467 lines
15 KiB
HTML
467 lines
15 KiB
HTML
<!DOCTYPE html>
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
|
|
<head>
|
|
<meta charset="utf-8" />
|
|
<meta name="generator" content="pandoc" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
|
|
<meta name="dcterms.date" content="2024-01-26" />
|
|
<title>FY24Q2 Report</title>
|
|
<style>
|
|
html {
|
|
line-height: 1.5;
|
|
font-family: Georgia, serif;
|
|
font-size: 20px;
|
|
color: #1a1a1a;
|
|
background-color: #fdfdfd;
|
|
}
|
|
body {
|
|
margin: 0 auto;
|
|
max-width: 36em;
|
|
padding-left: 50px;
|
|
padding-right: 50px;
|
|
padding-top: 50px;
|
|
padding-bottom: 50px;
|
|
hyphens: auto;
|
|
overflow-wrap: break-word;
|
|
text-rendering: optimizeLegibility;
|
|
font-kerning: normal;
|
|
}
|
|
@media (max-width: 600px) {
|
|
body {
|
|
font-size: 0.9em;
|
|
padding: 1em;
|
|
}
|
|
h1 {
|
|
font-size: 1.8em;
|
|
}
|
|
}
|
|
@media print {
|
|
body {
|
|
background-color: transparent;
|
|
color: black;
|
|
font-size: 12pt;
|
|
}
|
|
p, h2, h3 {
|
|
orphans: 3;
|
|
widows: 3;
|
|
}
|
|
h2, h3, h4 {
|
|
page-break-after: avoid;
|
|
}
|
|
}
|
|
p {
|
|
margin: 1em 0;
|
|
}
|
|
a {
|
|
color: #1a1a1a;
|
|
}
|
|
a:visited {
|
|
color: #1a1a1a;
|
|
}
|
|
img {
|
|
max-width: 100%;
|
|
}
|
|
h1, h2, h3, h4, h5, h6 {
|
|
margin-top: 1.4em;
|
|
}
|
|
h5, h6 {
|
|
font-size: 1em;
|
|
font-style: italic;
|
|
}
|
|
h6 {
|
|
font-weight: normal;
|
|
}
|
|
ol, ul {
|
|
padding-left: 1.7em;
|
|
margin-top: 1em;
|
|
}
|
|
li > ol, li > ul {
|
|
margin-top: 0;
|
|
}
|
|
blockquote {
|
|
margin: 1em 0 1em 1.7em;
|
|
padding-left: 1em;
|
|
border-left: 2px solid #e6e6e6;
|
|
color: #606060;
|
|
}
|
|
code {
|
|
font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
|
|
font-size: 85%;
|
|
margin: 0;
|
|
}
|
|
pre {
|
|
margin: 1em 0;
|
|
overflow: auto;
|
|
}
|
|
pre code {
|
|
padding: 0;
|
|
overflow: visible;
|
|
overflow-wrap: normal;
|
|
}
|
|
.sourceCode {
|
|
background-color: transparent;
|
|
overflow: visible;
|
|
}
|
|
hr {
|
|
background-color: #1a1a1a;
|
|
border: none;
|
|
height: 1px;
|
|
margin: 1em 0;
|
|
}
|
|
table {
|
|
margin: 1em 0;
|
|
border-collapse: collapse;
|
|
width: 100%;
|
|
overflow-x: auto;
|
|
display: block;
|
|
font-variant-numeric: lining-nums tabular-nums;
|
|
}
|
|
table caption {
|
|
margin-bottom: 0.75em;
|
|
}
|
|
tbody {
|
|
margin-top: 0.5em;
|
|
border-top: 1px solid #1a1a1a;
|
|
border-bottom: 1px solid #1a1a1a;
|
|
}
|
|
th {
|
|
border-top: 1px solid #1a1a1a;
|
|
padding: 0.25em 0.5em 0.25em 0.5em;
|
|
}
|
|
td {
|
|
padding: 0.125em 0.5em 0.25em 0.5em;
|
|
}
|
|
header {
|
|
margin-bottom: 4em;
|
|
text-align: center;
|
|
}
|
|
#TOC li {
|
|
list-style: none;
|
|
}
|
|
#TOC ul {
|
|
padding-left: 1.3em;
|
|
}
|
|
#TOC > ul {
|
|
padding-left: 0;
|
|
}
|
|
#TOC a:not(:hover) {
|
|
text-decoration: none;
|
|
}
|
|
code{white-space: pre-wrap;}
|
|
span.smallcaps{font-variant: small-caps;}
|
|
span.underline{text-decoration: underline;}
|
|
div.column{display: inline-block; vertical-align: top; width: 50%;}
|
|
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
|
|
ul.task-list{list-style: none;}
|
|
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
|
|
</style>
|
|
<style>
|
|
body { font-family: monospace; font-size: 14px; line-height: 1.5em; max-width: 60em; margin: 0 auto; padding-top: 0; }
|
|
h1,h2,h3,h4 { margin: 0.25em 0; }
|
|
header { margin-bottom: 0; }
|
|
header h1 { border: none; }
|
|
h1 { border-top: solid 10px; border-bottom: solid 10px; margin-bottom: 1em; padding: 0.5em 0; width: 100%; text-align: center;}
|
|
h2 { border-top: solid; text-align: center; margin-top: 1em; padding-top: 1em; }
|
|
h3 { margin-left: 1em; color: #cb4b16; }
|
|
h4 { margin-left: 2em; }
|
|
u { display: inline-block; margin-left: 2.75em; opacity: 0.3; }
|
|
hr { opacity: 0; }
|
|
a { color: #06a;}
|
|
ul { margin-left: 3em; }
|
|
#TOC ul { margin-left: 0.5em; }
|
|
li { clear: both; }
|
|
li > a { float: right; }
|
|
nav li a { float: none; }
|
|
blockquote { opacity: 0.7; }
|
|
</style>
|
|
<!--[if lt IE 9]>
|
|
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
|
|
<![endif]-->
|
|
</head>
|
|
<body>
|
|
<header id="title-block-header">
|
|
<h1 class="title">FY24Q2 Report</h1>
|
|
<p class="subtitle">logs goes 4 months back</p>
|
|
<p class="date">2024-01-26</p>
|
|
</header>
|
|
<nav id="TOC" role="doc-toc">
|
|
<ul>
|
|
<li><a href="#iroh">IROH</a>
|
|
<ul>
|
|
<li><a href="#lead">lead</a>
|
|
<ul>
|
|
<li><a href="#section">[0]</a></li>
|
|
</ul></li>
|
|
<li><a href="#data">data</a>
|
|
<ul>
|
|
<li><a href="#mario-aquino-7">Mario Aquino [7]</a>
|
|
<ul>
|
|
<li><a href="#iroh-4">iroh [4]</a></li>
|
|
<li><a href="#tenzin-config-3">tenzin-config [3]</a></li>
|
|
</ul></li>
|
|
<li><a href="#section-1">[0]</a></li>
|
|
<li><a href="#ambrose-bonnaire-sergeant-7">Ambrose Bonnaire-Sergeant
|
|
[7]</a>
|
|
<ul>
|
|
<li><a href="#ctia-2">ctia [2]</a></li>
|
|
<li><a href="#iroh-3">iroh [3]</a></li>
|
|
<li><a href="#tenzin-config-2">tenzin-config [2]</a></li>
|
|
</ul></li>
|
|
</ul></li>
|
|
<li><a href="#integrations">integrations</a>
|
|
<ul>
|
|
<li><a href="#section-2">[0]</a></li>
|
|
<li><a href="#kirill-chernyshov-6">Kirill Chernyshov [6]</a>
|
|
<ul>
|
|
<li><a href="#iroh-3-1">iroh [3]</a></li>
|
|
<li><a href="#tenzin-config-3-1">tenzin-config [3]</a></li>
|
|
</ul></li>
|
|
<li><a href="#shafiq-3">Shafiq [3]</a>
|
|
<ul>
|
|
<li><a href="#iroh-3-2">iroh [3]</a></li>
|
|
</ul></li>
|
|
</ul></li>
|
|
<li><a href="#auth">auth</a>
|
|
<ul>
|
|
<li><a href="#bartuka-6">bartuka [6]</a>
|
|
<ul>
|
|
<li><a href="#iroh-5">iroh [5]</a></li>
|
|
<li><a href="#tenzin-config-1">tenzin-config [1]</a></li>
|
|
</ul></li>
|
|
<li><a href="#yann-esposito-5">Yann Esposito [5]</a>
|
|
<ul>
|
|
<li><a href="#iroh-4-1">iroh [4]</a></li>
|
|
<li><a href="#iroh-scripts-1">iroh-scripts [1]</a></li>
|
|
</ul></li>
|
|
<li><a href="#olivier-barbeau-12">Olivier Barbeau [12]</a>
|
|
<ul>
|
|
<li><a href="#iroh-6">iroh [6]</a></li>
|
|
<li><a href="#tenzin-config-6">tenzin-config [6]</a></li>
|
|
</ul></li>
|
|
<li><a href="#yogsototh-1">(Yogsototh) [1]</a>
|
|
<ul>
|
|
<li><a href="#iroh-scripts-1-1">iroh-scripts [1]</a></li>
|
|
</ul></li>
|
|
</ul></li>
|
|
<li><a href="#iroh-ops">iroh-ops</a>
|
|
<ul>
|
|
<li><a href="#section-3">[0]</a></li>
|
|
<li><a href="#section-4">[0]</a></li>
|
|
</ul></li>
|
|
</ul></li>
|
|
<li><a href="#other">Other</a>
|
|
<ul>
|
|
<li><a href="#other-1">Other</a>
|
|
<ul>
|
|
<li><a href="#ii-2">II [2]</a>
|
|
<ul>
|
|
<li><a href="#iroh-2">iroh [2]</a></li>
|
|
</ul></li>
|
|
<li><a href="#section-5">[2]</a>
|
|
<ul>
|
|
<li><a href="#iroh-2-1">iroh [2]</a></li>
|
|
</ul></li>
|
|
<li><a href="#scott-mcleod-1">Scott McLeod [1]</a>
|
|
<ul>
|
|
<li><a href="#iroh-1">iroh [1]</a></li>
|
|
</ul></li>
|
|
<li><a href="#brooke-swanson-1">Brooke Swanson [1]</a>
|
|
<ul>
|
|
<li><a href="#tenzin-config-1-1">tenzin-config [1]</a></li>
|
|
</ul></li>
|
|
</ul></li>
|
|
</ul></li>
|
|
</ul>
|
|
</nav>
|
|
<h1 id="iroh">IROH</h1>
|
|
<h2 id="lead">lead</h2>
|
|
<h3 id="section">[0]</h3>
|
|
<h2 id="data">data</h2>
|
|
<h3 id="mario-aquino-7">Mario Aquino [7]</h3>
|
|
<h4 id="iroh-4">iroh [4]</h4>
|
|
<ul>
|
|
<li>Fix disabled threat-hunt test <a
|
|
href="https://github.com/advthreat/iroh/pull/8814">#8814</a></li>
|
|
<li>Update incident_time when updating incident status <a
|
|
href="https://github.com/advthreat/iroh/pull/8801">#8801</a></li>
|
|
<li>incident enrichment activity diagram <a
|
|
href="https://github.com/advthreat/iroh/pull/8712">#8712</a></li>
|
|
<li>Separate Risk score & incident enrichment <a
|
|
href="https://github.com/advthreat/iroh/pull/8751">#8751</a></li>
|
|
</ul>
|
|
<h4 id="tenzin-config-3">tenzin-config [3]</h4>
|
|
<ul>
|
|
<li>Increase conn-manager thread count after PROD performance monitoring
|
|
<a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1042">#1042</a></li>
|
|
<li>Increase thread pool size for EU private intel conn mgr <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1039">#1039</a></li>
|
|
<li>Increase connection mgr thread pool for NAM/EU/TEST <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1030">#1030</a></li>
|
|
</ul>
|
|
<h3 id="section-1">[0]</h3>
|
|
<h3 id="ambrose-bonnaire-sergeant-7">Ambrose Bonnaire-Sergeant [7]</h3>
|
|
<h4 id="ctia-2">ctia [2]</h4>
|
|
<ul>
|
|
<li>Fix 2XX response swagger/coercion, ban <code>:return</code> <a
|
|
href="https://github.com/advthreat/ctia/pull/1407">#1407</a></li>
|
|
<li>Remove asset properties/mapping merging during bundle patch <a
|
|
href="https://github.com/advthreat/ctia/pull/1408">#1408</a></li>
|
|
</ul>
|
|
<h4 id="iroh-3">iroh [3]</h4>
|
|
<ul>
|
|
<li>Generate valid DI auth tokens for incident subscriptions <a
|
|
href="https://github.com/advthreat/iroh/pull/8804">#8804</a></li>
|
|
<li>Fix <code>(reset)</code> <a
|
|
href="https://github.com/advthreat/iroh/pull/8799">#8799</a></li>
|
|
<li>Subscribe to incident asset rescoring via DI <a
|
|
href="https://github.com/advthreat/iroh/pull/8699">#8699</a></li>
|
|
</ul>
|
|
<h4 id="tenzin-config-2">tenzin-config [2]</h4>
|
|
<ul>
|
|
<li>Add config for DI client in iroh-engine <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1036">#1036</a></li>
|
|
<li>Add device insights url to iroh-engine config <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1014">#1014</a></li>
|
|
</ul>
|
|
<h2 id="integrations">integrations</h2>
|
|
<h3 id="section-2">[0]</h3>
|
|
<h3 id="kirill-chernyshov-6">Kirill Chernyshov [6]</h3>
|
|
<h4 id="iroh-3-1">iroh [3]</h4>
|
|
<ul>
|
|
<li>Refactor data streams service <a
|
|
href="https://github.com/advthreat/iroh/pull/8793">#8793</a></li>
|
|
<li>DRY'ed out client-creds-token namespace <a
|
|
href="https://github.com/advthreat/iroh/pull/8783">#8783</a></li>
|
|
<li>Kafka connect monitoring <a
|
|
href="https://github.com/advthreat/iroh/pull/8278">#8278</a></li>
|
|
</ul>
|
|
<h4 id="tenzin-config-3-1">tenzin-config [3]</h4>
|
|
<ul>
|
|
<li>Add ES sink connector v2 to test full migration <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1035">#1035</a></li>
|
|
<li>Fix broken data stream on TEST <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1034">#1034</a></li>
|
|
<li>Config for DataStreams service <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1033">#1033</a></li>
|
|
</ul>
|
|
<h3 id="shafiq-3">Shafiq [3]</h3>
|
|
<h4 id="iroh-3-2">iroh [3]</h4>
|
|
<ul>
|
|
<li>Fix schema of proxy health check <a
|
|
href="https://github.com/advthreat/iroh/pull/8827">#8827</a></li>
|
|
<li>Add string matching for health check <a
|
|
href="https://github.com/advthreat/iroh/pull/8815">#8815</a></li>
|
|
<li>Fallback to iroh-events store when kafka send fails <a
|
|
href="https://github.com/advthreat/iroh/pull/8786">#8786</a></li>
|
|
</ul>
|
|
<h2 id="auth">auth</h2>
|
|
<h3 id="bartuka-6">bartuka [6]</h3>
|
|
<h4 id="iroh-5">iroh [5]</h4>
|
|
<ul>
|
|
<li>[IROH Auth] Support FMC in the <code>jwks</code> service <a
|
|
href="https://github.com/advthreat/iroh/pull/8830">#8830</a></li>
|
|
<li>[IROH Auth] Fix DI onboarding in Universal Provisioning Flow <a
|
|
href="https://github.com/advthreat/iroh/pull/8813">#8813</a></li>
|
|
<li>Revert "[IROH Auth] support for FMC token in JWKS Service" <a
|
|
href="https://github.com/advthreat/iroh/pull/8816">#8816</a></li>
|
|
<li>[IROH Auth] support for FMC token in JWKS Service <a
|
|
href="https://github.com/advthreat/iroh/pull/8808">#8808</a></li>
|
|
<li>[IROH Auth] Check QA <code>callback_url</code> to complete
|
|
provisioning tests <a
|
|
href="https://github.com/advthreat/iroh/pull/8763">#8763</a></li>
|
|
</ul>
|
|
<h4 id="tenzin-config-1">tenzin-config [1]</h4>
|
|
<ul>
|
|
<li>FMC base-urls to configure JWKS <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1040">#1040</a></li>
|
|
</ul>
|
|
<h3 id="yann-esposito-5">Yann Esposito [5]</h3>
|
|
<h4 id="iroh-4-1">iroh [4]</h4>
|
|
<ul>
|
|
<li>Fix PIAM Universal Provisioning routes <a
|
|
href="https://github.com/advthreat/iroh/pull/8828">#8828</a></li>
|
|
<li>Should fix open impersonate flaky test <a
|
|
href="https://github.com/advthreat/iroh/pull/8809">#8809</a></li>
|
|
<li>Keep track of impersonators <a
|
|
href="https://github.com/advthreat/iroh/pull/8736">#8736</a></li>
|
|
<li>Restrict TAC routes to admins <a
|
|
href="https://github.com/advthreat/iroh/pull/8794">#8794</a></li>
|
|
</ul>
|
|
<h4 id="iroh-scripts-1">iroh-scripts [1]</h4>
|
|
<ul>
|
|
<li>save improvements</li>
|
|
</ul>
|
|
<h3 id="olivier-barbeau-12">Olivier Barbeau [12]</h3>
|
|
<h4 id="iroh-6">iroh [6]</h4>
|
|
<ul>
|
|
<li>Check the list of services for a node type <a
|
|
href="https://github.com/advthreat/iroh/pull/8800">#8800</a></li>
|
|
<li>Fix merge error on PR 8784 <a
|
|
href="https://github.com/advthreat/iroh/pull/8797">#8797</a></li>
|
|
<li>[IROH configuration]: Move role-web-service config to default tk
|
|
files <a
|
|
href="https://github.com/advthreat/iroh/pull/8782">#8782</a></li>
|
|
<li>[IROH configuration]: Universal Provisioning Services config
|
|
refactor <a
|
|
href="https://github.com/advthreat/iroh/pull/8784">#8784</a></li>
|
|
<li>[IROH configuration]: explicit name for generated conf and meta <a
|
|
href="https://github.com/advthreat/iroh/pull/8785">#8785</a></li>
|
|
<li>Clean bootstrap.cfg; remove tmp file <a
|
|
href="https://github.com/advthreat/iroh/pull/8781">#8781</a></li>
|
|
</ul>
|
|
<h4 id="tenzin-config-6">tenzin-config [6]</h4>
|
|
<ul>
|
|
<li>Deep merge for vectors and sets with duplicates check <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1032">#1032</a></li>
|
|
<li>Reduce configuration duplicates - config.edn part <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1031">#1031</a></li>
|
|
<li>Reduce configuration duplicates - bootstrap.cfg part <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1028">#1028</a></li>
|
|
<li>Move role-web-service config to IROH <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1026">#1026</a></li>
|
|
<li>Move Universal Provisioning Services config to IROH <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1027">#1027</a></li>
|
|
<li>Clean bootstrap cfg <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1025">#1025</a></li>
|
|
</ul>
|
|
<h3 id="yogsototh-1">(Yogsototh) [1]</h3>
|
|
<h4 id="iroh-scripts-1-1">iroh-scripts [1]</h4>
|
|
<ul>
|
|
<li>save improvements</li>
|
|
</ul>
|
|
<h2 id="iroh-ops">iroh-ops</h2>
|
|
<h3 id="section-3">[0]</h3>
|
|
<h3 id="section-4">[0]</h3>
|
|
<h1 id="other">Other</h1>
|
|
<h2 id="other-1">Other</h2>
|
|
<h3 id="ii-2">II [2]</h3>
|
|
<h4 id="iroh-2">iroh [2]</h4>
|
|
<ul>
|
|
<li>Implements v2 threat hunting <a
|
|
href="https://github.com/advthreat/iroh/pull/8833">#8833</a></li>
|
|
<li>This should fix issue with parent settings not used on create-patch
|
|
<a href="https://github.com/advthreat/iroh/pull/8822">#8822</a></li>
|
|
</ul>
|
|
<h3 id="section-5">[2]</h3>
|
|
<h4 id="iroh-2-1">iroh [2]</h4>
|
|
<ul>
|
|
<li>Implements v2 threat hunting <a
|
|
href="https://github.com/advthreat/iroh/pull/8833">#8833</a></li>
|
|
<li>This should fix issue with parent settings not used on create-patch
|
|
<a href="https://github.com/advthreat/iroh/pull/8822">#8822</a></li>
|
|
</ul>
|
|
<h3 id="scott-mcleod-1">Scott McLeod [1]</h3>
|
|
<h4 id="iroh-1">iroh [1]</h4>
|
|
<ul>
|
|
<li>tk store: Add delete-search method #8213 <a
|
|
href="https://github.com/advthreat/iroh/pull/8692">#8692</a></li>
|
|
</ul>
|
|
<h3 id="brooke-swanson-1">Brooke Swanson [1]</h3>
|
|
<h4 id="tenzin-config-1-1">tenzin-config [1]</h4>
|
|
<ul>
|
|
<li>Playbook automation config. <a
|
|
href="https://github.com/advthreat/tenzin-config/pull/1037">#1037</a></li>
|
|
</ul>
|
|
</body>
|
|
</html>
|