2sw [1]</a>
<ul>
<li><a href="#iroh-1-1">iroh [1]</a></li>
</ul></li>
<li><a href="#bswanson-81">bswanson [81]</a>
<ul>
<li><a href="#iroh-10">iroh [10]</a></li>
<li><a href="#iroh-engine-68">iroh-engine [68]</a></li>
<li><a href="#tenzin-config-3-1">tenzin-config [3]</a></li>
</ul></li>
<li><a href="#pawan-bahuguna-31">Pawan Bahuguna [31]</a>
<ul>
<li><a href="#tenzin-31-1">tenzin [31]</a></li>
</ul></li>
<li><a href="#trent-boyd-2">Trent Boyd [2]</a>
<ul>
<li><a href="#tenzin-config-2-2">tenzin-config [2]</a></li>
</ul></li>
<li><a href="#devin-walters-12">Devin Walters [12]</a>
<ul>
<li><a href="#tenzin-7">tenzin [7]</a></li>
<li><a href="#tenzin-config-5-1">tenzin-config [5]</a></li>
</ul></li>
<li><a href="#martin-bruchanov-20">Martin Bruchanov [20]</a>
<ul>
<li><a href="#tenzin-20">tenzin [20]</a></li>
</ul></li>
<li><a href="#michael-simonson-3">Michael Simonson [3]</a>
<ul>
<li><a href="#tenzin-2-1">tenzin [2]</a></li>
<li><a href="#tenzin-config-1-7">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#john-jardine-5">John Jardine [5]</a>
<ul>
<li><a href="#tenzin-4">tenzin [4]</a></li>
<li><a href="#tenzin-config-1-8">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#gayan-jayasundara-7">Gayan Jayasundara [7]</a>
<ul>
<li><a href="#tenzin-7-1">tenzin [7]</a></li>
</ul></li>
</ul></li>
</ul></li>
</ul>
</nav>
<h1 id="iroh">IROH</h1>
<h2 id="lead">lead</h2>
<h3 id="guillaume-buisson-25">Guillaume Buisson [25]</h3>
<h4 id="ctia-5">ctia [5]</h4>
<ul>
<li>Fixed Riemann ES configuration <a
href="https://github.com/advthreat/ctia/pull/1360">#1360</a></li>
<li>Allow setting <code>allow_partial_search_results</code> in ES
queries <a
href="https://github.com/advthreat/ctia/pull/1359">#1359</a></li>
<li>Bump CTIM to 1.3.6 <a
href="https://github.com/advthreat/ctia/pull/1355">#1355</a></li>
<li>Note Entity API changes <a
href="https://github.com/advthreat/ctia/pull/1342">#1342</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>CTIM Note entity Support <a
href="https://github.com/advthreat/ctia/pull/1330">#1330</a></li>
</ul>
<h4 id="iroh-16">iroh [16]</h4>
<ul>
<li>Initial Incident Response Design Draft <a
href="https://github.com/advthreat/iroh/pull/7398">#7398</a></li>
<li>Fix Target enrichment feature flag check <a
href="https://github.com/advthreat/iroh/pull/7740">#7740</a></li>
<li>Bump clj-momo to 0.4.0 <a
href="https://github.com/advthreat/iroh/pull/7723">#7723</a></li>
<li>Update Orchestration Workflow Event fixtures <a
href="https://github.com/advthreat/iroh/pull/7677">#7677</a></li>
<li>Observe-Targets route Enhancements <a
href="https://github.com/advthreat/iroh/pull/7668">#7668</a></li>
<li>Temporary implementation of observe-targets in the Relay module <a
href="https://github.com/advthreat/iroh/pull/7656">#7656</a></li>
<li>Revert "Enrich WebService route"</li>
<li>Revert "Initial WebService for testing"</li>
<li>Initial WebService for testing</li>
<li>Enrich WebService route</li>
<li>Additional Note/Event sample data <a
href="https://github.com/advthreat/iroh/pull/7654">#7654</a></li>
<li>Support the Note Entity in Private Intel <a
href="https://github.com/advthreat/iroh/pull/7605">#7605</a></li>
<li>Mitre and Risk Score based Incidents Review <a
href="https://github.com/advthreat/iroh/pull/6990">#6990</a></li>
<li>Properly define the OpenAPI metadata for the Enrich API <a
href="https://github.com/advthreat/iroh/pull/7532">#7532</a></li>
<li>Unhide Swagger UI Responses <a
href="https://github.com/advthreat/iroh/pull/7529">#7529</a></li>
<li>Updated Note designs <a
href="https://github.com/advthreat/iroh/pull/7508">#7508</a></li>
</ul>
<h4 id="tenzin-config-4">tenzin-config [4]</h4>
<ul>
<li>Add the SXO clients to the High Impact allowed sources <a
href="https://github.com/advthreat/tenzin-config/pull/876">#876</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>CTIA Note Entity setup <a
href="https://github.com/advthreat/tenzin-config/pull/836">#836</a></li>
<li>Disable the Kafka Event Hook for Private Intel <a
href="https://github.com/advthreat/tenzin-config/pull/835">#835</a></li>
<li>Double the rate limit of the dcloud organization <a
href="https://github.com/advthreat/tenzin-config/pull/824">#824</a></li>
</ul>
<h2 id="data">data</h2>
<h3 id="mario-aquino-30">Mario Aquino [30]</h3>
<h4 id="iroh-17">iroh [17]</h4>
<ul>
<li>Add audiences to client <a
href="https://github.com/advthreat/iroh/pull/7812">#7812</a></li>
<li>OrgTokenProviderService <a
href="https://github.com/advthreat/iroh/pull/7731">#7731</a></li>
<li>Handle additional variation on mitre-attack source_name <a
href="https://github.com/advthreat/iroh/pull/7755">#7755</a></li>
<li>Match on mitre-attack as source_name to find variations <a
href="https://github.com/advthreat/iroh/pull/7754">#7754</a></li>
<li>Remove high impact severity checking <a
href="https://github.com/advthreat/iroh/pull/7580">#7580</a></li>
<li>Iterate over all orgs for threat hunt execution <a
href="https://github.com/advthreat/iroh/pull/7601">#7601</a></li>
<li>Check authorization header <a
href="https://github.com/advthreat/iroh/pull/7597">#7597</a></li>
<li>Fix test broken by missing auth header <a
href="https://github.com/advthreat/iroh/pull/7588">#7588</a></li>
<li>Use mk-int-request-context for calls that may go to modules <a
href="https://github.com/advthreat/iroh/pull/7587">#7587</a></li>
<li>Improve logging for risk score asset resolution <a
href="https://github.com/advthreat/iroh/pull/7581">#7581</a></li>
<li>Update CTIM to align w version used by CTIA <a
href="https://github.com/advthreat/iroh/pull/7576">#7576</a></li>
<li>Reduce threat hunt ctia investigate module timeouts <a
href="https://github.com/advthreat/iroh/pull/7527">#7527</a></li>
<li>Error handling around risk score calculation attempt <a
href="https://github.com/advthreat/iroh/pull/7512">#7512</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Replace unsupported trojan source detector <a
href="https://github.com/advthreat/iroh/pull/7481">#7481</a></li>
<li>Service interface tech-debt <a
href="https://github.com/advthreat/iroh/pull/7475">#7475</a></li>
<li>One iroh-async session queue for all tasks <a
href="https://github.com/advthreat/iroh/pull/7472">#7472</a></li>
<li>CTIM v1.2.0 <a
href="https://github.com/advthreat/iroh/pull/7459">#7459</a></li>
</ul>
<h4 id="tenzin-config-13">tenzin-config [13]</h4>
<ul>
<li>Enable config for incident enrichment <a
href="https://github.com/advthreat/tenzin-config/pull/880">#880</a></li>
<li>Removes AWS Auth credentials no longer needed by queue-monitor <a
href="https://github.com/advthreat/tenzin-config/pull/867">#867</a></li>
<li>Update async worker count for new server specs <a
href="https://github.com/advthreat/tenzin-config/pull/861">#861</a></li>
<li>AWS Credentials for CloudWatch interaction <a
href="https://github.com/advthreat/tenzin-config/pull/842">#842</a></li>
<li>Remove configs to allow threat hunting for all orgs <a
href="https://github.com/advthreat/tenzin-config/pull/853">#853</a></li>
<li>Make all incidents imported via Swagger UI high impact <a
href="https://github.com/advthreat/tenzin-config/pull/847">#847</a></li>
<li>Remove iroh-investigate and iroh-incident configs <a
href="https://github.com/advthreat/tenzin-config/pull/837">#837</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Use correct urls for PROD iroh <a
href="https://github.com/advthreat/tenzin-config/pull/832">#832</a></li>
<li>Updates sessions-config for iroh-investigate and iroh-incident <a
href="https://github.com/advthreat/tenzin-config/pull/826">#826</a></li>
<li>iroh-queue-monitor config update <a
href="https://github.com/advthreat/tenzin-config/pull/820">#820</a></li>
<li>Increases number of threat hunt orgs <a
href="https://github.com/advthreat/tenzin-config/pull/812">#812</a></li>
<li>Redis for iroh-async <a
href="https://github.com/advthreat/tenzin-config/pull/815">#815</a></li>
<li>Adds config for iroh-async deployment group</li>
</ul>
<h3 id="guillaume-erétéo-16">Guillaume Erétéo [16]</h3>
<h4 id="ctia-6">ctia [6]</h4>
<ul>
<li>add total-hits headers to metric responses <a
href="https://github.com/advthreat/ctia/pull/1363">#1363</a></li>
<li>add tactics/techniques to incident search filters <a
href="https://github.com/advthreat/ctia/pull/1356">#1356</a></li>
<li>Incident score schema check <a
href="https://github.com/advthreat/ctia/pull/1353">#1353</a></li>
<li>Relationships: add target_ref and source_ref as enumerable field <a
href="https://github.com/advthreat/ctia/pull/1354">#1354</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>verdict fix <a
href="https://github.com/advthreat/ctia/pull/1333">#1333</a></li>
<li>add techniques to enumerable fields <a
href="https://github.com/advthreat/ctia/pull/1331">#1331</a></li>
</ul>
<h4 id="iroh-5">iroh [5]</h4>
<ul>
<li>introduce aggregation in crud store <a
href="https://github.com/advthreat/iroh/pull/7734">#7734</a></li>
<li>Add Scott to CODEOWNERS <a
href="https://github.com/advthreat/iroh/pull/7782">#7782</a></li>
<li>first stats <a
href="https://github.com/advthreat/iroh/pull/7765">#7765</a></li>
<li>Incident summary design <a
href="https://github.com/advthreat/iroh/pull/7704">#7704</a></li>
<li>threat hunt status incident status Open <a
href="https://github.com/advthreat/iroh/pull/7709">#7709</a></li>
</ul>
<h4 id="tenzin-config-5">tenzin-config [5]</h4>
<ul>
<li>Activate scoring in TEST and PROD for 1.116 <a
href="https://github.com/advthreat/tenzin-config/pull/851">#851</a></li>
<li>Add PCTIA as high impact by default <a
href="https://github.com/advthreat/tenzin-config/pull/849">#849</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>update incident mappings <a
href="https://github.com/advthreat/tenzin-config/pull/822">#822</a></li>
<li>IROH Swagger UI to high impact sources <a
href="https://github.com/advthreat/tenzin-config/pull/830">#830</a></li>
<li>prepare actor migration <a
href="https://github.com/advthreat/tenzin-config/pull/814">#814</a></li>
</ul>
<h3 id="ambrose-bonnaire-sergeant-11">Ambrose Bonnaire-Sergeant
[11]</h3>
<h4 id="ctia-7">ctia [7]</h4>
<ul>
<li>Push sighting store's coercion pattern into def-es-store <a
href="https://github.com/advthreat/ctia/pull/1361">#1361</a></li>
<li>Remove log4j <a
href="https://github.com/advthreat/ctia/pull/1347">#1347</a></li>
<li>Fix bulk relationships between transient asset mappings/fields <a
href="https://github.com/advthreat/ctia/pull/1343">#1343</a></li>
<li>Filter by scores test <a
href="https://github.com/advthreat/ctia/pull/1341">#1341</a></li>
<li>Scores dynamic mapping <a
href="https://github.com/advthreat/ctia/pull/1340">#1340</a></li>
<li>Don't mix user params with internal extensions <a
href="https://github.com/advthreat/ctia/pull/1339">#1339</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Sort on incident score <a
href="https://github.com/advthreat/ctia/pull/1327">#1327</a></li>
</ul>
<h4 id="iroh-4">iroh [4]</h4>
<ul>
<li>new incident scores format <a
href="https://github.com/advthreat/iroh/pull/7578">#7578</a></li>
<li>Strip ctia keys <a
href="https://github.com/advthreat/iroh/pull/7521">#7521</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Improve stubservice error messages <a
href="https://github.com/advthreat/iroh/pull/7478">#7478</a></li>
<li>Prep Mia for incident scoring impl <a
href="https://github.com/advthreat/iroh/pull/7397">#7397</a></li>
</ul>
<h2 id="integrations">integrations</h2>
<h3 id="matthieu-sprunck-32">Matthieu Sprunck [32]</h3>
<h4 id="iroh-17-1">iroh [17]</h4>
<ul>
<li>E7469: Event API extension design <a
href="https://github.com/advthreat/iroh/pull/7462">#7462</a></li>
<li>Implements OR, AND, NOT boolean combinators for ElasticSearch <a
href="https://github.com/advthreat/iroh/pull/7752">#7752</a></li>
<li>Add a dedicated IROH Auth configuration to Swagger <a
href="https://github.com/advthreat/iroh/pull/7738">#7738</a></li>
<li>Remote: Return an error when tiles/data is not supported <a
href="https://github.com/advthreat/iroh/pull/7732">#7732</a></li>
<li>Remove support for access token in Swagger UI <a
href="https://github.com/advthreat/iroh/pull/7729">#7729</a></li>
<li>Remote: IROH Proxy handler should not be called in case of errors <a
href="https://github.com/advthreat/iroh/pull/7717">#7717</a></li>
<li>Add missing dependency to int-web-service <a
href="https://github.com/advthreat/iroh/pull/7712">#7712</a></li>
<li>Configures ModuleRecords with a map <a
href="https://github.com/advthreat/iroh/pull/7690">#7690</a></li>
<li>Bump to CTIM 1.3.7 <a
href="https://github.com/advthreat/iroh/pull/7696">#7696</a></li>
<li>Create High Impact incident event <a
href="https://github.com/advthreat/iroh/pull/7679">#7679</a></li>
<li>Bump to CTIM 1.3.5 <a
href="https://github.com/advthreat/iroh/pull/7642">#7642</a></li>
<li>Add new High Impact Incident event types <a
href="https://github.com/advthreat/iroh/pull/7606">#7606</a></li>
<li>Bump to CTIM 1.3.4 <a
href="https://github.com/advthreat/iroh/pull/7626">#7626</a></li>
<li>Bump to CTIM 1.3.3 <a
href="https://github.com/advthreat/iroh/pull/7616">#7616</a></li>
<li>Allow settings prefixed by custom_ to be derived in proxy config <a
href="https://github.com/advthreat/iroh/pull/7509">#7509</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Fix client credentials auth for CrowdStrike integration <a
href="https://github.com/advthreat/iroh/pull/7502">#7502</a></li>
<li>Add API Key auth type to the Relay module <a
href="https://github.com/advthreat/iroh/pull/7488">#7488</a></li>
</ul>
<h4 id="tenzin-config-15">tenzin-config [15]</h4>
<ul>
<li>Revert "Revert "Remove support for access token in Swagger UI
(#868)" (#871)" <a
href="https://github.com/advthreat/tenzin-config/pull/874">#874</a></li>
<li>Allow SXO internal hosts for webhook calls <a
href="https://github.com/advthreat/tenzin-config/pull/872">#872</a></li>
<li>Revert "Remove support for access token in Swagger UI (#868)" <a
href="https://github.com/advthreat/tenzin-config/pull/871">#871</a></li>
<li>Remove invalid module configuration keys <a
href="https://github.com/advthreat/tenzin-config/pull/870">#870</a></li>
<li>Remove support for access token in Swagger UI <a
href="https://github.com/advthreat/tenzin-config/pull/868">#868</a></li>
<li>Remove one-click-module services from iroh application <a
href="https://github.com/advthreat/tenzin-config/pull/865">#865</a></li>
<li>Change the IROH modules configuration format <a
href="https://github.com/advthreat/tenzin-config/pull/864">#864</a></li>
<li>Change Orbital URL in TEST <a
href="https://github.com/advthreat/tenzin-config/pull/848">#848</a></li>
<li>Remove the tiles APIs from the Orbital module record <a
href="https://github.com/advthreat/tenzin-config/pull/845">#845</a></li>
<li>Add CrowdStrike proxy configuration <a
href="https://github.com/advthreat/tenzin-config/pull/841">#841</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Fix SentinelOne module record conf <a
href="https://github.com/advthreat/tenzin-config/pull/834">#834</a></li>
<li>Support of IROH Proxy for SentinelOne <a
href="https://github.com/advthreat/tenzin-config/pull/828">#828</a></li>
<li>Revert connection manager changes in PROD (2nd attempt) <a
href="https://github.com/advthreat/tenzin-config/pull/827">#827</a></li>
<li>Revert changes in PROD and reduce nb of threads in INT and TEST <a
href="https://github.com/advthreat/tenzin-config/pull/825">#825</a></li>
<li>Increase the number of threads used by the connection manager of the
Relay module <a
href="https://github.com/advthreat/tenzin-config/pull/823">#823</a></li>
</ul>
<h3 id="kirill-chernyshov-11">Kirill Chernyshov [11]</h3>
<h4 id="ctia-2">ctia [2]</h4>
<ul>
<li>Exception handling for bundle export <a
href="https://github.com/advthreat/ctia/pull/1351">#1351</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Default "no-pagination" for feed <a
href="https://github.com/advthreat/ctia/pull/1336">#1336</a></li>
</ul>
<h4 id="iroh-9">iroh [9]</h4>
<ul>
<li>Fix configuration option for event signer <a
href="https://github.com/advthreat/iroh/pull/7777">#7777</a></li>
<li>Add signer options for EventService <a
href="https://github.com/advthreat/iroh/pull/7776">#7776</a></li>
<li>Simplify kafka-producer integration test <a
href="https://github.com/advthreat/iroh/pull/7769">#7769</a></li>
<li>Send event from EventService to kafka topic <a
href="https://github.com/advthreat/iroh/pull/7552">#7552</a></li>
<li>Return promise after sending event to kafka <a
href="https://github.com/advthreat/iroh/pull/7556">#7556</a></li>
<li>IROH-crypto lib <a
href="https://github.com/advthreat/iroh/pull/7544">#7544</a></li>
<li>KafkaProducerService <a
href="https://github.com/advthreat/iroh/pull/7524">#7524</a></li>
<li>Introduce iroh-kafka library <a
href="https://github.com/advthreat/iroh/pull/7505">#7505</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Remove Onyx and Aeron services <a
href="https://github.com/advthreat/iroh/pull/7489">#7489</a></li>
</ul>
<h3 id="shafiq-5">Shafiq [5]</h3>
<h4 id="iroh-4-1">iroh [4]</h4>
<ul>
<li>Add create-event HTTP API <a
href="https://github.com/advthreat/iroh/pull/7557">#7557</a></li>
<li>Add search endpoint for iroh-events <a
href="https://github.com/advthreat/iroh/pull/7528">#7528</a></li>
<li>Add integration test-case for iroh-events search <a
href="https://github.com/advthreat/iroh/pull/7513">#7513</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Separate event-handlers from EventNotifierService <a
href="https://github.com/advthreat/iroh/pull/7437">#7437</a></li>
</ul>
<h4 id="tenzin-config-1">tenzin-config [1]</h4>
<ul>
<li>Configure internal-event-web-service <a
href="https://github.com/advthreat/tenzin-config/pull/844">#844</a></li>
</ul>
<h2 id="auth">auth</h2>
<h3 id="olivier-barbeau-23">Olivier Barbeau [23]</h3>
<h4 id="iroh-22">iroh [22]</h4>
<ul>
<li>fix http status code <a
href="https://github.com/advthreat/iroh/pull/7838">#7838</a></li>
<li>Rework of the script <code>check-changelog-update-time</code> <a
href="https://github.com/advthreat/iroh/pull/7658">#7658</a></li>
<li>RBAC: additional XDR tests <a
href="https://github.com/advthreat/iroh/pull/7634">#7634</a></li>
<li>GitHub Actions: do test coverage only once <a
href="https://github.com/advthreat/iroh/pull/7607">#7607</a></li>
<li>Increase Java Heap size for code coverage - Github Actions workflow
<a href="https://github.com/advthreat/iroh/pull/7585">#7585</a></li>
<li>add workdir for the check <a
href="https://github.com/advthreat/iroh/pull/7573">#7573</a></li>
<li>disable test <a
href="https://github.com/advthreat/iroh/pull/7566">#7566</a></li>
<li>Fail build if html not updated <a
href="https://github.com/advthreat/iroh/pull/7559">#7559</a></li>
<li>RBAC: enable the new XDR role 'Security Analyst Tier 2' <a
href="https://github.com/advthreat/iroh/pull/7545">#7545</a></li>
<li>Issue 7538 refactor of role retrieval <a
href="https://github.com/advthreat/iroh/pull/7540">#7540</a></li>
<li>automated 'revert role' operation with test <a
href="https://github.com/advthreat/iroh/pull/7537">#7537</a></li>
<li>RBAC: Retrocompatibility of the Provisioning API <a
href="https://github.com/advthreat/iroh/pull/7507">#7507</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Refactor around <code>ifn-pred</code> <a
href="https://github.com/advthreat/iroh/pull/7491">#7491</a></li>
<li>set job timeouts to 90 minutes <a
href="https://github.com/advthreat/iroh/pull/7506">#7506</a></li>
<li>set job timeouts to 60 minutes <a
href="https://github.com/advthreat/iroh/pull/7504">#7504</a></li>
<li>Test coverage v2 <a
href="https://github.com/advthreat/iroh/pull/7498">#7498</a></li>
<li>wait for hook to be finished before testing <a
href="https://github.com/advthreat/iroh/pull/7497">#7497</a></li>
<li>Add test coverage report to the Iroh GitHub Actions workflow <a
href="https://github.com/advthreat/iroh/pull/7453">#7453</a></li>
<li>RBAC for Org Access Request <a
href="https://github.com/advthreat/iroh/pull/7465">#7465</a></li>
<li>Issue 7333 rbac invitation service <a
href="https://github.com/advthreat/iroh/pull/7454">#7454</a></li>
<li>RBAC: new XDR tests for login and oauth-clients <a
href="https://github.com/advthreat/iroh/pull/7418">#7418</a></li>
<li>Issue 7413 move steps out of setup job <a
href="https://github.com/advthreat/iroh/pull/7414">#7414</a></li>
</ul>
<h4 id="tenzin-config-1-1">tenzin-config [1]</h4>
<ul>
<li>sets the <code>:xdr-roles</code> feature flag in INT and TEST <a
href="https://github.com/advthreat/tenzin-config/pull/840">#840</a></li>
</ul>
<h3 id="yogsototh-5">(Yogsototh) [5]</h3>
<h4 id="xdr-provisioning-5">xdr-provisioning [5]</h4>
<ul>
<li>Improve help regarding setting env vars</li>
<li>Improve the command line parsing</li>
<li>rename script to .sh</li>
<li>Add onboarding of DI and CSC</li>
<li>Initial provisioning Script</li>
</ul>
<h3 id="bartuka-15">bartuka [15]</h3>
<h4 id="iroh-13">iroh [13]</h4>
<ul>
<li>[IROH Auth] introducing <code>TimeService</code> in
<code>AuthService</code> <a
href="https://github.com/advthreat/iroh/pull/7806">#7806</a></li>
<li>[IROH Auth] allow only <code>iroh-core.time</code> in oauth2.core ns
<a href="https://github.com/advthreat/iroh/pull/7793">#7793</a></li>
<li>[IROH Auth] - Update IROH Web middleware to build short JWTs with
profile data <a
href="https://github.com/advthreat/iroh/pull/7671">#7671</a></li>
<li>[IROH Auth] - update <code>check-refresh-token</code> function <a
href="https://github.com/advthreat/iroh/pull/7669">#7669</a></li>
<li>[IROH Auth] - Update Design docs for Short JWT Epic <a
href="https://github.com/advthreat/iroh/pull/7670">#7670</a></li>
<li>[IROH Auth] <code>/profile/permissions</code> endpoint <a
href="https://github.com/advthreat/iroh/pull/7562">#7562</a></li>
<li>Patch <code>compojure-api</code> to allow endpoints with string-keys
(without keywordize the request <code>:body</code>) <a
href="https://github.com/advthreat/iroh/pull/7574">#7574</a></li>
<li>[IROH Auth] Include route <code>/profile/scopes</code> <a
href="https://github.com/advthreat/iroh/pull/7553">#7553</a></li>
<li>[IROH Auth] - Store Short JWTs <a
href="https://github.com/advthreat/iroh/pull/7476">#7476</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>[IROH Auth] refactor <code>gen-short-tokens</code> to avoid code
duplication <a
href="https://github.com/advthreat/iroh/pull/7485">#7485</a></li>
<li>Allow wildcard login origin in TEST env <a
href="https://github.com/advthreat/iroh/pull/7474">#7474</a></li>
<li>[IROH Auth] Generate Short JWT tokens <a
href="https://github.com/advthreat/iroh/pull/7450">#7450</a></li>
<li>[IROH Auth] Short JWT design <a
href="https://github.com/advthreat/iroh/pull/7436">#7436</a></li>
</ul>
<h4 id="tenzin-1">tenzin [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Update GPG Wanderson Ferreira <a
href="https://github.com/advthreat/tenzin/pull/2648">#2648</a></li>
</ul>
<h4 id="tenzin-config-1-2">tenzin-config [1]</h4>
<ul>
<li>add postgres and redis-cache store for IROH Auth JWTs <a
href="https://github.com/advthreat/tenzin-config/pull/839">#839</a></li>
</ul>
<h3 id="yann-esposito-44">Yann Esposito [44]</h3>
<h4 id="ctia-1">ctia [1]</h4>
<ul>
<li>bump snakeyaml to address CVE-2022-38751 <a
href="https://github.com/advthreat/ctia/pull/1346">#1346</a></li>
</ul>
<h4 id="iroh-30">iroh [30]</h4>
<ul>
<li>Add a missing option to disable default configs <a
href="https://github.com/advthreat/iroh/pull/7805">#7805</a></li>
<li>Add a script to init tokens without login in <a
href="https://github.com/advthreat/iroh/pull/7794">#7794</a></li>
<li>Fix schema for Response <a
href="https://github.com/advthreat/iroh/pull/7804">#7804</a></li>
<li>Add support to onboard a single app <a
href="https://github.com/advthreat/iroh/pull/7796">#7796</a></li>
<li>Add a role instrospection route to help the UI and other clients <a
href="https://github.com/advthreat/iroh/pull/7785">#7785</a></li>
<li>Fix scopes declaration for execute-workflow route <a
href="https://github.com/advthreat/iroh/pull/7799">#7799</a></li>
<li>Fix a Swagger bug due to schema name conflict <a
href="https://github.com/advthreat/iroh/pull/7790">#7790</a></li>
<li>Web api search improvements <a
href="https://github.com/advthreat/iroh/pull/7728">#7728</a></li>
<li>add profile and notification to ao-jwt <a
href="https://github.com/advthreat/iroh/pull/7726">#7726</a></li>
<li>Tk store combinator search queries (AND, OR, NOT) <a
href="https://github.com/advthreat/iroh/pull/7691">#7691</a></li>
<li>Fix a case where the body is <code class="verbatim">nil</code> <a
href="https://github.com/advthreat/iroh/pull/7685">#7685</a></li>
<li>Add xdr-instance-id field to the orgs <a
href="https://github.com/advthreat/iroh/pull/7707">#7707</a></li>
<li>PIAM: Provisioning onboard endpoint <a
href="https://github.com/advthreat/iroh/pull/7659">#7659</a></li>
<li>Add ff scope script <a
href="https://github.com/advthreat/iroh/pull/7680">#7680</a></li>
<li>added a script to add feature-flag scopes from command line <a
href="https://github.com/advthreat/iroh/pull/7676">#7676</a></li>
<li>prefer to use client from DB than client from config <a
href="https://github.com/advthreat/iroh/pull/7672">#7672</a></li>
<li>Align scopes to SXO behaviour <a
href="https://github.com/advthreat/iroh/pull/7673">#7673</a></li>
<li>fix lein start <a
href="https://github.com/advthreat/iroh/pull/7663">#7663</a></li>
<li>PIAM provisioning no idp-mapping for create user <a
href="https://github.com/advthreat/iroh/pull/7655">#7655</a></li>
<li>Default bootstrap &amp; config <a
href="https://github.com/advthreat/iroh/pull/6868">#6868</a></li>
<li>Add Entitlements to Orgs <a
href="https://github.com/advthreat/iroh/pull/7631">#7631</a></li>
<li>Remove yaml to supported format for profile API <a
href="https://github.com/advthreat/iroh/pull/7632">#7632</a></li>
<li>Fix a flaky test in either_test.clj <a
href="https://github.com/advthreat/iroh/pull/7610">#7610</a></li>
<li>Role Matrix representation in the code. <a
href="https://github.com/advthreat/iroh/pull/7583">#7583</a></li>
<li>fix some wording only for admin users view <a
href="https://github.com/advthreat/iroh/pull/7579">#7579</a></li>
<li>Improve User login logs situation <a
href="https://github.com/advthreat/iroh/pull/7555">#7555</a></li>
<li>Added a composable redis.nix <a
href="https://github.com/advthreat/iroh/pull/7535">#7535</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Fix template rendering during invite confirmation <a
href="https://github.com/advthreat/iroh/pull/7480">#7480</a></li>
<li>Display virtual users in the batch get users <a
href="https://github.com/advthreat/iroh/pull/7473">#7473</a></li>
<li>Add the UI session logout into IROH-Auth <a
href="https://github.com/advthreat/iroh/pull/7431">#7431</a></li>
</ul>
<h4 id="tenzin-2">tenzin [2]</h4>
<ul>
<li>use iroh.main for all nodes types <a
href="https://github.com/advthreat/tenzin/pull/2862">#2862</a></li>
<li>Update iroh.job.jinja <a
href="https://github.com/advthreat/tenzin/pull/2861">#2861</a></li>
</ul>
<h4 id="tenzin-config-6">tenzin-config [6]</h4>
<ul>
<li>fix missing iroh-async web-services <a
href="https://github.com/advthreat/tenzin-config/pull/884">#884</a></li>
<li>align iroh and iroh-async confs <a
href="https://github.com/advthreat/tenzin-config/pull/883">#883</a></li>
<li>Add CSC onboarding URLs <a
href="https://github.com/advthreat/tenzin-config/pull/875">#875</a></li>
<li>fix provisioning service <a
href="https://github.com/advthreat/tenzin-config/pull/863">#863</a></li>
<li>PIAM config change (+ boostrap cleanup) <a
href="https://github.com/advthreat/tenzin-config/pull/677">#677</a></li>
<li>add perf.orbital.threatgrid.com to allowed login origin <a
href="https://github.com/advthreat/tenzin-config/pull/854">#854</a></li>
</ul>
<h4 id="xdr-provisioning-5-1">xdr-provisioning [5]</h4>
<ul>
<li>Improve help regarding setting env vars</li>
<li>Improve the command line parsing</li>
<li>rename script to .sh</li>
<li>Add onboarding of DI and CSC</li>
<li>Initial provisioning Script</li>
</ul>
<h2 id="iroh-ops">iroh-ops</h2>
<h3 id="patrick-patat-19">Patrick Patat [19]</h3>
<h4 id="iroh-ops-18">iroh-ops [18]</h4>
<ul>
<li>Merge pull request #69 from advthreat/riemann-asg</li>
<li>Merge pull request #66 from advthreat/pg-cname</li>
<li>Merge pull request #65 from advthreat/minor-fix</li>
<li>Merge pull request #64 from advthreat/vector-docker</li>
<li>Merge pull request #63 from advthreat/asg-refresh</li>
<li>Merge pull request #61 from advthreat/auto-deploy</li>
<li>Merge pull request #60 from advthreat/webex-notif</li>
<li>Merge pull request #57 from advthreat/qualys</li>
<li>Merge pull request #56 from advthreat/dynamodb_backup</li>
<li>Merge pull request #55 from advthreat/iroh-queue</li>
<li>Merge pull request #52 from advthreat/nomad-job</li>
<li>Merge pull request #54 from advthreat/vault-stats</li>
<li>Merge pull request #48 from advthreat/vault-pki</li>
<li>Merge pull request #47 from advthreat/nomad-docker-config</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Merge pull request #41 from advthreat/codebuild-fix</li>
<li>Merge pull request #40 from advthreat/ansible-codebuild</li>
<li>Merge pull request #37 from advthreat/fix-host</li>
<li>Merge pull request #35 from advthreat/instances_route53</li>
</ul>
<h4 id="tenzin-1-1">tenzin [1]</h4>
<ul>
<li>allows iroh-ops dev platform to access redis <a
href="https://github.com/advthreat/tenzin/pull/2755">#2755</a></li>
</ul>
<h3 id="jerome-schneider-81">Jerome Schneider [81]</h3>
<h4 id="iroh-ops-24">iroh-ops [24]</h4>
<ul>
<li>render s3 artefacts generic and create a releases bucket</li>
<li>datadog: improve logging</li>
<li>add vector support for os logging</li>
<li>tf peering: don't peering public subnets</li>
<li>Add Datadog agent on all instances and specific setup for Nomad and
Consul</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>vpnator: remove cloudtrail support for the moment</li>
<li>ansible: migrate jerschne on master</li>
<li>iam_lambda_ec2_route53: re-add rights on EC2</li>
<li>improve iam management and adapt Ansible for it</li>
<li>tfw: manage correctly workspaces</li>
<li>switch jerschne on ansible master</li>
<li>Create a new env and manage terraform workspaces</li>
<li>dev: cleaning configuration</li>
<li>only one s3 bucket and dynamodb table per account for tfstates</li>
<li>Ansible: add Mitogen to improve performances (issue #26)</li>
<li>requirements.txt: add missing dependencies</li>
<li>vim: add a vimrc example</li>
<li>scripts/tfw: fixed json debugging message and exit message when it
failed</li>
<li>README is a markdown file</li>
<li>README.md: fix path</li>
<li>Migrate iroh-ops TF to Terraform Wrapper (tfw)</li>
<li>Add a Terraform Wrapper (tfw) that improve Terraform var files</li>
<li>ansible add a quick readme and a requirements.txt</li>
<li>TF: add kafka support</li>
</ul>
<h4 id="tenzin-57">tenzin [57]</h4>
<ul>
<li>Upgrade TF AWS provider</li>
<li>iroh-async: resize ASG and add downscaling support</li>
<li>iroh: add iroh signer certificates</li>
<li>ASG: Drain Nomad nodes before terminating instances</li>
<li>PROD AP: allows iroh-queue-monitor to put metric in Cloudwatch</li>
<li>PROD EU: allows iroh-queue-monitor to put metric in Cloudwatch</li>
<li>PROD US: allows iroh-queue-monitor to put metric in Cloudwatch</li>
<li>STAGE: allows iroh-queue-monitor to put metric in Cloudwatch</li>
<li>TEST: allows iroh-queue-monitor to put metric in Cloudwatch</li>
<li>INT: allows iroh-queue-monitor to put metric in Cloudwatch</li>
<li>Terraform: configure vault provider</li>
<li>iroh-async: resize instances and memory usage</li>
<li>PROD EU: Conure add IAM policy</li>
<li>PROD APJC: Conure add IAM policy</li>
<li>PROD NAM: Conure add IAM policy</li>
<li>STAGE: add Conure support</li>
<li>TEST: add new Conure IAM role</li>
<li>INT: add new Conure IAM role</li>
<li>iroh allows iroh-internal.*.iroh.site domains</li>
<li>add private-ctia-update-index-state on TEST,STAGE and PROD</li>
<li>STAGE: add iroh-internal support</li>
<li>PROD US: add iroh-internal support</li>
<li>PROD EU: add iroh-internal support</li>
<li>PROD APJC: add iroh-internal support</li>
<li>TEST: add iroh-internal support</li>
<li>INT: add iroh-internal support</li>
<li>RDS PostgreSQL: force SSL connections by default</li>
<li>add private-ctia-update-index-state job to update ES index
mapping</li>
<li>Iroh Async use custom metrics to scale</li>
<li>remove iroh-tooling</li>
<li>iroh-admin INT: revert breaking instance change</li>
<li>Caddy private: allow es-metrics for iroh-ops</li>
<li>allows iroh-ops dev platform to access to private caddy</li>
<li>PostgreSQL Conure change instances for PROD and TEST</li>
<li>add Conure RDS PostgreSQL on PROD and TEST</li>
<li>PROD EU: destroy iroh-investigate and iroh-incident</li>
<li>PROD APJC: destroy iroh-incident and iroh-investigate</li>
<li>PROD NAM: remove iroh-incident and iroh-investigate</li>
<li>TEST: destroy iroh-incident and iroh-investigate</li>
<li>improve</li>
<li>iroh-async: add downscaling!</li>
<li>INT/TEST: fixed iroh-admin conf to allow iroh-queue-monitor</li>
<li>INT: new RDS PostgreSQL for Conure</li>
<li>INT: remove iroh-incident and iroh-investigate</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Nomad jobs: fix MaxParallel when auto scaling is enabled!</li>
<li>iroh job: change the grace period from 120s to 180s</li>
<li>iroh-queue-monitor: migrate it on full https and allow access from
private rp</li>
<li>elasticache: change creation timeout</li>
<li>add dedicated Elasticache Redis for iroh-async</li>
<li>PROD APJC: add iroh-async support</li>
<li>PROD EU: add iroh-async support</li>
<li>PROD US: add iroh-async support</li>
<li>TEST: add iroh-async support</li>
<li>add a new iroh-async to replace iroh-investigate and
iroh-incident</li>
<li>iroh-admin nomad job: extend grace delay and add one more status
check</li>
<li>prod US: this PR allows tier3 engineers to manage SES suppression
list</li>
<li>allow iroh-tooling to access to RDS PostgreSQL</li>
</ul>
<h1 id="other">Other</h1>
<h2 id="other-1">Other</h2>
<h3 id="krishna-ganugapenta-32">krishna Ganugapenta [32]</h3>
<h4 id="tenzin-31">tenzin [31]</h4>
<ul>
<li>Mia Lehrer(milhrer) gpg key updated <a
href="https://github.com/advthreat/tenzin/pull/2725">#2725</a></li>
<li>Securex-news decommission from tenzin <a
href="https://github.com/advthreat/tenzin/pull/2876">#2876</a></li>
<li>ASG size bumped to negate excessive CPU useage <a
href="https://github.com/advthreat/tenzin/pull/2869">#2869</a></li>
<li>updated SG rules count for iroh-front-end <a
href="https://github.com/advthreat/tenzin/pull/2866">#2866</a></li>
<li>IAM policy to access cloudtrail logs s3 bucket <a
href="https://github.com/advthreat/tenzin/pull/2840">#2840</a></li>
<li>Fixing asea modules not in sync with AWS infra <a
href="https://github.com/advthreat/tenzin/pull/2828">#2828</a></li>
<li>logstash-cloudtrail versions updated in jobs.sls <a
href="https://github.com/advthreat/tenzin/pull/2812">#2812</a></li>
<li>IROH_ASYNC asg capacity increase <a
href="https://github.com/advthreat/tenzin/pull/2813">#2813</a></li>
<li>Logstash-cloudtrail filter settings have modified <a
href="https://github.com/advthreat/tenzin/pull/2808">#2808</a></li>
<li>Asea services tf modules removed from TEST to sync with AWS infra <a
href="https://github.com/advthreat/tenzin/pull/2800">#2800</a></li>
<li>tenzin-config files updated to intelligence app <a
href="https://github.com/advthreat/tenzin/pull/2779">#2779</a></li>
<li>Fixing logstash config file permission issue <a
href="https://github.com/advthreat/tenzin/pull/2765">#2765</a></li>
<li>Added read and write permission to logstash.yml <a
href="https://github.com/advthreat/tenzin/pull/2763">#2763</a></li>
<li>prestart task added to prevent permissions error <a
href="https://github.com/advthreat/tenzin/pull/2762">#2762</a></li>
<li>Added a new set variable for logstash-cloudtrail <a
href="https://github.com/advthreat/tenzin/pull/2760">#2760</a></li>
<li>Fixing logstash-cloudtrail nomad job config temp <a
href="https://github.com/advthreat/tenzin/pull/2759">#2759</a></li>
<li>Added a missing template for logstash-cloudtrail <a
href="https://github.com/advthreat/tenzin/pull/2757">#2757</a></li>
<li>Logstash-cloudtrail job to collect logs <a
href="https://github.com/advthreat/tenzin/pull/2756">#2756</a></li>
<li>XDR decommission from nomad cluster <a
href="https://github.com/advthreat/tenzin/pull/2684">#2684</a></li>
<li>SQS queue url fixed for logstash-cloudtrail nomad job <a
href="https://github.com/advthreat/tenzin/pull/2710">#2710</a></li>
<li>SQS queue url has got updated to logstash-cloudtrail job <a
href="https://github.com/advthreat/tenzin/pull/2709">#2709</a></li>
<li>filebeat and beats configuration updated <a
href="https://github.com/advthreat/tenzin/pull/2707">#2707</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Removal of accesskey/secret key from logstash-cloudtrail job <a
href="https://github.com/advthreat/tenzin/pull/2702">#2702</a></li>
<li>Added vault policy to oss nodes to fix logstash-cloudtrail nomad job
issue <a
href="https://github.com/advthreat/tenzin/pull/2700">#2700</a></li>
<li>Caddy port lable fix for logstash-cloudtrail job <a
href="https://github.com/advthreat/tenzin/pull/2698">#2698</a></li>
<li>Logstash job to retrieve cloudtrail logs from S3 <a
href="https://github.com/advthreat/tenzin/pull/2696">#2696</a></li>
<li>Enabled securex-ui-incidents for PROD <a
href="https://github.com/advthreat/tenzin/pull/2650">#2650</a></li>
<li>XDR shell app PROD config added <a
href="https://github.com/advthreat/tenzin/pull/2624">#2624</a></li>
<li>Conure DB access policy updated <a
href="https://github.com/advthreat/tenzin/pull/2627">#2627</a></li>
<li>xdr-apps configuration removed form caddy public <a
href="https://github.com/advthreat/tenzin/pull/2649">#2649</a></li>
<li>Caddy Path based routing changes reverted <a
href="https://github.com/advthreat/tenzin/pull/2623">#2623</a></li>
</ul>
<h4 id="tenzin-config-1-3">tenzin-config [1]</h4>
<ul>
<li>Securex-news removal from tenzin and tenzin-config <a
href="https://github.com/advthreat/tenzin-config/pull/869">#869</a></li>
</ul>
<h3 id="tancredi-orlando-1">Tancredi Orlando [1]</h3>
<h4 id="easy-purescript-nix-1">easy-purescript-nix [1]</h4>
<ul>
<li>purs-tidy: 0.9.0 -&gt; 0.9.2</li>
</ul>
<h3 id="milehrer-15">milehrer [15]</h3>
<h4 id="iroh-engine-15">iroh-engine [15]</h4>
<ul>
<li>move forward if no new targets or asset</li>
<li>prepare for 0.15.4</li>
<li>decouple first asset check from asset enrichment</li>
<li>change -&gt;instant to parse</li>
<li>write asset-enrich pipeline v1</li>
<li>Prepare for v0.14.6</li>
<li>update iroh service-wrapper to expect resolve-latest</li>
<li>add resolve-latest-assets iroh protocol and endpoint</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>prepare for v0.14.5</li>
<li>the less we talk about this, the better</li>
<li>prepare for version 0.14.4</li>
<li>make data in enrichment bundles align with real life</li>
<li>prepare for 0.14.3</li>
<li>remove deprecated trojansource step from github workflow</li>
<li>remove transient id generation from assets as DI now does it
instead</li>
</ul>
<h3 id="joel-holdbrooks-2">Joel Holdbrooks [2]</h3>
<h4 id="iroh-engine-2">iroh-engine [2]</h4>
<ul>
<li>Merge pull request #1373 from advthreat/noprompt-patch-1</li>
<li>Update unit_test.yml</li>
</ul>
<h3 id="michael-whitley-3">Michael Whitley [3]</h3>
<h4 id="response-3">response [3]</h4>
<ul>
<li>Update access-request.md</li>
<li>Update access-request.md</li>
<li>Update access-request.md</li>
</ul>
<h3 id="sofiia-mykytiuk-43">Sofiia Mykytiuk [43]</h3>
<h4 id="tenzin-43">tenzin [43]</h4>
<ul>
<li>Update VPNator in TEST, STAGE and PROD <a
href="https://github.com/advthreat/tenzin/pull/2932">#2932</a></li>
<li>Update STAGE docs S3 bucket <a
href="https://github.com/advthreat/tenzin/pull/2938">#2938</a></li>
<li>Update VPNator lambda functions in INT <a
href="https://github.com/advthreat/tenzin/pull/2929">#2929</a></li>
<li>Update min capacity for ASG in backup regions <a
href="https://github.com/advthreat/tenzin/pull/2917">#2917</a></li>
<li>Update readme in terraform folders for backup regions <a
href="https://github.com/advthreat/tenzin/pull/2896">#2896</a></li>
<li>Saltstack changes for backup regions <a
href="https://github.com/advthreat/tenzin/pull/2822">#2822</a></li>
<li>ROAdmin role for STAGE and PROD <a
href="https://github.com/advthreat/tenzin/pull/2909">#2909</a></li>
<li>Update saml in terraform to sync with AWS STAGE and PROD accounts <a
href="https://github.com/advthreat/tenzin/pull/2910">#2910</a></li>
<li>ROAdmin role for INT <a
href="https://github.com/advthreat/tenzin/pull/2903">#2903</a></li>
<li>Add nodes to ES-metrics cluster in EU <a
href="https://github.com/advthreat/tenzin/pull/2905">#2905</a></li>
<li>Remove Data VPNator from PROD <a
href="https://github.com/advthreat/tenzin/pull/2868">#2868</a></li>
<li>Terraform changes for backup regions <a
href="https://github.com/advthreat/tenzin/pull/2882">#2882</a></li>
<li>Remove modules needed for S3 batch operations <a
href="https://github.com/advthreat/tenzin/pull/2884">#2884</a></li>
<li>Disable replication for es-metrics <a
href="https://github.com/advthreat/tenzin/pull/2850">#2850</a></li>
<li>Update infrastructure diagram with second VPN <a
href="https://github.com/advthreat/tenzin/pull/2871">#2871</a></li>
<li>Remove data-vpnator from INT <a
href="https://github.com/advthreat/tenzin/pull/2855">#2855</a></li>
<li>PKI update for backup regions <a
href="https://github.com/advthreat/tenzin/pull/2842">#2842</a></li>
<li>Update vpnator script for new OPS setup <a
href="https://github.com/advthreat/tenzin/pull/2817">#2817</a></li>
<li>Fix module deletition <a
href="https://github.com/advthreat/tenzin/pull/2825">#2825</a></li>
<li>Remove cleaner lambda setup from INT, TEST <a
href="https://github.com/advthreat/tenzin/pull/2823">#2823</a></li>
<li>Module to setup new vpnator for OPS VPN in INT <a
href="https://github.com/advthreat/tenzin/pull/2816">#2816</a></li>
<li>Modules to setup VPNator for OPS VPN in PROD <a
href="https://github.com/advthreat/tenzin/pull/2814">#2814</a></li>
<li>BCP: Update readme with bastion info <a
href="https://github.com/advthreat/tenzin/pull/2456">#2456</a></li>
<li>Terraform modules update for TEST backup region <a
href="https://github.com/advthreat/tenzin/pull/2796">#2796</a></li>
<li>New PROD VPNator setup for non-ops VPN setup <a
href="https://github.com/advthreat/tenzin/pull/2748">#2748</a></li>
<li>Remove not needed permissions for kms-ssm in STAGE <a
href="https://github.com/advthreat/tenzin/pull/2733">#2733</a></li>
<li>Changing KMS key in Vault unseal config in STAGE <a
href="https://github.com/advthreat/tenzin/pull/2732">#2732</a></li>
<li>Adding permissions to kms-vault key <a
href="https://github.com/advthreat/tenzin/pull/2712">#2712</a></li>
<li>Remove permissions for kms-ssm from hashistack policy INT and TEST
<a href="https://github.com/advthreat/tenzin/pull/2719">#2719</a></li>
<li>Terraform modules update for TEST backup region <a
href="https://github.com/advthreat/tenzin/pull/2724">#2724</a></li>
<li>Changing unseal configuration for Vault in INT <a
href="https://github.com/advthreat/tenzin/pull/2718">#2718</a></li>
<li>Permissions for kms-vault key in INT and STAGE <a
href="https://github.com/advthreat/tenzin/pull/2706">#2706</a></li>
<li>KMS vault key material for INT and STAGE <a
href="https://github.com/advthreat/tenzin/pull/2705">#2705</a></li>
<li>New kms-vault key material <a
href="https://github.com/advthreat/tenzin/pull/2711">#2711</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Permissions for new kms-vault key in TEST backup region <a
href="https://github.com/advthreat/tenzin/pull/2695">#2695</a></li>
<li>Fix permissions for kms-vault key <a
href="https://github.com/advthreat/tenzin/pull/2692">#2692</a></li>
<li>Changing kms key in autounseal Vault config for TEST <a
href="https://github.com/advthreat/tenzin/pull/2680">#2680</a></li>
<li>Update README.md <a
href="https://github.com/advthreat/tenzin/pull/2686">#2686</a></li>
<li>Update salt to read datadog api key from SSM <a
href="https://github.com/advthreat/tenzin/pull/2679">#2679</a></li>
<li>Adding permissions for new kms-vault key for hashistack nodes in
TEST env <a
href="https://github.com/advthreat/tenzin/pull/2670">#2670</a></li>
<li>Adding permissions for datadog ssm parameter <a
href="https://github.com/advthreat/tenzin/pull/2663">#2663</a></li>
<li>Comment not needed references <a
href="https://github.com/advthreat/tenzin/pull/2656">#2656</a></li>
<li>KMS Vault key <a
href="https://github.com/advthreat/tenzin/pull/2668">#2668</a></li>
</ul>
<h3 id="will-lorand-1">Will Lorand [1]</h3>
<h4 id="iroh-1">iroh [1]</h4>
<ul>
<li>Update summary.org <a
href="https://github.com/advthreat/iroh/pull/7603">#7603</a></li>
</ul>
<h3 id="dmytro-budko-5">Dmytro Budko [5]</h3>
<h4 id="tenzin-5">tenzin [5]</h4>
<ul>
<li>SXOPS-630 Invalidate a CloudFront cache for INT/TEST after push
changes <a
href="https://github.com/advthreat/tenzin/pull/2897">#2897</a></li>
<li>SXOPS-191 Terraform: Bring INT and Test into sync with AWS (DOCS
INT/TEST) <a
href="https://github.com/advthreat/tenzin/pull/2889">#2889</a></li>
<li>SXOPS-616 DataDog agent not able to collect metrics (SLM) from ES <a
href="https://github.com/advthreat/tenzin/pull/2878">#2878</a></li>
<li>SXOPS-539 EC2 Keypair rotation for INT and TEST <a
href="https://github.com/advthreat/tenzin/pull/2787">#2787</a></li>
<li>SXOPS-539 Offboard Vadym Kiz <a
href="https://github.com/advthreat/tenzin/pull/2784">#2784</a></li>
</ul>
<h3 id="cisco-boz-1">Cisco Boz [1]</h3>
<h4 id="tenzin-1-2">tenzin [1]</h4>
<ul>
<li>Replace Threat Response -&gt; XDR for 502 pages on caddy-* public
&amp; private <a
href="https://github.com/advthreat/tenzin/pull/2934">#2934</a></li>
</ul>
<h3 id="patrick-patat-72">Patrick Patat [72]</h3>
<h4 id="iroh-ops-71">iroh-ops [71]</h4>
<ul>
<li>install and config riemann on asg</li>
<li>add riemann &amp; reimann_telemetry servers</li>
<li>add vault token for ansible</li>
<li>add rds pg cname and bump tf min version to 1.4</li>
<li>install vector after all (due to app log deps)</li>
<li>add vector config for docker with nomad</li>
<li>add auto instance refresh</li>
<li>disable notready service add the end of ansible run</li>
<li>remove unattended-upgrades pkg and ignore qualys server</li>
<li>setup a lambda that run ansible nomad-jobs when a new app version is
pushed to s3</li>
<li>override nomad jobs version with versions.json from s3 bucket
artefacts (needed for auto deployement)</li>
<li>add codebuild fail notification via webex</li>
<li>simplify sg rule and rename a boolean var</li>
<li>add doc for qualys setup</li>
<li>add qualys instances and extends customasation of instances, asg
&amp; sgs</li>
<li>create an aws backup vault and plan for dynamodb backup</li>
<li>create redis-async.iroh.dev.sh cname to tenzin's redis</li>
<li>add add iroh-queue-monitor, add http check for nomad jobs</li>
<li>config vault telemetry to send data to datadog</li>
<li>add role nomad-jobs with exemple job iroh &amp; hello, add related
caddy config for private rp</li>
<li>add python-nomad to manage job, add dogstatsd as volume &amp; add
metadata from docker</li>
<li>add iroh-ro vault policy</li>
<li>add vault ca to ssm, put vault ca on caddy vm &amp; update nomad
config for vault and docker</li>
<li>create custom modules for vault and aws private acm &amp; configure
vault internal pki</li>
<li>allow vault servers to query aws private acm</li>
<li>add docker registry and app_server role for docker registry use</li>
<li>move docker repo conf to linux base &amp; update nomad config</li>
<li>add .yml to group_vars files</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>create one codebuild job per env</li>
<li>change codebuild default env var to '' and fix missing env var in
user_data</li>
<li>create codebuild ansible-run and replace user_data local ansible
with codebuild trigger</li>
<li>push new admin key in user admin authorized keys</li>
<li>fix hostname config</li>
<li>add lambda to create/delete ec2 dns record on start and
terminate</li>
<li>centralize apt config &amp; set hostname and prompt</li>
<li>configure vault server &amp; add caddy vault config</li>
<li>refactor route53 lb cnames creation</li>
<li>upgrade vault instances config</li>
<li>split iam in mutliple file and add iam for vault instances</li>
<li>add dynamodb for vault</li>
<li>add CODEOWNERS file</li>
<li>remove openvpn push dns (useless with iroh.sh)</li>
<li>upgrade tf and ansible for caddy https with letsencrypt</li>
<li>upgrade dns config with iroh.sh &amp; iroh.services</li>
<li>secure all comunications between consul nomad and rps</li>
<li>do not redeploy instances on ami upgrade</li>
<li>refactor pki</li>
<li>fix: encode in base64 ssm parameters</li>
<li>Revert "temporaly disable encrypt communication for nomad and
consul"</li>
<li>pki for internal certs</li>
<li>use ansible-pull in user_data to config vm at first boot</li>
<li>use t4.small instead of t4.nano</li>
<li>add linux users config</li>
<li>fix: add hashicorp apt in vaul role</li>
<li>upgrade for private rp</li>
<li>add role and playbook for caddy private rp</li>
<li>move hashicorp's apt config to role nomad &amp; consul (do need it
on all vms)</li>
<li>add bastion and openvpn role, playbook and group_vars</li>
<li>temporaly disable encrypt communication for nomad and consul</li>
<li>replace _ with - in node name (need to be dns compatible)</li>
<li>add python3-boto3 to linux_base_pkgs</li>
<li>temporary allow everything from vpn</li>
<li>disable source_dest_check for vpn and add bastion dns name</li>
<li>upgrade for vpn server</li>
<li>ansible typos and code style</li>
<li>refactoring asgs &amp; security groups</li>
<li>refactor terraform asgs</li>
<li>use boolean value instead of strings, add tags in tasks and other
minor fixes</li>
<li>improve ansible.cfg, remove debug, fix unbound config</li>
<li>add load_balancer, app_server private_rp, remove caps from ressource
names</li>
<li>ansible bootstrap</li>
</ul>
<h4 id="tenzin-1-3">tenzin [1]</h4>
<ul>
<li>allows iroh-ops dev platform to access rds</li>
</ul>
<h3 id="yurii-ivanisenko-12">Yurii Ivanisenko [12]</h3>
<h4 id="tenzin-11">tenzin [11]</h4>
<ul>
<li>Add muhammad imran (muhammim) gpg key <a
href="https://github.com/advthreat/tenzin/pull/2899">#2899</a></li>
<li>Give Muhammad Imran (muhammim) SSH access <a
href="https://github.com/advthreat/tenzin/pull/2898">#2898</a></li>
<li>removed walkme-ci tf module files and vpn users <a
href="https://github.com/advthreat/tenzin/pull/2841">#2841</a></li>
<li>removed all saltstack entries with user vilakkak <a
href="https://github.com/advthreat/tenzin/pull/2818">#2818</a></li>
<li>removed TF module CloudWatch-lambda-sca-whitelist-testing <a
href="https://github.com/advthreat/tenzin/pull/2804">#2804</a></li>
<li>added diagrams for CTR_AWS and TAC-portal <a
href="https://github.com/advthreat/tenzin/pull/2717">#2717</a></li>
<li>align with INT lambda settings for Thousendeyes WL and TEST R53
recor… <a
href="https://github.com/advthreat/tenzin/pull/2715">#2715</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>fix CSP directives for visibility.amp in APJC and EU regions <a
href="https://github.com/advthreat/tenzin/pull/2689">#2689</a></li>
<li>fixed tab instead of spaces in caddy.yaml NAM <a
href="https://github.com/advthreat/tenzin/pull/2681">#2681</a></li>
<li>Caddy public job - added templates for TAC certificates <a
href="https://github.com/advthreat/tenzin/pull/2674">#2674</a></li>
<li>Added configs for TAC portal prod <a
href="https://github.com/advthreat/tenzin/pull/2666">#2666</a></li>
</ul>
<h4 id="tenzin-config-1-4">tenzin-config [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Added config.json for Tactical-portal in PROD regions <a
href="https://github.com/advthreat/tenzin-config/pull/817">#817</a></li>
</ul>
<h3 id="robert-levy-5">Robert Levy [5]</h3>
<h4 id="iroh-5-1">iroh [5]</h4>
<ul>
<li>fix dev-resources config to use the correct key signer-ops instead
of signer <a
href="https://github.com/advthreat/iroh/pull/7778">#7778</a></li>
<li>Add registered trademark to MITRE tile title <a
href="https://github.com/advthreat/iroh/pull/7775">#7775</a></li>
<li>Incidents' Detection Sources Tile <a
href="https://github.com/advthreat/iroh/pull/7725">#7725</a></li>
<li>top-targeted assets tile for control center (ctia investigate
module) <a
href="https://github.com/advthreat/iroh/pull/7689">#7689</a></li>
<li>MITRE Attack incidents tile <a
href="https://github.com/advthreat/iroh/pull/7523">#7523</a></li>
</ul>
<h3 id="mia-36">Mia [36]</h3>
<h4 id="iroh-22-1">iroh [22]</h4>
<ul>
<li>Update risk score docs to include overview of enrich-targets process
<a href="https://github.com/advthreat/iroh/pull/7773">#7773</a></li>
<li>log asset retrieval failure <a
href="https://github.com/advthreat/iroh/pull/7743">#7743</a></li>
<li>Separate risk score engine calls <a
href="https://github.com/advthreat/iroh/pull/7742">#7742</a></li>
<li>log bundle <a
href="https://github.com/advthreat/iroh/pull/7737">#7737</a></li>
<li>Flag observe targets <a
href="https://github.com/advthreat/iroh/pull/7697">#7697</a></li>
<li>remove verbose logs from risk score calculation <a
href="https://github.com/advthreat/iroh/pull/7618">#7618</a></li>
<li>FIXME temp log bundle-import-payload <a
href="https://github.com/advthreat/iroh/pull/7609">#7609</a></li>
<li>handle explicit nil cases for asset value <a
href="https://github.com/advthreat/iroh/pull/7604">#7604</a></li>
<li>Correct describe assets <a
href="https://github.com/advthreat/iroh/pull/7600">#7600</a></li>
<li>adjust logging <a
href="https://github.com/advthreat/iroh/pull/7596">#7596</a></li>
<li>Resolve latest asset log params <a
href="https://github.com/advthreat/iroh/pull/7594">#7594</a></li>
<li>add asset:read scope to token used for engine-service <a
href="https://github.com/advthreat/iroh/pull/7571">#7571</a></li>
<li>Iroh engine latest assets <a
href="https://github.com/advthreat/iroh/pull/7554">#7554</a></li>
<li>Update bundle import <a
href="https://github.com/advthreat/iroh/pull/7542">#7542</a></li>
<li>Fix risk score bundle import <a
href="https://github.com/advthreat/iroh/pull/7534">#7534</a></li>
<li>fix a typo in engine config introduce default consistent with engine
<a href="https://github.com/advthreat/iroh/pull/7525">#7525</a></li>
<li>Fix risk score auth <a
href="https://github.com/advthreat/iroh/pull/7517">#7517</a></li>
<li>Fix risk score auth <a
href="https://github.com/advthreat/iroh/pull/7516">#7516</a></li>
<li>Fix risk score auth with tests this time <a
href="https://github.com/advthreat/iroh/pull/7515">#7515</a></li>
<li>add auth token to bundle export header in risk score <a
href="https://github.com/advthreat/iroh/pull/7514">#7514</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>implement final risk score <a
href="https://github.com/advthreat/iroh/pull/7486">#7486</a></li>
<li>7342 preliminary risk score <a
href="https://github.com/advthreat/iroh/pull/7460">#7460</a></li>
</ul>
<h4 id="iroh-engine-13">iroh-engine [13]</h4>
<ul>
<li>Merge pull request #1385 from advthreat/v0.15.4-rc</li>
<li>Merge pull request #1384 from
advthreat/separate-add-assets-and-enrich-targets</li>
<li>Merge pull request #1371 from advthreat/testy-tests</li>
<li>Merge pull request #1367 from advthreat/v0.14.6-rc</li>
<li>Merge pull request #1366 from
advthreat/add-resolve-latest-assets</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Merge pull request #1365 from advthreat/v0.14.5-rc</li>
<li>Merge pull request #1364 from advthreat/change-test-again</li>
<li>Merge branch 'main' into change-test-again</li>
<li>Merge pull request #1363 from advthreat/v0.14.4-rc</li>
<li>Merge pull request #1362 from
advthreat/calculate-preliminary-risk-score</li>
<li>Merge pull request #1360 from advthreat/v0.14.3-rc</li>
<li>Merge pull request #1359 from advthreat/remove-trojansource</li>
<li>Merge pull request #1358 from advthreat/remove-transient-ids</li>
</ul>
<h4 id="tenzin-config-1-5">tenzin-config [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>flip feature flag in INT for score-based incident enrichment <a
href="https://github.com/advthreat/tenzin-config/pull/833">#833</a></li>
</ul>
<h3 id="devin-walters-5">Devin Walters [5]</h3>
<h4 id="iroh-engine-5">iroh-engine [5]</h4>
<ul>
<li>Prepare 0.15.2</li>
<li>Coerce to instant after reading as ZDT</li>
<li>Assert sightings</li>
<li>Let up</li>
<li>Use investigable-observables, promises delivered, add verdict</li>
</ul>
<h3 id="vadym-kiz-3">Vadym Kiz [3]</h3>
<h4 id="tenzin-3">tenzin [3]</h4>
<ul>
<li>SXOPS-361 GitHub self-hosted runners for SecureX UI monorepo <a
href="https://github.com/advthreat/tenzin/pull/2635">#2635</a></li>
<li>Datadog: enable slm_stats <a
href="https://github.com/advthreat/tenzin/pull/2778">#2778</a></li>
<li>SSH access - jbusboom <a
href="https://github.com/advthreat/tenzin/pull/2738">#2738</a></li>
</ul>
<h3 id="ag-ibragimov-8">Ag Ibragimov [8]</h3>
<h4 id="iroh-4-2">iroh [4]</h4>
<ul>
<li>Unassigned Incidents Tile should show relative time <a
href="https://github.com/advthreat/iroh/pull/7824">#7824</a></li>
<li>Control center: Navigate to Incidents page from tile <a
href="https://github.com/advthreat/iroh/pull/7760">#7760</a></li>
<li>Control Center Detection Sources Tile: Fixes query parenthesizing
<a href="https://github.com/advthreat/iroh/pull/7759">#7759</a></li>
<li>API work for unassigned incidents <a
href="https://github.com/advthreat/iroh/pull/7682">#7682</a></li>
</ul>
<h4 id="tenzin-config-4-1">tenzin-config [4]</h4>
<ul>
<li>adds :xdr-site-url <a
href="https://github.com/advthreat/tenzin-config/pull/885">#885</a></li>
<li>adds detection sources config for PROD <a
href="https://github.com/advthreat/tenzin-config/pull/881">#881</a></li>
<li>additional client_id for incident sources <a
href="https://github.com/advthreat/tenzin-config/pull/877">#877</a></li>
<li>adds incident sources: test, int <a
href="https://github.com/advthreat/tenzin-config/pull/873">#873</a></li>
</ul>
<h3 id="justin-woo-2">Justin Woo [2]</h3>
<h4 id="easy-purescript-nix-2">easy-purescript-nix [2]</h4>
<ul>
<li>Merge pull request #219 from turlando/purs-tidy-0.9.2</li>
<li>Merge pull request #218 from paluh/master</li>
</ul>
<h3 id="dependabotbot-0">dependabot[bot] [0]</h3>
<h3 id="sam-waggoner-4">Sam Waggoner [4]</h3>
<h4 id="ctia-1-1">ctia [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>threatgrid/ctim/#381 Migrate actor 1.2.0 <a
href="https://github.com/advthreat/ctia/pull/1323">#1323</a></li>
</ul>
<h4 id="tenzin-config-3">tenzin-config [3]</h4>
<ul>
<li>Add hydrant es-metrics configs for events.</li>
<li>Fix hydrant-talos-ta-blog misnamed http-options.</li>
<li>advthreat/hydrant#721 update talos blog http-options.</li>
</ul>
<h3 id="ii-9">II [9]</h3>
<h4 id="iroh-7">iroh [7]</h4>
<ul>
<li>Issue 7455 - Minor cleanup from XDR tiles merge <a
href="https://github.com/advthreat/iroh/pull/7695">#7695</a></li>
<li>6963 implements one-click module wrapper endpoint <a
href="https://github.com/advthreat/iroh/pull/7315">#7315</a></li>
<li>Issue 7647 AMP observe targets <a
href="https://github.com/advthreat/iroh/pull/7661">#7661</a></li>
<li>Issue 7647 - IObserveTargetModule protocol <a
href="https://github.com/advthreat/iroh/pull/7651">#7651</a></li>
<li>Ao shortcut use unique names <a
href="https://github.com/advthreat/iroh/pull/7627">#7627</a></li>
<li>Ao docs formatting fixes <a
href="https://github.com/advthreat/iroh/pull/7625">#7625</a></li>
<li>Issue 7550 ao workflow exec shortcut <a
href="https://github.com/advthreat/iroh/pull/7617">#7617</a></li>
</ul>
<h4 id="tenzin-config-2">tenzin-config [2]</h4>
<ul>
<li>Adds one-click service to bootstrap.cfg files <a
href="https://github.com/advthreat/tenzin-config/pull/862">#862</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Tac portal PROD login origins <a
href="https://github.com/advthreat/tenzin-config/pull/821">#821</a></li>
</ul>
<h3 id="eric-gierach-10">Eric Gierach [10]</h3>
<h4 id="iroh-3">iroh [3]</h4>
<ul>
<li>Fix attack graph simplification <a
href="https://github.com/advthreat/iroh/pull/7747">#7747</a></li>
<li>latest simplification logic (edges not considered) <a
href="https://github.com/advthreat/iroh/pull/7662">#7662</a></li>
<li>update notable events to match what the Engine client is producing
for CTR <a
href="https://github.com/advthreat/iroh/pull/7614">#7614</a></li>
</ul>
<h4 id="iroh-engine-7">iroh-engine [7]</h4>
<ul>
<li>Merge pull request #1387 from advthreat/v0.15.5-rc</li>
<li>Prepare for 0.15.5 release.</li>
<li>Merge pull request #1386 from advthreat/enrich-all-targets</li>
<li>Fix typo in log</li>
<li>Merge pull request #1370 from
advthreat/dependabot/npm_and_yarn/webpack-5.76.0</li>
<li>Merge branch 'main' into dependabot/npm_and_yarn/webpack-5.76.0</li>
<li>Merge pull request #1368 from
advthreat/dependabot/npm_and_yarn/xmldom/xmldom-and-mountebank-0.8.4</li>
</ul>
<h3 id="adam-sayer-26">Adam Sayer [26]</h3>
<h4 id="tenzin-25">tenzin [25]</h4>
<ul>
<li>webexbox fix on saltmaster <a
href="https://github.com/advthreat/tenzin/pull/2937">#2937</a></li>
<li>increase ES storage iops/throughput <a
href="https://github.com/advthreat/tenzin/pull/2927">#2927</a></li>
<li>Vercel CICD accept 409 and watch http state</li>
<li>Add Vercel CI/CD to Saltmaster <a
href="https://github.com/advthreat/tenzin/pull/2920">#2920</a></li>
<li>Update hydrant container version <a
href="https://github.com/advthreat/tenzin/pull/2891">#2891</a></li>
<li>snort filename fix <a
href="https://github.com/advthreat/tenzin/pull/2890">#2890</a></li>
<li>Update hydrant container to 1.36 in INT <a
href="https://github.com/advthreat/tenzin/pull/2888">#2888</a></li>
<li>remove jq verify usage <a
href="https://github.com/advthreat/tenzin/pull/2885">#2885</a></li>
<li>Fix - Extract Talos Snort Rule files for Importer <a
href="https://github.com/advthreat/tenzin/pull/2880">#2880</a></li>
<li>github runner salt and terraform <a
href="https://github.com/advthreat/tenzin/pull/2875">#2875</a></li>
<li>update securex-ui in INT for latest NVM profiles <a
href="https://github.com/advthreat/tenzin/pull/2873">#2873</a></li>
<li>Route53 Module refactor <a
href="https://github.com/advthreat/tenzin/pull/2851">#2851</a></li>
<li>Revert "SXOPS-361 GitHub self-hosted runners for SecureX UI monorepo
(#2635)" <a
href="https://github.com/advthreat/tenzin/pull/2859">#2859</a></li>
<li>github-runner ASG <a
href="https://github.com/advthreat/tenzin/pull/2852">#2852</a></li>
<li>Update r53 module to allow geolocation <a
href="https://github.com/advthreat/tenzin/pull/2844">#2844</a></li>
<li>Cloud9 ami APJC EU <a
href="https://github.com/advthreat/tenzin/pull/2803">#2803</a></li>
<li>Cloud9 AMI to NAM <a
href="https://github.com/advthreat/tenzin/pull/2792">#2792</a></li>
<li>Bash to replace ES instances <a
href="https://github.com/advthreat/tenzin/pull/2777">#2777</a></li>
<li>Upgrade 6th gen ec2 and cloud9 AMI for TEST <a
href="https://github.com/advthreat/tenzin/pull/2775">#2775</a></li>
<li>Int cloud9 ami refresh <a
href="https://github.com/advthreat/tenzin/pull/2768">#2768</a></li>
<li>Allow instance refresh on ASG module <a
href="https://github.com/advthreat/tenzin/pull/2766">#2766</a></li>
<li>VPC peer TEST-STAGE for qa-macos instance <a
href="https://github.com/advthreat/tenzin/pull/2734">#2734</a></li>
<li>Stage salt <a
href="https://github.com/advthreat/tenzin/pull/2716">#2716</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Allow ingress from IROH to ES private storage <a
href="https://github.com/advthreat/tenzin/pull/2652">#2652</a></li>
<li>Allow ingress from IROH to es private storage INT <a
href="https://github.com/advthreat/tenzin/pull/2630">#2630</a></li>
</ul>
<h4 id="tenzin-config-1-6">tenzin-config [1]</h4>
<ul>
<li>Stage env configs <a
href="https://github.com/advthreat/tenzin-config/pull/785">#785</a></li>
</ul>
<h3 id="tomasz-rybarczyk-1">Tomasz Rybarczyk [1]</h3>
<h4 id="easy-purescript-nix-1-1">easy-purescript-nix [1]</h4>
<ul>
<li>purs: 0.15.7 -&gt; 0.15.8</li>
</ul>
<h3 id="chris-duane-2">Chris Duane [2]</h3>
<h4 id="response-2">response [2]</h4>
<ul>
<li>Update access-request.md</li>
<li>Create security-event.md</li>
</ul>
<h3 id="section">[9]</h3>
<h4 id="iroh-7-1">iroh [7]</h4>
<ul>
<li>Issue 7455 - Minor cleanup from XDR tiles merge <a
href="https://github.com/advthreat/iroh/pull/7695">#7695</a></li>
<li>6963 implements one-click module wrapper endpoint <a
href="https://github.com/advthreat/iroh/pull/7315">#7315</a></li>
<li>Issue 7647 AMP observe targets <a
href="https://github.com/advthreat/iroh/pull/7661">#7661</a></li>
<li>Issue 7647 - IObserveTargetModule protocol <a
href="https://github.com/advthreat/iroh/pull/7651">#7651</a></li>
<li>Ao shortcut use unique names <a
href="https://github.com/advthreat/iroh/pull/7627">#7627</a></li>
<li>Ao docs formatting fixes <a
href="https://github.com/advthreat/iroh/pull/7625">#7625</a></li>
<li>Issue 7550 ao workflow exec shortcut <a
href="https://github.com/advthreat/iroh/pull/7617">#7617</a></li>
</ul>
<h4 id="tenzin-config-2-1">tenzin-config [2]</h4>
<ul>
<li>Adds one-click service to bootstrap.cfg files <a
href="https://github.com/advthreat/tenzin-config/pull/862">#862</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Tac portal PROD login origins <a
href="https://github.com/advthreat/tenzin-config/pull/821">#821</a></li>
</ul>
<h3 id="john-jardine-30">John Jardine [30]</h3>
<h4 id="tenzin-30">tenzin [30]</h4>
<ul>
<li>Update SW versions, sort changes to the top <a
href="https://github.com/advthreat/tenzin/pull/2864">#2864</a></li>
<li>Add instances to handle new 3rd party integrations <a
href="https://github.com/advthreat/tenzin/pull/2870">#2870</a></li>
<li>Add capacity in OSS to support logstash-cloudtrail <a
href="https://github.com/advthreat/tenzin/pull/2865">#2865</a></li>
<li>Terraform edits to deconflict some values and make more generic <a
href="https://github.com/advthreat/tenzin/pull/2853">#2853</a></li>
<li>Create S3 Bucket, user, group, policy <a
href="https://github.com/advthreat/tenzin/pull/2839">#2839</a></li>
<li>Update integrations-crowdstrike to 1.0.2 in all regions <a
href="https://github.com/advthreat/tenzin/pull/2833">#2833</a></li>
<li>Move all Hydrant jobs to v1.35 (adds coas support) <a
href="https://github.com/advthreat/tenzin/pull/2826">#2826</a></li>
<li>Bash defaults: Remove TMOUT, assign set -o vi &amp; dir <a
href="https://github.com/advthreat/tenzin/pull/2829">#2829</a></li>
<li>Check single certificate <a
href="https://github.com/advthreat/tenzin/pull/2830">#2830</a></li>
<li>Align hydrant jobs on 4 minute multiples. <a
href="https://github.com/advthreat/tenzin/pull/2821">#2821</a></li>
<li>Updated ssh keypairs for EU NAM and APJC <a
href="https://github.com/advthreat/tenzin/pull/2791">#2791</a></li>
<li>SXOPS-529: SSH Default configuration changes <a
href="https://github.com/advthreat/tenzin/pull/2774">#2774</a></li>
<li>Check if integrations-healthcheck is working. <a
href="https://github.com/advthreat/tenzin/pull/2772">#2772</a></li>
<li>Update sumram.gpg</li>
<li>Make script outputs comparable by using same sort order <a
href="https://github.com/advthreat/tenzin/pull/2761">#2761</a></li>
<li>SXOPS-435: Add hydrant-talos-coas fixes for other regions <a
href="https://github.com/advthreat/tenzin/pull/2751">#2751</a></li>
<li>Quote cron entry to prevent YAML interpolation <a
href="https://github.com/advthreat/tenzin/pull/2750">#2750</a></li>
<li>Default Jason Busboom to absent to prevent global access <a
href="https://github.com/advthreat/tenzin/pull/2743">#2743</a></li>
<li>Updated rev-proxy for securex-ui-automate.test.iroh.site <a
href="https://github.com/advthreat/tenzin/pull/2744">#2744</a></li>
<li>Added gpg key for Atul Anand</li>
<li>SXOPS-491 Add securex ui automate support for TEST <a
href="https://github.com/advthreat/tenzin/pull/2729">#2729</a></li>
<li>Need to add securex-ui-automate.int.iroh.site to ACME <a
href="https://github.com/advthreat/tenzin/pull/2723">#2723</a></li>
<li>SXOPS-491 Add securex ui automate support <a
href="https://github.com/advthreat/tenzin/pull/2722">#2722</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Fix comment, fix error file content check <a
href="https://github.com/advthreat/tenzin/pull/2683">#2683</a></li>
<li>Backport v1.112 fixes to master <a
href="https://github.com/advthreat/tenzin/pull/2682">#2682</a></li>
<li>Initial commit <a
href="https://github.com/advthreat/tenzin/pull/2671">#2671</a></li>
<li>Add error handling to cert check <a
href="https://github.com/advthreat/tenzin/pull/2651">#2651</a></li>
<li>Initial Vercel Postman API <a
href="https://github.com/advthreat/tenzin/pull/2633">#2633</a></li>
<li>INT: Merge Consul overrides into jobs.sls <a
href="https://github.com/advthreat/tenzin/pull/2646">#2646</a></li>
<li>SXOPS-412: Trend Micro XDR Integration Relay INT and TEST <a
href="https://github.com/advthreat/tenzin/pull/2617">#2617</a></li>
</ul>
<h3 id="michael-pendergrass-4">Michael Pendergrass [4]</h3>
<h4 id="iroh-4-3">iroh [4]</h4>
<ul>
<li>Engine 0.15.5 <a
href="https://github.com/advthreat/iroh/pull/7768">#7768</a></li>
<li>add more attribute relation types <a
href="https://github.com/advthreat/iroh/pull/7660">#7660</a></li>
<li>More graph changes <a
href="https://github.com/advthreat/iroh/pull/7643">#7643</a></li>
<li>add graph output to incident summary <a
href="https://github.com/advthreat/iroh/pull/7549">#7549</a></li>
</ul>
<h3 id="scott-mcleod-4">Scott McLeod [4]</h3>
<h4 id="iroh-4-4">iroh [4]</h4>
<ul>
<li>Improve performance of IncidentReportService <a
href="https://github.com/advthreat/iroh/pull/7745">#7745</a></li>
<li>Add filters to Incident Report <a
href="https://github.com/advthreat/iroh/pull/7727">#7727</a></li>
<li>Add test to verify paging <a
href="https://github.com/advthreat/iroh/pull/7564">#7564</a></li>
<li>Use search_after paging for incident report (#7461) <a
href="https://github.com/advthreat/iroh/pull/7539">#7539</a></li>
</ul>
<h3 id="matthieu-sprunck-3">Matthieu Sprunck [3]</h3>
<h4 id="ctia-3">ctia [3]</h4>
<ul>
<li>Bump CTIM to 1.3.7 <a
href="https://github.com/advthreat/ctia/pull/1357">#1357</a></li>
<li>Bump to CTIM 1.3.5 <a
href="https://github.com/advthreat/ctia/pull/1349">#1349</a></li>
<li>Bump to CTIM 1.3.4 <a
href="https://github.com/advthreat/ctia/pull/1345">#1345</a></li>
</ul>
<h3 id="jerome-schneider-10">Jerome Schneider [10]</h3>
<h4 id="iroh-ops-9">iroh-ops [9]</h4>
<ul>
<li>Merge pull request #68 from advthreat/split-releases-artefacts</li>
<li>Merge pull request #51 from advthreat/logging-vector</li>
<li>Merge pull request #46 from advthreat/datadog</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Merge pull request #42 from advthreat/vpnator-rm-cloudtrail</li>
<li>Merge pull request #36 from advthreat/stricter-iam</li>
<li>Merge pull request #34 from advthreat/fix-tfw</li>
<li>Merge pull request #16 from advthreat/tfw-fixes</li>
<li>Merge pull request #13 from advthreat/tf-wrapper</li>
<li>Merge pull request #12 from advthreat/ansible</li>
</ul>
<h4 id="tenzin-1-4">tenzin [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>iroh(-async): improve memory management to avoid memory cgroup oom
<a href="https://github.com/advthreat/tenzin/pull/2693">#2693</a></li>
</ul>
<h3 id="t2sw-1">t2sw [1]</h3>
<h4 id="iroh-1-1">iroh [1]</h4>
<ul>
<li>modify get-tiles and get-tiles-data endpoints for xdr query
parameter <a
href="https://github.com/advthreat/iroh/pull/7757">#7757</a></li>
</ul>
<h3 id="bswanson-81">bswanson [81]</h3>
<h4 id="iroh-10">iroh [10]</h4>
<ul>
<li>Engine version bump. <a
href="https://github.com/advthreat/iroh/pull/7730">#7730</a></li>
<li>Asset correlation <a
href="https://github.com/advthreat/iroh/pull/7708">#7708</a></li>
<li>READY FOR REVIEW: observe-targets to iroh engine. <a
href="https://github.com/advthreat/iroh/pull/7683">#7683</a></li>
<li>Fix empty source breaking schema. <a
href="https://github.com/advthreat/iroh/pull/7687">#7687</a></li>
<li>BUG FIX: events were pulled from wrong key. <a
href="https://github.com/advthreat/iroh/pull/7678">#7678</a></li>
<li>Add Assets to Summary and Events incident endpoints <a
href="https://github.com/advthreat/iroh/pull/7666">#7666</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Add Eric and Mia to codeowners. <a
href="https://github.com/advthreat/iroh/pull/7501">#7501</a></li>
<li>Add extra fields to summary events <a
href="https://github.com/advthreat/iroh/pull/7482">#7482</a></li>
<li>Add optional keys owner and groups to :incident-id/events schema. <a
href="https://github.com/advthreat/iroh/pull/7449">#7449</a></li>
<li>Allow port key in the private-intel service context <a
href="https://github.com/advthreat/iroh/pull/7435">#7435</a></li>
</ul>
<h4 id="iroh-engine-68">iroh-engine [68]</h4>
<ul>
<li>Merge pull request #1383 from advthreat/v0.15.3-rc</li>
<li>Update changelog.</li>
<li>Prepare for 0.15.3 release</li>
<li>Merge pull request #1381 from advthreat/proper-no-op</li>
<li>Merge branch 'main' into proper-no-op</li>
<li>Merge pull request #1382 from advthreat/codeowners</li>
<li>Add folks to codeowners, remove our previous humans.</li>
<li>Update release to remove unused project.clj</li>
<li>Cleanup tests.</li>
<li>Update tests to reflect passthrough behavior.</li>
<li>failing tests, but no-op.</li>
<li>Merge pull request #1380 from advthreat/v0.15.2-rc</li>
<li>Merge pull request #1379 from advthreat/superstitious-p</li>
<li>Merge pull request #1378 from advthreat/v0.15.1-rc</li>
<li>Release v0.15.1.</li>
<li>Merge pull request #1377 from
advthreat/remove-original-sightings</li>
<li>Don't print 100s of sightings :D</li>
<li>Add logging.</li>
<li>Remove CTIM dependency.</li>
<li>Data for you and data for me</li>
<li>Cabinet of curiosities be gone.</li>
<li>Datums test.</li>
<li>new asset responses.</li>
<li>Check no-op case for assets-for-new-targets.</li>
<li>Add assets and asset mappings.</li>
<li>Remove fake test that described itself as real.</li>
<li>Use add-latest-asset-info from enrich ns.</li>
<li>Add failing observe-target-observables-test.</li>
<li>Do not pass back the relationships or sightings from the original
bundle.</li>
<li>Merge pull request #1374 from advthreat/v0.15.0-rc</li>
<li>Release candidate 0.15.0</li>
<li>Merge pull request #1372 from advthreat/asset-enrich</li>
<li>Merge branch 'main' into asset-enrich</li>
<li>Only need to wrap around exception.</li>
<li>Magic sauce for cljs vs clj.</li>
<li>Add test for -&gt;instant.</li>
<li>Fix let&lt;.</li>
<li>promesify everything.</li>
<li>PR feedback, add p/let.</li>
<li>PR feedback.</li>
<li>map observable keys (this shouldn't matter, but for consistency and
safety sake.)</li>
<li>Refactor exists? because it's a function.</li>
<li>Update src/iroh/engine/asset/enrich.cljc</li>
<li>Fix IrohServiceWrapper call.</li>
<li>move time fns into time ns.</li>
<li>A bit more function now.</li>
<li>IT LIVESSSS.</li>
<li>Add emit_observe_targets_enrich.js</li>
<li>Wiring through observable call.</li>
<li>mountebank.</li>
<li>Getting farther through the pipeline.</li>
<li>Resolve linter errors.</li>
<li>more promises for us.</li>
<li>cleanup nested whens.</li>
<li>Try to call targets.</li>
<li>it puts the promise on the code.</li>
<li>Smaller functions.</li>
<li>Clean up more test ns.</li>
<li>Cleanup tests.</li>
<li>Merge branch 'main' into asset-enrich</li>
<li>Move logic into previous function.</li>
<li>Add resolve latest mountebank test.</li>
<li>Some unit tests.</li>
<li>prepare for the sightening.</li>
<li>extract targets from enriched response.</li>
<li>Break out a couple more small functions.</li>
<li>Implement some small helper functions.</li>
<li>Pull in used sighting ns and reference observable var.</li>
</ul>
<h4 id="tenzin-config-3-1">tenzin-config [3]</h4>
<ul>
<li>Add config for prod and fix test typo. <a
href="https://github.com/advthreat/tenzin-config/pull/846">#846</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Add iroh base url to conure config. <a
href="https://github.com/advthreat/tenzin-config/pull/829">#829</a></li>
<li>Add necessary conure config. <a
href="https://github.com/advthreat/tenzin-config/pull/811">#811</a></li>
</ul>
<h3 id="pawan-bahuguna-31">Pawan Bahuguna [31]</h3>
<h4 id="tenzin-31-1">tenzin [31]</h4>
<ul>
<li>Sxops 191 - custom_response_body <a
href="https://github.com/advthreat/tenzin/pull/2933">#2933</a></li>
<li>Added health check header <a
href="https://github.com/advthreat/tenzin/pull/2921">#2921</a></li>
<li>Added Health check header to crowdstrike for testing <a
href="https://github.com/advthreat/tenzin/pull/2916">#2916</a></li>
<li>Increased the Max size to 6 <a
href="https://github.com/advthreat/tenzin/pull/2908">#2908</a></li>
<li>Updated the version to 7.0.7 to sync with AWS <a
href="https://github.com/advthreat/tenzin/pull/2907">#2907</a></li>
<li>SXOPS-621 - Enable IAM Access Advisor in all envs <a
href="https://github.com/advthreat/tenzin/pull/2894">#2894</a></li>
<li>Removed Event Processor Role <a
href="https://github.com/advthreat/tenzin/pull/2881">#2881</a></li>
<li>SXOPS 191 Update TEST VPC Peering <a
href="https://github.com/advthreat/tenzin/pull/2879">#2879</a></li>
<li>Changed version to 7.0.5, already present in aws <a
href="https://github.com/advthreat/tenzin/pull/2877">#2877</a></li>
<li>Updated desired capacity, min and max size <a
href="https://github.com/advthreat/tenzin/pull/2874">#2874</a></li>
<li>SXOPS-490 Docker version health check <a
href="https://github.com/advthreat/tenzin/pull/2837">#2837</a></li>
<li>Added CU, IR, KP, SY <a
href="https://github.com/advthreat/tenzin/pull/2854">#2854</a></li>
<li>Added artifacts and XDR to ordered_cache_behavior - Already in AWS
<a href="https://github.com/advthreat/tenzin/pull/2848">#2848</a></li>
<li>SXOPS-191-Updated VPC peering connection <a
href="https://github.com/advthreat/tenzin/pull/2835">#2835</a></li>
<li>Added docker container version check <a
href="https://github.com/advthreat/tenzin/pull/2815">#2815</a></li>
<li>SAML sync with AWS <a
href="https://github.com/advthreat/tenzin/pull/2824">#2824</a></li>
<li>enabled intelligence in prod <a
href="https://github.com/advthreat/tenzin/pull/2807">#2807</a></li>
<li>SXOPS-535 Micro Frontend Ribbon <a
href="https://github.com/advthreat/tenzin/pull/2806">#2806</a></li>
<li>int-iroh-registration-ui User is already present in AWS <a
href="https://github.com/advthreat/tenzin/pull/2801">#2801</a></li>
<li>Removed CloudWatch-CSIRT.tf <a
href="https://github.com/advthreat/tenzin/pull/2788">#2788</a></li>
<li>updated the asg_max_size to 6 <a
href="https://github.com/advthreat/tenzin/pull/2781">#2781</a></li>
<li>Added instance refresh <a
href="https://github.com/advthreat/tenzin/pull/2780">#2780</a></li>
<li>Enabling watchdog check on Crowdstrike <a
href="https://github.com/advthreat/tenzin/pull/2773">#2773</a></li>
<li>SXOPS-490 Add/Update 3rd Party Integrations health checks <a
href="https://github.com/advthreat/tenzin/pull/2767">#2767</a></li>
<li>Added TLS - automate MFE <a
href="https://github.com/advthreat/tenzin/pull/2753">#2753</a></li>
<li>PROD automate MFE <a
href="https://github.com/advthreat/tenzin/pull/2752">#2752</a></li>
<li>[SXOPS-497] Create 3rd Party Integrations for Cybereason &amp;
Crowdstrike (INT/TEST) <a
href="https://github.com/advthreat/tenzin/pull/2747">#2747</a></li>
<li>Added dbudko pabahugu to VPN list <a
href="https://github.com/advthreat/tenzin/pull/2728">#2728</a></li>
<li>Sxops 484 onboard dmytro dbudko <a
href="https://github.com/advthreat/tenzin/pull/2727">#2727</a></li>
<li>SXOPS-476 Decom Nomad task securex-ui-incidents from Tenzin <a
href="https://github.com/advthreat/tenzin/pull/2699">#2699</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>enable prod <a
href="https://github.com/advthreat/tenzin/pull/2662">#2662</a></li>
</ul>
<h3 id="trent-boyd-2">Trent Boyd [2]</h3>
<h4 id="tenzin-config-2-2">tenzin-config [2]</h4>
<ul>
<li>chore: add https dev urls to xdr projects <a
href="https://github.com/advthreat/tenzin-config/pull/886">#886</a></li>
<li>feat: add configs for securex-ui-intelligence job <a
href="https://github.com/advthreat/tenzin-config/pull/852">#852</a></li>
</ul>
<h3 id="devin-walters-12">Devin Walters [12]</h3>
<h4 id="tenzin-7">tenzin [7]</h4>
<ul>
<li>Set tmpdir to /local for conure task <a
href="https://github.com/advthreat/tenzin/pull/2930">#2930</a></li>
<li>Mount datadog socket in conure task <a
href="https://github.com/advthreat/tenzin/pull/2922">#2922</a></li>
<li>Remove Conure access to IROH RDS instance <a
href="https://github.com/advthreat/tenzin/pull/2742">#2742</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Capture the rest of a log message as 'message_text' for clj stack
logs <a
href="https://github.com/advthreat/tenzin/pull/2660">#2660</a></li>
<li>Grok pattern which captures message for the clj stack <a
href="https://github.com/advthreat/tenzin/pull/2658">#2658</a></li>
<li>Add RMI server hostname <a
href="https://github.com/advthreat/tenzin/pull/2640">#2640</a></li>
<li>Include configuration for hikari monitoring via JMX <a
href="https://github.com/advthreat/tenzin/pull/2639">#2639</a></li>
</ul>
<h4 id="tenzin-config-5-1">tenzin-config [5]</h4>
<ul>
<li>Specify JWK per environment <a
href="https://github.com/advthreat/tenzin-config/pull/866">#866</a></li>
<li>Update conure username in prod environments <a
href="https://github.com/advthreat/tenzin-config/pull/860">#860</a></li>
<li>Update conure db username in TEST <a
href="https://github.com/advthreat/tenzin-config/pull/856">#856</a></li>
<li>Update conure configuration <a
href="https://github.com/advthreat/tenzin-config/pull/843">#843</a></li>
<li>Test out dedicated conure postgres instance <a
href="https://github.com/advthreat/tenzin-config/pull/838">#838</a></li>
</ul>
<h3 id="martin-bruchanov-20">Martin Bruchanov [20]</h3>
<h4 id="tenzin-20">tenzin [20]</h4>
<ul>
<li>Adding data nodes to lower file system utilization <a
href="https://github.com/advthreat/tenzin/pull/2940">#2940</a></li>
<li>Adding vercel deploy to sudo for consul <a
href="https://github.com/advthreat/tenzin/pull/2936">#2936</a></li>
<li>Increasing number of data nodes to the current state <a
href="https://github.com/advthreat/tenzin/pull/2935">#2935</a></li>
<li>Security groups for OPS VPN in INT <a
href="https://github.com/advthreat/tenzin/pull/2924">#2924</a></li>
<li>Added CLI parameters for ES administration tools <a
href="https://github.com/advthreat/tenzin/pull/2915">#2915</a></li>
<li>Removing salt references for terminated OPs instance <a
href="https://github.com/advthreat/tenzin/pull/2900">#2900</a></li>
<li>Updated contacts of EDF team <a
href="https://github.com/advthreat/tenzin/pull/2895">#2895</a></li>
<li>Fixed JSON validation for IROH query <a
href="https://github.com/advthreat/tenzin/pull/2887">#2887</a></li>
<li>Fixed correct hostname and SSM keys <a
href="https://github.com/advthreat/tenzin/pull/2893">#2893</a></li>
<li>OPS OpenVPN salt deployment <a
href="https://github.com/advthreat/tenzin/pull/2883">#2883</a></li>
<li>Renaming data-openvpn to ops-openvpn <a
href="https://github.com/advthreat/tenzin/pull/2845">#2845</a></li>
<li>Increasing edf-reporting and iops-reporting memory allocation <a
href="https://github.com/advthreat/tenzin/pull/2838">#2838</a></li>
<li>Added list of Consul UI hostnames <a
href="https://github.com/advthreat/tenzin/pull/2789">#2789</a></li>
<li>Tool for quick SSH to Consul leader <a
href="https://github.com/advthreat/tenzin/pull/2785">#2785</a></li>
<li>Cleaning up intel2x hostname <a
href="https://github.com/advthreat/tenzin/pull/2654">#2654</a></li>
<li>Second VPN server for Non-OPS access <a
href="https://github.com/advthreat/tenzin/pull/2735">#2735</a></li>
<li>Fixed duplicated uid in user profile <a
href="https://github.com/advthreat/tenzin/pull/2740">#2740</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>NAM ElasticSearch clean up: DNS, S3 bucket for snapshots <a
href="https://github.com/advthreat/tenzin/pull/2697">#2697</a></li>
<li>Updating hostnames, fixed error with missing authentication <a
href="https://github.com/advthreat/tenzin/pull/2637">#2637</a></li>
<li>Tranfer of existing roles from one ES cluter to another <a
href="https://github.com/advthreat/tenzin/pull/2634">#2634</a></li>
</ul>
<h3 id="michael-simonson-3">Michael Simonson [3]</h3>
<h4 id="tenzin-2-1">tenzin [2]</h4>
<ul>
<li>Adds input buckets for non-int envs <a
href="https://github.com/advthreat/tenzin/pull/2863">#2863</a></li>
<li>SXOPs-hydrant-talos-coa-importer <a
href="https://github.com/advthreat/tenzin/pull/2741">#2741</a></li>
</ul>
<h4 id="tenzin-config-1-7">tenzin-config [1]</h4>
<ul>
<li>Issue SXOPs-562: Hydrant Manual Removal Importer <a
href="https://github.com/advthreat/tenzin-config/pull/859">#859</a></li>
</ul>
<h3 id="john-jardine-5">John Jardine [5]</h3>
<h4 id="tenzin-4">tenzin [4]</h4>
<ul>
<li>Revert "Move all Hydrant jobs to v1.35 (adds coas support)"</li>
<li>Revert "Include STAGE in hydrant container version update"</li>
<li>Include STAGE in hydrant container version update</li>
<li>Move all Hydrant jobs to v1.35 (adds coas support)</li>
</ul>
<h4 id="tenzin-config-1-8">tenzin-config [1]</h4>
<ul>
<li>Importer was missing the config files <a
href="https://github.com/advthreat/tenzin-config/pull/850">#850</a></li>
</ul>
<h3 id="gayan-jayasundara-7">Gayan Jayasundara [7]</h3>
<h4 id="tenzin-7-1">tenzin [7]</h4>
<ul>
<li>Bump crowdstrike and SentinalOne - Ian requested <a
href="https://github.com/advthreat/tenzin/pull/2904">#2904</a></li>
<li>Bump crowdstrike into 1.0.2a - Bug fix from Ian <a
href="https://github.com/advthreat/tenzin/pull/2846">#2846</a></li>
<li>SXOPS-512 Bump crowdstrike and sentinelone versions <a
href="https://github.com/advthreat/tenzin/pull/2802">#2802</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Migrate securex-ui-incidents from Nomad to Vercel - non-prod - DNS
<a href="https://github.com/advthreat/tenzin/pull/2691">#2691</a></li>
<li>securex-ui-control-center - non-prod vercel <a
href="https://github.com/advthreat/tenzin/pull/2690">#2690</a></li>
<li>Update cyberprotect integration to latest (2.0.6) <a
href="https://github.com/advthreat/tenzin/pull/2673">#2673</a></li>
<li>Redirect XDR int to Vercel <a
href="https://github.com/advthreat/tenzin/pull/2667">#2667</a></li>
</ul>
</body>
</html>
Reference in a new issue View git blame Copy permalink