►
From YouTube: Defend: Threat Insights Weekly Group Discussion
Description
Weekly meeting for the Defend:Threat Insights group
A
B
This
is
just
a
quick
update
about
the
vulnerability
history
feature:
there's
nothing
that
I
didn't
write
down.
I
think
the
back
end
is
merged
yesterday.
But
since
it's
late
in
the
release,
I
don't
want
to
expect
that
one
associates
location
that
it
probably
won't
get
in
for
30.
No,
so
Josh
does
not
feel
pressured
by
that
and
actually
should
be
implemented
that
something
magenta.
C
B
B
C
C
A
B
A
All
right,
great
thanks,
I'll
yell,
I
added
the
second
agenda
item.
It
was
brought
up
today
that
we
didn't
update
the
documentation
for
the
dashboard.
Specifically,
we
have
documentation
around
the
standalone
page.
We
have
documentation
around
the
export
feature,
but
the
dashboards
themselves
still
reflect
old,
screenshots,
so
I'm
working
with
Nick
to
correct
that
my
kind
of
reason
for
bringing
this
up
was
one.
They
asked
to
get
confirmation
that
some
of
this
text
was
so
correct.
So
this
is
more
of
a
process.
A
A
We
retain
history.
Now
they
are
standalone
objects
that
persist
over
time,
even
what
okay,
so
this
verbage
needs
to
change,
then,
whether
we
remove
it
or
what
I'll
work
with
with
Nick
on
that
I
just
wanted
to
ensure
that
my
understanding
is
correct.
Now
that
we've
moved
to
standalone
vulnerabilities,
we're
looking
at
more
of
a
historical
representation
of
vulnerabilities,
where
his
findings
was
just
a
snapshot
of
what
was
on
master
at
the
last
successful
run,
I
see
I,
see
some
nodding:
okay,
I.
Never
what
I
say.
A
Okay,
thank
you
and
then
my
last
observation
was
that
is
that
you
know
later
down
in
his
agenda.
Stu
vause
shared
us
a
demo
of
adding
the
project
filters
to
the
dashboards
that
are
missing,
I'm
gonna
kind
of
drag
my
heels
I
wish
way
and
had
his
video
on
so
I
could
watch
the
reaction
on
his
face
when
I
say
this,
as
opposed
to
having
to
repeat
this
process
multiple
times.
G
A
G
Me
and
users
are
gonna
click
on
the
document.
You
know
who
I
don't
know
what
our
uptake
on
users
of
users
you
actually
reading
the
documentation
in
general.
You
know
that's
relatively
low
in
any
product,
but
you
know
when
the
doctor
patient,
isn't
there
then
users
when
they
need
it
or
want
it,
then
they
get
really
frustrated.
The
main
standalone
vulnerabilities
page
is
in
you
know,
is
in
pretty
good
shape.
The
dashboard
still
has
the
old
dashboards
in
it,
which
I
know
you
know.
G
We
didn't
ask
Nick
to
look
at
that
until
just
a
couple
hours
ago,
so
thanks
Nick
for
starting
to
look
at
it,
but
you
know
we
definitely
don't
expect
that
in
30
No,
so
I
don't
think
it
needs
to
be
perfect
and
a
doctor.
She
needs
to
be
perfect,
I
think
we
iteratively
improve
it
and
if
it's
more
effort,
okay,
do
it
multiple
times
and
that's
not
worth
the
value
we
get
out
of
it.
You,
like
you,
know
multiple
iterations
of
screenshots,
so
be
it
yeah.
A
No
I'm,
just
like
I
meant
like
until
tomorrow.
You
know
some
of
the
work
that
I'm
referring
to
is
going
to
staging
today.
I
can
capture
it
on
staging.
We
can
get
the
screenshots
out
prior
to
1300,
watching
I
just
know
that
now
customers
are
starting
to
see
this
in
the
dashboard,
so
I
don't
want
to
wait
too
long.
So
does.
G
A
All
right,
thanks,
Nick
and
I'll,
follow
up
on
that
and
share
in
the
thread
inside
term.
There's
a
few
demos.
If
anyone
had
an
opportunity
to
I
got
to
watch
them.
I
did
try
to
put
some
doubts
in
here
around
a
couple
of
items
that
sabasha
was
referring
to
that
he'd,
like
some
feedback
on
from
a
UX
perspective,
so
I
think
Andy.
If
you
haven't
had
a
chance
to
look
at
these.
A
What
are
your
thoughts
on
so
to
summarize,
the
first
one
was
around
the
project,
dropdown
filter
and
adding
that
back
to
the
instance,
level
and
group
level,
dashboards
and
I
think
his
first
observation
was
because
the
projects
that
have
vulnerabilities
the
data
loads
a
little
bit
later,
that
you
initially
just
see
the
filter.
That
says
all
projects,
and
it
takes
a
couple
of
seconds
to
populate
with
the
projects
that
you
could
filter
on.
F
Thing
it's
urgent
I
mean
there's,
there's
enough
signals
in
the
UI
to
a
lot
of
people
to
know
that
something's
happening
and
something
will
happen.
It's
definitely
room
for
improvement,
but
I
think
based
on
category
maturity
and
all
the
other
things
in
the
backlog.
I,
don't
think
anybody's
gonna,
like
flip
the
card
table
over
for
verbally.
A
Okay
and
then
the
second
one
seemed
a
little
bit
more
urgent,
but
I'm
assuming
it's
also
in
that
same
category.
If
you
select
a
project
that
doesn't
have
vulnerabilities
that
match
your
filter,
the
message
displays
something
very
generic
and
I
know.
We
have
another
issue
around
that
in
general,
just
improving
that
error
handling,
but
so
I
don't
know
any.
If
you
want
to
think.
A
F
I
was
gonna
update
that
issue.
So
that's
a
really
good
recommendation,
I'm
just
saying,
like
projects,
plural,
as
opposed
to
talking
about
the
group
vulnerabilities
which
yeah
I
think
empty
states
you
ever
dope
into
them.
There
there's
plenty
to
fix
there,
so
I
can
see
if
that
seats
nicely
with
some
of
the
empty
state
work
going
on
and.
A
F
A
Have
to
look
at
this,
you
know:
we've
had
some
conversations
recently
around
the
remediations
I've
personally,
never
seen
this
badge
on
the
new
dashboards,
I'm,
not
sure
I'm
kind
of
looking
Alexander
or
a
VL
I'm,
assuming
this
wasn't
done
by
Mark,
just
targeting
the
old
free
graph
QL
dashboards
in
1210.
But
that's
a
big
assumption,
so
I
think
we're
gonna
have
to
confirm
that
you
know
we're
still
supporting
this
with
the
native
owner
standalone
vulnerability,
back
dashboards,
yeah.
A
Okay,
so
we'll
have
to
follow
up
on
this
one
thanks
for
calling
it
out,
though,
all
right
before
we
move
on
to
planning
breakdown.
Did
anyone
else
have
anything
to
demo
or
discussions
that
we
kind
of
breezed
past.
A
F
F
Preparing
for
it's
like
an
issue
icon
with
a
checkbox
check
in
it,
I'm
forgetting
prepared
for
us
as
a
you
know,
company
removing
that
or
deprecating
that
so
we
can
just
go
with
the
standard
issue
open.
A
nice
hat
would
be
able
to
render
the
issue
closed
if
an
issue
is
closed,
so
that
would
be
fantastic.
A
I'd
have
to
do
a
little
bit.
Digging
I
should
look
at
this
before
the
call,
so
you
know
of
the
items
that
we
ended
up
having
to
defer
for
them
bc.
I
know
that
having
visual
representation
of
the
issues
that
have
been
created
up,
a
vulnerability
was
something
that
was
discussed,
but
I
honestly
can't
remember
right
now,
if
this
was
something
that
was
in
place
is
in
place
right
now
or
we're
working
on
it
in
1300
or
if
it
got
deferred
to
13
that
one.
A
H
A
D
H
B
A
So
bedridden
grooming,
a
little
bit,
do
you
think
that
this
can
be
completed
in
1
iteration
kind
of
going
back
to
what
our
definition
of
what
we're
trying
to
achieve
and
planning
breakdown?
You
know
our
big
questions.
Are
the
requirements
clear
enough
to
understand
the
intent,
so
we
know
the
boundaries
of
the
work
and
is
the
research
and
the
solution
of
validation
complete?
Do
we
think
that
we
can
check
off
all
three
of
these
answers
for
this
particular
issue?.
H
A
A
To
put
this,
we
do
have
a
workflow
of
refinement
now,
which
is
the
next
step
we
were
previously
using
a
label
called
needs
grooming,
in
addition
to
the
planning
breakdown
say,
but
somebody
created
the
refinement,
workflow
state
that
we're
gonna
start
to
use
so
I'll
go
ahead
and
update
that
up
to
this
call,
we
have
two
more
items
from
today's
agenda.
This
one's
a
little
bit
larger.
C
This
is
both
for
our
internal
scanners,
so
there
are
definitely
structural
differences
in
let's
say
versus
sassed
in
the
type
of
information
we'll
get
back.
So
once
you
get
beyond
the
common
things
that
we're
hoping
come
from,
all
the
scanners,
like
a
description
of
severity
level
and
with
the
basic
identifier,
is
like
a
CV
II.
We
need
a
way
where
the
scanners,
either
our
internal
teams
or
even
third
parties.
So
we
do
have
a
very
limited
number
of
official
security
integration
partners.
We'd
like
to
a
lot
more
customers.
Ask
us
all
the
time
they
say.
C
I.
Have
you
know
XYZ
scanner
already
paying
for
I
would
love
to
integrate
that
with
gitlab?
Have
it
run
in
my
pipeline?
See
it
all
in
one
place,
that's
a
big
part
of
our
value
prop,
so
this
is
about
extending
the
new
standalone
vulnerability
pages
to
give
them
an
area
where
we
can
actually
put
some
of
this
information
in
sort
of
a
generic
structure
where
we
don't
have
to
predefined
everything
we
don't.
We
don't
want
to
have
to
be
the
bottle
accurate
I'm
somebody
has
a
new,
a
piece
of
data
to
add.
C
Don't
worry
about
the
scanner
integration
part
for
this
at
all,
so
there's
a
whole
separate
process
that
partners
have
to
go
through
to
become
a
couple.
You
know
a
certified
or
an
official
partner.
We
actually
only
have
one
that's
completed,
that
part
of
that
is,
they
have
to
follow.
They
have
to
use
our
API
is
and
follow
our
integration
model.
C
Really,
that's
all
to
say
they
are
effectively
doing
the
same
thing
that
we're
asking
of
our
own
internal
scanners.
They
are
outputting
a
common
report,
JSON
structure
and
they
we've.
You
know
defined
fields
where
they've
got
some
flexibility,
but
they're,
basically
putting
things
in
the
right
place.
This
is
more
about
there
being,
even
today
we
have
things
in
the
JSON
artifact
that
we're
not
exposing
in
the
front
end,
and
there
are
the
intent,
is
to
pull
more
that
information
and
make
it
available
to
the
user
as
well
as
heading
so
that
last
column.
C
H
Okay,
so
with
this,
these
external
scanners,
with
with
a
they're
creating
their
own
vulnerabilities,
then
correct,
correct,
I,
see,
and
so
these,
like
these
third-party
scanners,
are
just
creating
vulnerabilities
and
then
the
there
were
you
there
using
our
API
to
I,
guess
populate
the
vulnerabilities
table,
and
then
we
would
just
pull
hornbill.
These
like
we
would
normally
is
that
correct
to.
C
Be
honest,
I,
don't
know
how
this
is:
gonna
go
with
the
transition,
so
we
do
only
have
one
vendor
who
is
aware
they
I
think
it
was
twelve.
Eight
I
first
engage
them
and
so
they've
been
following
the
work.
I
don't
know
if
they're
gonna
have
to
populate
that
directly.
Is
that
what
our
scanners
today
are
doing,
or
we
actually
parsing
the
JSON
from
the
artifacts
that
they
leave
as
the
pipeline
completes.
B
C
That
that's
kind
of
what
I
thought
so
they're
the
vendors
are
still,
they
will
output
from
their
tool,
a
JSON
artifact
that
matches
our
common
report
format
and
they
are
placing
it
in
the
right
location
so
that
it
gets
picked
up
like
it
would
for
our
baked
in
you
know,
a
SAS
that
asked
the
dependency
scanners.
So,
for
their
perspective,
there
really
shouldn't
be
much
that
changes,
and
this
is
just
as
much
about
like
you
know,
for
instance,
the
the
dash
scanners.
C
The
type
of
information
they
may
want
to
display
is
not
the
same
as
a
SAS
scanner,
so
we
there's
not
really
a
way
that
we
can
have
sort
of
a
common.
You
know
super
structure.
Fuzzing
is
another
big
sort
of
what,
if
it's
not
going
to
be
vulnerabilities
per
se,
it's
going
to
be
here
things
that
cause
particular
end
points
or
api's
to
crash.
So
how
can
we
give
them
a
way
to
display
that
that's
sort
of
a
common
without
having
to
have
a
crazy
report?
C
I,
don't
want
to
go
down
that
route.
Well,
I!
Guess
what
I'm
saying
is
so
Lindsey?
Could
you
go
back
to
the
previous
image?
You
just
hand
pulled
up
there
so
see
that
other
block,
so
there's
going
to
be
additional
information
in
in
the
I
figure.
What
it's
called
today,
one
of
the
one
of
the
fields
I
think
it's
just
a
I,
don't
have
firmware
for
it's
an
array
or
just
it's
like
basically,
a
free
foreign
key
value
pair
section
yeah,
that's
sort
of
like
the
other
stuffs.
C
B
A
My
question
Matt
is
that
you've
got
a
lot
of
different.
You
know
steps
involved
in
this
process.
Are
we
really
looking
at
sort
of
the
lowest
priority,
or
these
not
an
order
I'm?
Some
of
the
questions
that
Alexandre
is
asking
about
how
we're
gonna
get
this
data.
Are
they
accomplished
in
some
of
these
earlier
issues
that
are
associated
with
this
epoch?
They.
C
This
is
all
from
the
dashboard
or
sorry
the
ListView,
and
it
is
sort
of
working
from
actually
I
think
we
can
see
this
multi-select
wasn't
even
a
thing,
but
how
can
you
select
more
than
one
vulnerability
and
start
grouping
things
together
and
that's
what
those
top
five
items
are
all
about,
as
the
mechanics
of,
if
I
have
integrated
a
third-party
scanner,
let's
say:
I
have
a
third-party
SAS
scanner,
but
I
also
continue
to
run
the
get
labs.
A
scanners,
there's
a
really
good
chance.
C
C
A
C
The
format
supports
what
we
have
conceived
here
today,
so
it's
up
to
the
vendor
and
even
our
own
internal
scanners,
to
structure
the
information
and
that
sort
of
you
know
extra
content
block.
However,
they
want
in
the
JSON
file,
so
a
customer
that
is
working
with
one
of
our.
You
know
our
preferred
integration
partners,
conceivably
they're,
already
doing
that.
Now
they
could
change
and
clean
up
the
structure
a
little
bit.
We
wouldn't
have
to
do
any
work.
That's
why
we
were
trying
to
make
this
sort
of
a
generic
block
for
additional
content.
That
was.
D
A
So
we
need
that's,
that's
my
question
and
I
think
that
you
did
a
better
job
of
phrasing.
It
Thiago
is
that
work,
those
assumptions
that
you're
describing
representing
represented
in
this
issue
or
do
we
need
another
issue
for
that.
Getting
the
data
in
the
database,
and
you
know,
reading
that
third
party
scanner
data
that
we
can
test
against
I.
C
Think
I
may
have
kind
of
confused
the
issue
a
little
bit
too.
So
when
I
originally
wrote,
this
I
was
thinking
that
third
parties
really
were
very
much
different
than
what
we
do
with
our
own
scanners.
I
think
this
is
equally
as
much
about
our
own
scanners
have
very
different
needs
when
it
comes
to
the
detailed
information
that
they
want
to
display
on
the
vulnerability.
C
A
A
Thank
you,
okay,
so
from
a
planning
breakdown
perspective,
that's
a
big
understanding
the
boundaries
and
is
this
work
size
to
where
we
can
fit
it
into
one
iteration
I
feel
like
we're.
Probably
gonna
want
to
revisit
this
in
a
week.
I
mean
I'm,
really
glad
you're
here,
AVL,
don't
get
me
wrong,
but
I
know
you're
not
permanently
on
these
dashboards
or
working
on
Sinaloan
vulnerabilities
or
both
insights
with
us
long
term.
So
I
would
like
to
revisit
this
conversation,
and
we
have
some
of
the
backend
engineers
from
defend
on
this
call
as
well.
A
So
we
only
have
one
other
issue
and
we
have
one
more
minute
and
I
think
this
issue
will
hopefully
there'd
be
very
quick
because
we've
already
done
this
twice.
So
this
is
the
third
of
our
export
reports.
This
would
be
the
group
level
report.
We've
done
this
for
the
project.
The
instance
levels
already
we're
looking
to
I'm
actually
sure
why
I
still
have
this
on
this
list.
It's
still
in
design
and
we
have
a
weight
on
it.
I
think
I
just
messed
up
so
I,
don't
know.
We
need
to
actually
talk
about
this.