►
From YouTube: Defend: Threat Insights Weekly Group Discussion
Description
Weekly meeting for the Defend:Threat Insights group
A
Kord
welcome
to
the
defend
sages,
weekly
threat,
insights
group
discussion.
We
have
our
agenda
linked
to
the
invitation
so
for
anyone
who
hasn't
taken
time
to
review
that,
yet
please
try
in
the
future
to
be
that
ahead
of
the
meeting.
It's
especially
helpful
when
we
have
demos
that
can
be
shared,
so
you
can
watch
the
demo
in
advance.
Then
this
gives
us
an
opportunity
to
ask
questions
versus
trying
to
synchronously
watch
videos.
We're
not
gonna,
try
and
do
with
our
half
hour
today.
So
kicking
things
off.
Wayne
you've
got
the
first
agenda
item
yeah.
B
It's
just
a
reminder:
I
think
everybody's
heard
this,
but
just
in
case
they
haven't
is
we
have
a
relatively
large
customer
that
has
told
us
they
will
not
renew
their
contract
unless
first
class
bones
and
a
vulnerability
in
vulnerably
export
ships
with
12:10.
So
you
know
please
prioritize
the
work
on
these
items
above
other
work
as
appropriate.
B
A
If
you
were
to
look
at
this
tracking
item
that
way-
and
just
referred
to,
one
of
the
risks
that
we've
been
discussing
a
bit
is
database
migration.
That
Ross
has
been
working
diligently
on
for
a
while.
Now
so
I'm
gonna
stop
talking
and
let
Ross
kind
of
update
us
on
how
that
conversation
is
going
with
the
DDA's.
D
It's
I'm
all
alone
in
the
library
nobody's
here:
yeah
it
continues
to
progress,
I
think
we're.
You
know
to
a
point
where
we
have
a
workable
solution
and
it's
a
matter
of
implementing
it
kind
of
as
I
mentioned
in
in
the
ticket
here.
What
one
thing
that
you
probably
need
to
discuss
further
is
is
the
limit,
so
we
kind
of
went
back
back
and
forth
in
the
in
the
slot
channel
on
whether
we
should
just
up
the
limit
or
remove
the
limit.
D
B
D
B
Nine
7%,
at
least
on
get
lab
comm
projects.
Vulnerabilities
are
have
less
than
255,
so
it's
okay,
I
think
truncating
would
be
okay,
the
maximum
it
was
1500
and
change.
So
it's
it's.
If
you
set
it
to
512,
it
would
be
I'm
not
saying
we
should,
but
if
you
set
it
to
512,
it
would
go
from
ninety-nine
point
nine
seven
to
a
rounding
error
of
you
know
three
four
nines
worth
of
items
so
yeah,
there's
like
there's
like
a
cluster
at
200
280
and
at
330.
So
the
rest
are
just
you
know.
B
D
D
B
E
E
C
B
D
Well,
I
I
was
hoping
to
have
more
information
before
this
call,
but
I
haven't
got
it
I'm
suspecting.
Maybe
it's
like
one
particular
analyzer
that
is
misbehaving,
so
we
might
be
able
to
just
fix
that
one
analyzer
or
something
something
like
that.
I
I,
don't
know
I
don't
have
enough
data
for
that,
but
that
would
that
would
be.
In
other
words,
that
might
be
something
that's
already
happening.
I
don't
know,
but
that
would
but
yes,
that
would
be
a
good
idea
and
and
I
don't
know.
Maybe
we
don't
have
enough
information
to.
E
E
If
that
would
cause
weird
things
in
the
UI
as
well,
so
I
don't
think
anyone's
going
to
lose
sleep
over
some
truncation
there
unless
they
were
trying
to
stuff
the
entire
issue
description
into
that
title
and
the
would
be
losing
information,
but
I
would
argue
that
the
scanner
is
misbehaving
at
that
point
and
that's
not
something
we
should
handle.
You
know
with
the
front
end.
You
know.
D
B
Three,
the
other
two
remaining
items
are
a
matter
of
executing
on
suggestion,
so
you
I
know
Ross
you've
been
working
diligently
with
the
database
maintained
errs.
You
think
this
is
the
last
of
their
feedback,
and
what
do
you
think
they'll
have
more?
Not
that
you
have
a
perfect
crystal
wall.
Of
course,
I.
D
B
And
they're
concerned
about
the
load
this
is
gonna
put
on
the
database
and
you
know
potentially
cause
instability.
Forget
lat
for
the
gate
lab
product
overall,
whether
it's
hosted
or
at
court,
so
they've
got
legitimate
concerns.
Absolutely
yeah.
Yeah
I
want
to
make
that
clear.
Yeah
and
the
the
other
thing
with
TARTA
is,
if
there's
a
problem
with
where
the
migration
is
cause,
it
causes
issues
for
stability,
we're
thinking
about
making
sure
that
give
the
SRE
team
the
green
light
in
advance
to
stop
the
migration,
at
least
on
gait
lab
comm.
B
B
If
you
have
a
large
number
of
vulnerabilities,
you
know
you
you,
like
probably
you
know,
let's
say
more
than
half
a
million,
which
is
gonna,
be
a
very
small
number
of
cell
phones
to
customers,
but
not
zero
to
just
keep
an
eye
on
it,
and
you
know
to
potentially
if
it
causes
a
challenge,
then
that
they
can
keep.
They
can
also,
you
know,
stop
the
migration
job.
Is
that
a
good
summary?
What
we
discussed
earlier,
Matt.
B
D
Don't
know,
but
it
will
make
them
less
concerned.
It
sounds
good
to
me.
I
will
say
that
you
know
a
lot
of
a
lot
of
projects
have
migrated
already
to
first
class
vulnerabilities.
You
know,
naturally,
since
we've
had
it
out
there
for
a
while,
even
though
it
was
behind
a
feature
flag,
so
you
know
again
it's
not
like
we're
migrating
everyone,
which
is,
which
is
definitely
a
benefit.
These
are.
D
These
are
basically
you
know,
projects
that
haven't
had
a
successful
pipeline
in
the
last
three
months
so,
depending
on
you
know
how
much
they
use
their
projects.
It
may
or
may
not
be
a
problem,
it's
kind
of
hard
to
tell
what
what
what
the
profile
those
projects
looks
like
you
know
it
could
just
be
somebody
playing
around
with
something
and
forget
it.
B
A
And
for
the
sake
of
others
from
agenda,
we
should
keep
moving.
One
call
out
is
that
this
is
Ross's
sort
of
finale
for
the
thread
insights
group
and
that
we've
been
asked
to
make
sure
that
if
we
have
other
back-end
requests
or
needs
going
forward,
that
we
work
with
Alan
and
the
rest
of
the
Jonathan
and
me
how,
in
the
rest
of
the
back
end
defender,
so
thank
you
props.
We
really
appreciate
it.
We
will
continue
to
ask
you
questions
as
we
need
to
know.
E
Lindsay
sorry,
what
one
thing
we
didn't
put
it
on
the
agenda
but
related
to
this
one
ross.
One
thing
you
and
I
had
discussed
was
and
I
want
to
make
sure
that
I
clearly
understand
it.
Everyone
else
does,
even
if
we
don't
get
the
full
migration
of
the
findings
for
the
first-class
vulnerability
objects.
You
indicated
that
the
dismissal
status
of
what's
there
would
potentially
be
persisted
so
that
we
don't
end
up
having
customers
where
they
have
to
sort
of
Reedus
missile.
A
lot
of
irrelevant
or
false,
positive
results
is
that
accurate.
D
E
D
A
As
I'm
watching
an
obvious,
potentially
breaking
changes
over
here,
that
sounds:
oh,
let's
talk
about
potentially
breaking
changes
outside
of
the
state
of
bass
migration.
So
you
know
only
one
had
been
brought
to
my
attention
through
Thomas
with
him
so
far,
I
linked
to
the
issue
that
represented
the
work
around
this
API
here
in
the
agenda.
C
So
I
my
question
around:
does
this
API
change
still
make
sense?
It's
a
it
would
be
nice
to
have
the
rename
so
that
the
vulnerability
findings
endpoint,
gives
us
findings,
but
we
no
longer
need
the
vulnerabilities
endpoint
rest
endpoint,
because
we're
using
graph
QL
so
we're
already
gonna
have
learner
abilities
API
through
graph
QL.
So
we
don't
need
to
do
this
rename
if
we
don't,
because
it's
a
breaking
change
or
if
we
just
don't
want
to
add
to
our
plates,
would.
A
C
We'd
have
to
remove
the
feature
flag
to
make
it
not
a
breaking
change
so
that
it
only
ever
returns
findings,
and
it
is
still
a
bit
confusing
if
we
don't
change
it,
because
the
endpoint
that
those
vulnerabilities
is
actually
returning
findings
which
isn't
great,
but
if
but
I,
think
it's
up
to
us
to
decide
if
it's
worth
making
the
change
now
or
not.
Given
that
we
ultimately
probably
will
want
to
move
all
of
that
information
into
graph.
Ql
I
think
this.
A
E
E
A
Are
there
any
yeah,
whether
it's
Jonathan
or
Alan,
or
another
back-end,
developer
who's
master
Piell?
Is
there
somebody
you
could
like
basically
undo
this
change
and
whatever
ramifications
we
would
need
to
address?
You
know
we're
needed,
update
wherever
we're
calling
the
API
to
use
a
original
name
as
well.
D
D
A
So
the
customer
impact
would
have
been
when
we
made
this
change
back
in
2.5
and
any
notifications
or
any
considerations
we
should
have
had
around
bucket
Inocencio
aversion
release
of
a
break.
Breaking
change
should
have
happened,
then,
because
we've
already
impacted
the
customer.
Whatever
way
we're
going
to
I.
A
A
A
C
C
Findings
from
the
latest
pipeline,
so
they're
at
least
won't
be
that
many
duplicates
because
it's
just
one
runs
worth,
but
when
we
are
now
pulling
vulnerabilities
from
all
the
time
that
haven't
been
resolved,
yet
we're
going
to
be
getting
a
lot
of
duplicates
so
every
time
there's
a
pipeline
runs,
the
users
might
get
200
more
permeability,
stumps
onto
their
dashboards,
which
I
think
could
quickly
become
unwieldy,
so
I'm
going
to
try
I
think
we
have
an
issue
open
for
trying
to
figure
this
out,
which
I
will
find
and
share
once
located.
It.
B
C
Also
in
that
call,
there
were
no
no
one
brought
up
a
concern
that
they
already
know
about,
but
it
was
raised
that
we
don't
know
at
least
that
I
know
of
I,
don't
know
what
our
testing
plan
is
for
first
class
vulnerabilities,
because
we
want
to
make
sure
that
there's
no
other
issues
like
this
that
might
arise
before
we
release
it.
So
it's
kind
of
one
of
those
like
secure
and
defend
cross
concerns,
and
maybe
we
should
have
a
separate
meeting
to
discuss
how
we're
gonna
do
testing
of
this.
C
A
Touch
on
it
a
little
bit
now
and
we'll
decide,
you
know
what
additional
meetings
that
we
need
to
set
off
on,
because
it
certainly
does
segue
to
at
our
next
agenda
topic
is
so
unless
of
anyone
else,
has
any
other
breaking
changes
that
they
want
to
call
out.
We'll
move
on
to
the
item
D
here
on
the
agenda.
A
It
has
been
sort
of
the
approach
that
Wayne
and
Matt
and
I
have
discussed
from
for
testing
at
this
point.
If
there's,
if
we
need
to
pull
in
Tonya
or
or
folks
from
us
Det,
you
know
I'm,
not
aware
of
that
and
I
would
look
at.
You
know,
Ross
and
all
DL
and
Filipe
and
other
folks
who
have
been
around
longer
to
educate
us
on
those
parts
of
the
process
that
we
might
be
missing.
But
those
far
that's
been
our
plan.
A
So
as
soon
as
the
earlier,
we
can
get
a
complete
end-to-end
demo
available
for
testing
and
reach
out
to
our
stakeholders
to
get
them
to
exercise
it
and
give
us
their
feedback,
and
you
know,
perform
this
level
of
user
acceptance.
Testing
the
better.
So
part
of
the
reason
I
added
this
agenda
was
to
ask
this
group
when
a
reason
when
we,
when
we
believe
we'll
be
able
to
do
that,
is
but
I
guess.
My
question
before
that
is
that
suffice
from
a
testing
plan.
B
I
think
it's
all
we
got
I,
don't
know
if
it's,
if
it,
it
seems
reasonable,
I
think
it'll.
Suffice,
I
think
you
know
input
from
the
secured
team.
You
know
some
of
whom,
like
AVL,
you
know
and
Ross
have
been
working
on
this
and
some
of
whom
and
more
than
just
those
two
folks,
of
course,
but
and
others
you
know,
is
the
defend
folks
that
are
permanent
on
the
team.
B
Aren't
as
aware
of
all
the
all
the
nuances
of
what
goes
on
on
the
secure
side,
so
I
think
getting
that
the
secured
folks
opinions
on
it
will
be
good
and
yeah.
I.
Think
I
think
that's
the
primary
thing
we
can
do
to
make
it
sufficient
and
then
so
we
have
the
feature
flag
on.
If
you,
if
you
look
at
the
web
goat
project,
that
link
in
that's
on-
and
you
know,
I
I,
it's
we
need
to
get
the
latest
code
out
there
as
it's
usable.
B
A
B
And,
of
course,
you
know
merged
and
deployed
so
that
people
can
test
it.
How
often
is
the
deployment
done
to
to
where
this
is
currently
hosted?
I
believe
it's
typically
at
twice
a
week.
No
it's
week,
okay,
so
relatively
quickly
after
the
changes
are
in
I.
Think
most
changes
are
going
to
be
merged
within
the
next.
You
know
two
weeks,
not
all
but
most
yeah.
Of
course
that's
just
a
prediction,
but
it's
likely
gonna
be
okay,
I
think.
G
A
So
I've
been
I've
been
personally
bucketing.
This
work
into
two
general
areas,
the
screwed
II
dashboard
integration
and
the
standalone
vulnerability.
Page
I
know
there's
other
back-end
work.
That's
going
on.
You
know
like
the
the
database
migration
that
we
just
discussed,
and
you
know
some
other
areas
that
maybe
fall
outside
of
those
buckets
I'm.
C
Yeah,
so
it's
gonna
be
feature
by
feature.
The
big
one
is
the
vulnerability
list
and
the
filters
for
that
and
I
think
Sam
linked
a
NMR
that
he
has,
that
we'll
be
implementing
that
these
women
project
dashboards
and
that
will
will
quickly
follow
that
up
next
week
with
the
group
and
instant
security
dashboards,
so
that'll
square
the
lists
away
on
every
dashboard,
hopefully
by
the
end
of
next
week.
C
The
summary
feature
on
the
project:
dashboard,
the
back
end
is
about
to
be
merged,
and
so
we'll
just
need
to
hook
the
front
end
up
so
that
might
depending
on
Sam's
availability.
Maybe
that
will
happen
next
week
as
well
and
then
the
last
piece
is
the
history
dashboard,
which
I
would
say
is
gonna,
adopt
the
history
dashboard
that
I
chart
the
historical
chart
which
I'd
say
is
going
to
be
closer
to
the
end
of
the
milestone
and.
A
E
A
H
A
If
there's
any
way
that
between
you
and
Alexander,
we
can
chunk
that
up
and
be
able
to
get.
You
know
smaller
pieces
into,
mr
sooner,
because
that
puts
it
at
the
14th
right.
So
you
know
almost
even
without
trying
to
get
a
demo
to
look
at
ahead
of
time.
That's
a
bit
risky
from
getting
the
mrs
and
reviews
completed
in
the
in
a
week
right
just
from
experience.
Mm-Hmm.
A
Thank
you,
please
do
and
then
keep
us
posted.
We
can
do
this
asynchronous
asynchronously
and
the
threat
insights
Channel.
But
if
we
do
get
to
a
point
where
bringing
additional
developers
on
will
help
us
meet
this
goal,
we
want
to
identify
that
you
know
as
soon
as
possible,
because
I
do
believe
that
we've
talked
to
David
and
that
that,
if
needed,
there
could
be
help
from
the
security
team
available
to
us.
Okay,.
A
Okay,
and
then
is
everyone
in
agreement
that
we
should
be
using
the
web.
Go
project
in
production
for
this
I've
seen
no,
no,
no
nose,
I'm,
seeing
some
yeses
I,
don't
see
a
benefit
of
us
targeting
staging
because
you
still
have
to
get
through
this
approval
and
maintainer
reviews
to
get
something
onto
staging.
So
with
the
exception
of
the
fact
that
I
think
rats
just
said
it's
twice
a
week,
I
don't
think
that's
our
big
bottleneck,
okay,
so
we're
getting.
We've
got
one
minute,
left!
I!
Think
my
item
can
wait.
H
Yeah
I
just
remembered,
but
the
there's
an
endpoint
to
resolve
of
an
ability,
but
it
does
not
return
to
properties
that
we
need
in
order
to
update
the
status
description.
So
if
anybody
resolves
a
vulnerability,
it
will
still
show
the
user
and
a
timestamp
from
the
last
state
that
I
was
in
the
other
two
endpoints.
The
dismiss
and
the
confirmed
endpoints
do
return.
The
the
properties
so
I
did
bring
it
up,
but
I
think
it
was
lost
in
the
fray.
So
I
just
wanted
to
kind
of
bring
it
up
again
for
visibility,
hey
Daniel!
F
A
And
then
I
would
encourage
everyone
to
watch
the
demos
and
and
to
create
them
was
like
this.
Sam
has
been
associating
demos
with
his
M
arse
and
I
have
found
them
to
be
incredibly
helpful.
So
take
some
time
to
watch
those
if
you
haven't
Alexander
gave
us
a
screenshot
of
the
history
issue:
creation
Thank,
You
Alexander,
that
is
lovely
and
I,
don't
think
we're
gonna
get
to
any
planning
breakdown.
Discussion
on.
B
B
A
Alright,
everyone.
Thank
you,
sorry
for
cancelling
this
meeting
for
the
last
couple
of
weeks.
In
retrospect,
that
was
a
horrible
decision.
We
didn't
have
anything
rotary
for
funding
breakdown,
but
we
still
could
have
had
a
discussion.
So
thank
you
for
your
time.
I'll
share
this
meeting
and
we
will
move
forward.