►
From YouTube: Protect PM/CS Sync - July 2022
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
Yeah,
so
there's
a
couple
things
that
are
going
on.
One
is
from
the
protect
side.
I
think
there
is
now
starting
to
be
an
interest
in
viewing
and
managing
what's
running
in
a
destination
location
from
a
s
bomb
perspective
from
a
just.
B
What
what's?
What's
where?
Why
and
who's
who's
accessing
it
perspective,
that's
zero
trust!
Basically,
so
there's
a
there's
a
whole
thread
of
zero
trust
being
pulled
into
that
environment,
and
I
think
there
have
been
some
interesting
conversations,
one
of
my
customers.
We
just
had
a
conversation
yesterday.
B
The
I
don't
want
to
say
telemetry,
because
it's
not
really
telemetry
it's
more
of
a
wha.
What
is
going
on
with
the
runner
right
like
what?
What
what
was
deployed
when
it
was
kicked
off?
How
long
did
it
take?
B
Were
there
any
failures
where
do
secrets
get
kept
and
then
you're
now
starting
to
build
into
the
more
of
the
protection
side
but
sort
of
backing
into
the
the
the
whole
security
aspects
of
the
pipeline
itself
and
the
s-bomb,
and
all
that?
So
it's
like
it's
now
it's
starting
to
become
this
gigantic
train
of
things
rather
than
oh,
we're
just
doing
security
here.
Oh
we're
just
protecting
this
thing
here,
like
it's
now,
starting
to
melt
into
one
big
thing.
So
that's
that's
the
new
development
I'm
seeing
in
public
sector
for
sure.
A
Yeah,
that's
a
great
consideration.
I
know
we
acquired
ops
trace.
To
be
frank,
I
have
not
looked
into
that
in
great
detail
yet,
but
I
know
at
a
very
high
level
that
collects
a
lot
of
telemetry
for
things
like
this,
especially
for
kubernetes.
A
But
presumably,
if
you
were
running
your
gitlab
runners
and
kubernetes,
you
might
be
able
to
get
quite
a
lot
of
telemetry
out
of
that
as
well.
So
yeah,
I
wonder
if
maybe
there's
some
kind
of
a
play
there
that
we
could.
You
know
easily
combine
what
we
have
with
ops
trace
together
with
the
agent
and
the
runner,
or
maybe
we
even
already
have
it
today
quite
honestly,
and
we
just
need
to
document
how
to
set
it
all
up.
B
Yeah,
so
for
the
runners
there
seems
to
be
something
coming
out,
so
that
was
a
discussion
we
had
with
the
with
darren
eastman
from
the
runner
team,
and
he
mentioned
that
there
there
is
a
way
to
collect
a
whole
lot
of
metrics
from
the
runners
and
push
him
into
prometheus
and
have
like
a
dashboard
there.
B
B
The
problem
that
the
customer
seem
to
have
with
that
is
so
now
I
have
to
deploy
prometheus
collectors
on
wherever
my
runner
is
running.
So
I
have
to
add
one
more
thing:
there's
nothing
that
comes
out
of
the
box,
there's
nothing
that
that
I
can
just
kind
of
plug
in
and
watch
this
data
appear
in
gitlab.
B
So
it
was
a
bit
of
a
concern.
I
wouldn't
say
it
was
a.
It
was
terrible
concern.
It
was
just
they.
They
come
from
a
team
city
view
of
the
world
where
everything
was
given
to
them
by
team
city
and
they
are
suddenly
finding
themselves
not
getting
that
data.
So
it's
a
little
bit
of
a
stretch
for
them.
Yeah.
A
It
seems
like,
ideally,
we
would
just
include
the
collector-
is
part
of
the
runner
by
default
and
you
could
opt
out
of
it
or
something
if
you
didn't
want
it
and
again,
I
do
not
know
very
much
about
ops
trace.
I
kind
of
assume
it
has
a
prometheus
grafana
based
back
end,
but
I
actually
have
no
idea.
You
know,
but
you
know
that
way.
It
would
be
all
part
of
the
same
product
if
we
could
just
feed
it
there
instead
and
somehow
display
it
in
gitlab.
A
That's
an
area
of
the
product,
I'm
not
super
familiar
with,
though
so.
Maybe
I'll
try
to
set
up
a
conversation
with
our
monitor
pm
and
get
their
perspective
on
on
this
topic.
That's
really
interesting.
You're
right,
it
does
span
a
lot
of
areas
right.
It's
like
protect
runner,
monitor.
You
know
kind
of
the
convergence
of
all
of
these
things.
The
agent.
B
Yeah
and
and
the
bigger
need
that
has
come
up
from
a
different
customer,
that's
very,
very
much
forward-leaning
with
regards
to
how
they're
implementing
gitlab
they've,
so
the
the
the
customer
that
I'm
talking
about
now
is
one
that
has
adopted
git
lab
into
their
production
systems
as
the
defect
or
devops
tool.
So
we're
talking
a
large
number
of
users
using
it
happens
to
be
self-managed,
so
a
lot
of
instances
are
popping
up.
B
They
still
can't
get
their
mind
wrapped
around
one
single
instance,
because
underneath
this
one
instance
there's
like
12
or
13
entities
that
are
feeding
into
this,
so
they
are
still
kind
of
like
well,
I
don't
want
to
share
mine
with
my
my
sibling
entity,
so
I
want
my
own,
so
there's
a
little
bit
of
cracks
there,
but
we're
trying
to
unify
them
at
a
greater
level.
The
thing
is
that
they
are
now
getting
to
a
point
where
they're
like
great
we've
got
gitlab.
B
We
want
to
use
it
we're
trying
to
deploy,
but
I
can't
get
I
I
can't
get
a
couple
of
things
so
there's
a
compliance
part
of
it
right.
I
can't
get
the
audit
trail
of
who
did
what,
where
very
simply
it's
not.
I
mean
it's
we're
still
baking,
that
it's
not
100
there.
Yet,
so
that's
that's
one
product
part
of
it.
The
other
part
of
it
is,
I
have
a
running
application.
It
did
something
and
the
log
was
deploy,
was
dropped
into,
say,
splunk
or
something
combine
that
with
gitlab.
B
Can
I
correlate
the
two
in
any
way
to
see
if
the
attack
came
through
get
lab
or
if
the
attack
did
not
include
gitlab
like
how
do
I
do
that
kind
of
analysis,
and
that
my
my
mind
exploded
at
that
point,
because
I
was
like
what
are
you
even
talking
like
how?
Why
would
you
even
want
to
do
that,
but
they
apparently
have
a
used
case
where
they
they
have
to
account
for
that
sort
of
attacking.
B
So
I
I
just
want
to
bring
that
up
from
a
protect
perspective.
It
it
sort
of.
Brings
this
whole
new
aspect
of
what
is
it
that
we're
monitoring?
Are
we
monitoring
the
application
that's
developed
from
git
lab?
The
answer
is
yes,
if
that's
yes,
then
how
do
we
correlate?
What
happens
in
gitlab
with
what
happens
outside
of
gitlab
in
that
application
and
if
that's
even
a
thought
that
we
have
considered
before.
A
Yeah
that's
sounds
like
they're
trying
to
solve
some
tricky
problems.
Excuse
me,
I've
got
a
yawning
was
up
late.
Last
night
yeah
there
sounds
like
they've
got
some
complex
problems,
they're
trying
to
solve.
B
A
Yeah,
that's
a
good
point.
I
mean
I
I
think
you
know.
In
that
scenario,
it
comes
down
to
almost
a
little
bit
of
like
a
mapping
or
modeling
exercise
where
you
say
if
this
attack
were
to
come
through,
get
lab,
what
are
all
the
avenues
where
that
might
be
possible
right?
We
know
that
the
git
lab
communicates
with
the
get
lab
agent
for
kubernetes.
A
We
know
the
ip
address
of
our
git
lab
server.
You
know,
we
know
the
port.
That
communication
is
expected
on.
A
You
know
if
we
see,
like
perhaps
you
know,
communication
on
other
ports
besides
that
coming
from
the
gitlab
server,
then
I
suppose
that
would
be
an
indication
that
the
gitlab
server
itself
is
compromised
and
somebody
is
trying
to
log
into
kubernetes.
A
And
then
you
know
if
it's
on
the
port,
that's
going
to
the
get
lab
agent
for
kubernetes,
then
then
it
becomes
about
monitoring
that
process.
You
know
monitoring
the
agent
itself
and
saying
okay.
So
if
somebody
from
get
lab
is
sending
a
command
to
the
gitlab
agent,
then
what
is
that
agent
then
doing?
A
You
know
amongst
everything
else
that
was
happening
there
and
you
know
that's
not
always
that's
probably
easier
said
than
done,
because
you
know
one
command
can
spawn
another
process
can
spawn
another
process
and
so
that
you
know
that
definitely
falls
outside
of
like
what
gitlab
is
trying
to
solve,
for
that
would
be
like
a
splunk
thing
to
connect
those
dots-
and
you
know,
show
that
chain
of
activity
from
one
point
to
another.
A
So
yeah,
I
would
imagine
that
it
certainly
can
be
done.
It
probably
just
takes
some
careful
like
modeling
threat,
modeling
and
thinking
through.
You
know
what
are
all
the
different
filters
that
we
need
to
put
on
that
data
set
to
to
figure
out
what
was
happening,
and
then
it
sounds
like
what
they're
wanting
to
do.
A
The
next
step
from
there
is
saying:
okay,
we
were
able
to
monitor
that
this
command
was
executed
by
the
get
lab
kubernetes
agent,
but
it
sounds
like
what
they're
wanting
to
do
is
actually
trace
that
all
the
way
back
to
git,
lab
itself
and
say
well
who
or
what
executed
that
command
yeah.
That's
a
that's
a
tricky
one.
I
again
like
there's
no
easy
solution
there.
I
don't
know
that.
A
That's
going
to
be
something
that
we,
I
would
say
it's
unlikely
that
we
like
provide
that
as
a
feature
of
our
product,
because
I
think
that's
just
going
to
come
down
to
a
little
bit
more
custom
tooling
in
you
know
probably
more
in
splunk
than
in
gitlab
of
like
how
do
we
correlate
these
logs?
How
do
we
put
the
right
filters
on
things?
A
A
You
know
where
the
commands
originated
from
like
what
from
which
project
from
which
configuration
file,
and
then
you
can
pull
the
history
of
that
file
and
get
you
know
through
git
and
gitlab
to
see
who
made
the
change,
I
would
say,
but
yeah
that's
a
lot
of
like
custom,
tooling
and
correlation
right.
I
suppose
room
for
like.
B
Yeah
yeah,
no,
and
that's
that's
fair.
I
mean
that
you
know
drawing
the
lines
of
scope
is,
is
important
and
we
definitely
don't
want
to
like
overreach
into
splunk
scope,
for
example,
or
anything
like
that.
So
that's
interesting,
though,
that
you
mentioned
that
there
might
be
some
custom
tooling
to
monitor
what's
going
on
in
git
lab
and
we
might
have
some
logging
potentially
that
we
might
already
be
trapping
we
just
you
know
have
to
expose
it
in
some
way.
A
B
Yeah
go
ahead,
I'm
sorry!
No!
No!
So
I
think
so.
These
are
the
things
that
I
think
we
need
to
think
of
from
a
use
case.
Perspective
cross
all
of
get
lab,
and
you
see
you
see
the
concern
here.
Is
the
customer
talk
to
me
and
they're
like
how
does
gitlab
solve
this
and
it's
sort
of
a
murder
mystery
for
me
right
now,
because
I'm
talking
to
protect
which
doesn't
do
this
naturally,
so
I
will
next.
My
next
stop
is
going
to
be
verify
and
they're
going
to
be
like.
B
A
So
when
it
comes
to
like
getting
you
the
logs
that
you
need
to
do
that
correlation,
I
think
we
can
definitely
support
you
in
that,
but
doing
the
correlation
itself.
I
think
that
would
be
a
use
case
that
sits
outside
of
gitlab
would
be
my
opinion.
B
Yeah,
I
appreciate
that,
and
I
I
agree
with
you.
I
think
I
think
data
is
what
customer
might
be
looking
for.
They
think
they
want
the
functionality
which
they
can
probably
get
from
splunk.
As
long
as
we
are
able
to
provide
that
data-
and
I
think
that's
kind
of
where
the
question
is-
is
how
do
we
get
the
data?
B
Is
there
a
unified
format
in
some
cases?
Yes,
in
many
cases,
no,
okay,
if
it's
not
unified,
how
do
I
unify
it
and
get
it
into
splunk?
How
do
I
make
sense
of
the
data
that
I'm
getting
so
there
are
a
lot
of
a
lot
of
questions
external
to
gitlab.
That
need
to
be
addressed,
obviously,
but
I
think
gitlab
needs
to
provide
the
data
which,
in
some
cases
doesn't
at
this
point.
A
Yeah
well
so
to
answer
your
question
on
providing
the
data,
I
can
help
with
that
a
little
bit.
You
know
right
now.
The
get
lab
agent
for
kubernetes
is
driven
through
the
configuration
file,
so
I
would
expect
that
their
production
tool
would
be
monitoring
all
of
the
network
traffic
and
logs.
So
again
that
would
be
outside
of
the
scope
of
gitlab,
like
they
can
do
their
own
deep
packet
inspection
and
see
all
of
our
network
traffic
between
the
gitlab
server
and
the
agent.
A
So
I
would
kind
of
point
them
in
that
direction.
Saying
you
know
you
they'll
probably
need
to
write
something
that
fetches
that
get
history
and
then
pushes
some
form
of
that
into
splunk
as
a
log
effectively.
It's
not
something
that
we
like
produce
in
our
audit
log,
but
it
is
stored
in
gitlab
through
the
get
history,
and
they
would
just
need
to
pull
that
history
and
present
it
to
splunk
as
a
log.
A
Yeah
go
ahead.
Please.
C
I
was
just
gonna
say
I
think
one
of
the
early
on
decisions
we'll
want
to
look
at
in
that
space
is
whether
we
wanna
like
y'all
we're
talking
about
throw
our
hat
into
ring
right,
because
there
are
a
number
of
startups
and,
I
suspect,
part
of
the
part
of
what
we're
seeing
is
the
new
age
startups
that
focus
on
observability
with
security
and
compliance
as
their
leading
problem.
C
If
you
will
setting
new
requirements
in
the
market
right,
so
one
of
the
decisions
I
feel
like
is
whether
gitlab
wants
to
be
the
system
or
a
cog
in
the
system,
and
both
of
them
are.
You
know,
fine
decisions.
As
long
as
we
make
a
conscious
decision,
there
are
some
weird
conversations
that
I've
gotten
myself
into
like
should
get
that
be
monitoring
itself
right.
It's
like
philosophical
stuff,
but
I
surveyed
a
market
pretty
accurately
startup
market
and
like
bionic,
I
think,
is
the
one
most
people
are
familiar
with.
C
Torque
is
another
one
that
uses
security,
compliance
as
its
leading
foot
and
then
I
think,
sierra
and
humanitech,
those
that
went
off
memory
also
do
some
stuff,
that's
basically
observability
of
all
systems
and
ability
to
correlate
data
between
them.
C
They're
like
this,
let
me
try
to
pronounce
words
today:
amalgamation
of
siem
systems,
security,
analyzers
monitoring
systems,
login
systems,
yada
yada,
and
most
of
them
are
in
series
a
b
or
c
funding,
so
they're
pretty
early
on,
but
there
is
a
developing
market
out
there
that
overlaps
to
some
extent,
I
would
say,
not
at
full
extent
with
our
product.
Most
of
them
are
platforms
that
are
very
nascent
and
you
got
to
do
a
lot
of
customization,
but
their
architecture
certainly
looks
compelling.
Let's
just
put
it
that
way.
A
Yeah,
that's
a
good
point
and
probably
another
good
discussion
to
have
with
monitor
you
know
since
they're
really
leading
our
observability
play.
You
know
I
again,
I'm
not
familiar
enough
with
ops
trace
to
know
how
far
we
can
go
with
that
or
not,
but
that
would
be.
A
All
right
well
thanks
for
chatting
today
and
it
looks
like
we're
at
time
feel
free
as
always
to
reach
out
in
the
slack
channel
or
asynchronously
throughout
the
month.
If
you
have
anything
else
that
comes
up
along
the
way.