►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
So
Thank
You
Ellen
for
your
comments,
a
synchronously
ahead
of
time.
I
really
appreciate
that
to
get
some
clarity
around
what
is
offered
natively
with
Tomko
sidekick
and
what
we
would
have
to
add
as
an
extension
based
off
of
that
information
that
Ellen
provided
I
modified
their
Department
here
to
D
scope
it
and
focus
just
on
what's
available
within
telepsychic
today.
A
So
the
ability
to
send
a
black
message
send
an
email
and
send
a
message
out
via
its
log
and
created
a
separate
epoch
that
will
prioritize
and
work
on
separately
to
handle
some
of
these
other
actions
that
we
want
to
have.
But
I
wanted
to
keep
this
one
small
and
make
sure
it
could
stay
within
the
scope
of
a
single
iteration.
C
Like
to
recommend,
we
use
callbacks
web
hooks
re
web
hooks
that
works
for
slack
in
many
many
other
systems.
So
we
would,
we,
maybe
do
it
be
a
web
hook
where
we
call
a
web
hook
that
the
user
provides
in
spacious,
a
URL
you
hit
and
slack
has
integration
with
web
hooks
and
many
other
systems.
Do
too
we
document
how
to
do
it
in
slack,
but
that
would
actually
open
it
up
so
many
systems,
but
that's
just
my
thought,
was
everybody
else
thing.
A
Yeah
I
mean
another
angle
on
that
question
is
of
where
do
they
configure
it
I?
Would
you
know,
because
that's
kind
of
focused
on
how
I
would
expect
that
it
would
be
in
a
yamo
file,
but
they
add
to
their
repo
pretty
much
like
same
way.
They
can
figure
everything
out,
and
so
you
know
whether
that's
via
a
web
hook
or
otherwise.
You
know
I
would
expect
that
configuration
to
fall
in
a
yamo
file
or
they
would
be
able
to
specify
you
know
what
actions
they
want
to
have
taken.
A
B
A
B
A
That's
a
good
point:
I
was
not
aware
of
this.
At
a
time,
looks
like
they.
They
do
have
an
option
here
for
a
web
hook.
I
mean
I
want
to
keep
this
minimal,
but
but
I
mean
that
is
a
good
point
like
there
is
a
lot
of
overlap
between
this
integrations
page
and
some
of
these
other
things
that
we're
doing
you
know
JIRA
as
well.
They've
got
a
line
item
here
and
even
you
know
our
original
design
for
how
to
output
the
syslog
or
get
them
involved.
A
Adding
a
line
item
here
in
this
list
of
integrations
so
I'm
wondering
if
we're
starting
to
create
tech
debt
for
ourselves,
where
you
know
we're
going
to
want
to
go
back
and
use
these
these
settings
of
the
project
level
later
rather
than
configuring
them.
You
know
multiple
times
or
configuring
them
down
after
level.
B
A
Yeah,
thanks
for
calling
that
out,
I
think
we'll
defer,
I
think
we'll
wait
to
do
anything
related
to
these
integrations
and
just
keep
them
separate
for
now,
but
yeah
I
appreciate
you
pointing
that
out.
I
think
we're
gonna
go
into
what
to
consider
a
whole
lot
of.
Like
you
know.
How
do
we
align
these
two
with
everything
that
we're
doing
so
that
we
don't
have
people
get
places
to
configure
black,
for
example,.
C
The
people
getting
these
might
be
different
personas.
It's
probably
ready
thought
about
this,
but
the
people
getting
these
notifications
would
often
be
different
personas
than
the
people
who
are
getting.
You
know
the
other
types
of
things
that
are
listed
on
that
page.
Perhaps
either
people
they'll
be
getting.
These
are
folks
who
are
tasked
with
responding
security
alerts.
Security
folks
see
so
folks
versus
right.
A
A
Is
a
mobile,
app
yeah,
so
well,
that's
true.
Their
instance
of
slack
and
the
configuration
to
send
data
to
slack
is
likely
to
be
the
same.
Now.
You
know
which
user
in
fact
that
again
spent
too
much
is
going
to
be
different
or
you
know
the
rules
of
Windows
and
the
black
message
is
going
to
be
specific
for
the
security
team,
but
it's
likely
that
there's
just
one.
You
know
instance,
is
black
for
the
organization
that
they
want
to
some
things
to,
rather
than
a
separate
instance,.
B
Just
weekly
on
that,
the
the
integrations
are
sliding
the
question
that
we
had.
You
can
set
a
different
channel
based
on
the
events
that
you
receive
from
pre.
You
can
either
a
channel
that
is
specific
for
these
kind
of
events
that
would
be
used
by
certain
personnel.
You
can
have
a
different
channel
for
push
or
when
an
issue
is
created,
it's
configured
wherever
in
there
that
page.
A
Yeah,
like
so
we've
got
the
flexibility
we
need
there.
The
mirror
I'm
Tiago,
isn't
here,
but
I'm,
assuming
that
you're
gonna
be
the
one
running
point
on
this.
Do
you
have?
Are
you
comfortable
moving
this
out
of
planning
breakdown
and
into
refinement,
or
do
you
have
any
additional
questions
or
clarification
around
the
requirements
here?
No.
D
A
That
sounds
great
Oh:
either
you
or
Tiago
I'll
reach
out
to
Tiago
and
see
what
he
wants
to
do,
but
we'll
get
a
implementation
issue
created
for
this
one
and
move
it
to
refinement
and
and
then
I'll
close
up
with
a
vine
issue
all
right.
So
the
last
one
that
we
have
in
our
list
is
plans
for
create
edit
and
delete
policy.
So
this
one
is
still
not
100%
finalized,
but
we
are
getting
very
close.
I
believe
so.
I've
got
some
mocks
here
that
Andy
helped
put
together.
A
He
was
not
able
to
make
the
meeting
today
so
I'm
just
going
to
show
them
on
his
behalf.
But
you
know
this
was
the
policy
management
interface
that
Arthur's
been
working
on,
so
you
go
into
threat,
monitoring
and
then
policies
the
policies
tab
and
you
get
a
list
right
now.
It's
only
Cillian
policy,
but
what
will
have
more
did
it
was
later
on
and
the
idea
is
you'll
click
that
you'll
get.
You
know
the
description.
A
You
know
a
working
prototype
that
helped
to
answer
all
of
the
questions,
rather
than
try
to
describe
it
all
in
text
right
now
there
are
a
few
dropdowns
that
can't
be
changed,
because
we
only
have
cilium
policies
in
here.
So
right
now
that
says,
run
time
container
policy.
That's
your
only
option.
You
can't
change
that
future
policy
types
might
be
things
like
scanning
policies
or
scanning
configurations.
A
A
So
there
were
the
other
types
of
policies
here,
but
this
runtime
container
policy
in
the
future
would
include
not
only
cilium
but
also
things
like
mod
security
policy,
calcio
policy,
a
farmer
policy.
You
know
falco
sidekick
policy,
which
sort
of
all
fall
under
that
umbrella,
where
you
could
configure
any
of
those
items
in
that
bucket
of
things.
So
then
you
fill
out
a
name.
You
know
test
policy,
a
description
you
pick
which
environments
you
want
this
stuff
fly
to
and
I
know
with
psyllium.
A
A
Yamo
mode
is
really
you
know
where
they
just
get
a
free
form
text
editor
and
they
can
go
ahead
and
type
anything
they
want
into
this
KML
file
so
that
lets
them
use
the
full
scope
and
breadth
and
depth
of
boolean
policies.
They
can
do
layers
of
and
filtering.
You
know
they
can
put.
They
can
make
this
policy
as
complex
as
they
want
to
and
customize
and
tweak
it
exactly
the
way
they
need
it
to
work
in
rural
mode.
A
There
are
some
limitations
because
we
are
approaching
that
in
an
iterative
fashion,
we're
not
going
to
have
support
for
everything
every
type
of
phillium
policy
on
day
one,
and
so
if,
for
any
reason
they
come
in
here
and
they
type
you
know,
either
they
just
type
gibberish
or
it's
a
bad
llamo
file
with
poorly
formatted
or
they
included
like
layer.
7
filtering,
that's
not
supported
yet
in
a
little
mode.
A
Whatever
the
reason
is,
if
we
can't
parse
that
file,
then
we'll
just
go
to
an
error
state
when
they
click
on
the
wool
mode
and
say
you
know
sorry,
we
can't
parse
your
llamo
file.
You
have
to
go
edit
it
in
the
animal
mode.
Before
we
can
read
it.
It'll
still
work
it'll
still
get
to
play
down
to
the
cluster,
but
you
won't
be
able
to
use
this
UI
so
assuming
they're,
either
starting
from
scratch
or
we're
able
to
parse
the
mo
file
out.
A
Ok,
they
can
come
in
here
and
click
new
rule,
because
you
have
a
network
traffic
rule.
You
automatically
have
to
have
an
action
that
says
either
allow
it
block
the
way
cilium
works.
Is
it
blocks
everything
once
you
have
one
policy
on
an
endpoint?
It
then
blocks
all
traffic,
except
for
the
policy
that's
allowed,
except
for
the
traffic
that's
allowed
by
that
policy.
So
it's
basically
an
allow
list
model
where
you're
building
out
policies
that
allow
traffic
rather
than
block
traffic.
So
this
drop-down
is
not
editable.
A
This
drop-down
is
also
not
editable
today,
although
we'll
want
to
extend
this
in
the
future,
to
add
things
that
falco
can
cover.
You
know
things
like
if
a
process
is
started
or
you
know
if
the
shell
is
wand
or
if
you
know
a
configuration
file
is
so
that
you
know
we
can
basically
combine
silvia
and
falco
rules.
You
know,
and
a
farmer-
and
you
know
all
of
those
technologies
together
here,
so
you
can
have
this
big
statement
that
says
if
this
and
this
and
this
happen
you
know,
then
I
want
us
black
message.
A
A
What
that
policy
is
going
to
do
want
you
to
play
it
so
that
it
removes
a
lot
of
the
confusion
out
from
it
and
makes
it
simpler
for
a
new
user
to
come
in
and
get
started
using
cilium.
You
know,
rather
than
just
having
to
go
edit.
The
ml
file
directly
I
consider
pretty
much
everything
in
this
rule
mode
as
a
stretch
goal
for
thirteen.
A
D
A
Correct
yep,
so
I
mean
they're
going
to
have
a
llamo
file,
that's
deployed
into
their
clusters.
You
know
right
now
we're
reading
that
in
and
displaying
that
up,
schoolers
that
Arthur's
been
doing
in
13:1,
but
we'll
take
that
llamo
file
and
we'll
try
to
parse
it
out
and
see
if
we
can
understand
it
and
put
it
into
this
rule
mode,
if
we
can
send
great
we'll
let
them
edit
it
here.
If,
for
any
reason
at
all
like
that,
parsing
fails,
you
know
it.
A
It
could
be
a
valid
specification
and
just
have
a
field
that
we
don't
get
support.
It
could
just
be
gibberish,
yellow,
like
there's
a
lot
of
reasons
why
it
can
fail,
but
if
it
fails
for
any
reason,
I
don't
have
a
mock
for
that
now,
but
we'll
just
you
know,
you
won't
have
this
at
any
experience.
It'll
just
give
you
an
error
message
and
tell
you
to
go
fix.
It.
C
A
Yeah
I
think
this
is
going
to
be
a
huge
differentiator
for
us
in
the
space
as
far
as
I
can
tell
no
one
else
has
this
kind
of
a
policy
editor
and
especially
a
policy
editor
that
lets.
You
span
multiple
technologies.
So
when
you
come
in
here
in
this
mode,
it
doesn't
feel
like
you're,
creating
a
cilium
policy
they're,
just
telling
it
what
you
want
to
do,
and
then
we
farm
that
out
to
the
technologies
that
need
to
take
the
action.
C
Yeah
I
agree:
I
guess
what
I
was
saying
is
just
the
way
that
Andy
put
this
together.
Not
the
specific
this
specific
feature,
but
just
this
live
you
know,
clickable
user
interface
is
a
way
to
describe
what
we
want
to
build
is
I
know
it
takes
a
lot
of
effort
for
Andy,
but
is
it
really
helps
people
to
get
their
head
around?
What
the
UI
should
look
like
when
we
actually
implemented,
but
but
I
agree
with
everything
you
said:
teaser
I.
A
A
C
B
B
We
have
in
the
issue
because
I
don't
have
a
link
to
the
issue
right
there,
because
we
only
saw
the
part
when
you
can
create
a
new
policy.
But
is
there
anything
with
regards
to
where
you
can
list?
The
police
is
already
the
police's
delay.
The
bristles
everything
crab
but
regards
to
the
police
is
just
more
majority.
A
We're
already
doing
view
is
is
already
in
progress,
in
fact,
I
think
Arthur's,
pretty
much
finished
that
so
you
know
viewing
is
done
as
a
totally
disabled,
so
this
just
covers
creating
editing
into
leading
and
again
the
mocks
are
not
a
hundred
percent
done
so
so
the
answer
would
be
no
like.
We
don't
have
mocks
for
the
workflow
for
deleting
yet
and
we
need
to
get
some
more
error
states,
but,
as
I
mentioned,
we're
getting
close
and
I
wanted
to
share
what
we
have
now,
even
though
it's
not
a
hundred
percent
done.
A
This
is
a
big
one.
Design
wise
so
I
know
we're
going
to
be
running
up
towards
the
end
of
this
iteration
to
have
everything
ready
but
I'm,
hoping
that
we
have
enough
that
you
know
we
can
at
least
get
a
start
on
it
in
thirteen
to
you,
even
if
you
know
it's
kind
of
a
just-in-time
model
where
we'll
get
you
know
the
designs
just
in
time
to
for
the
engineers
doing
the
work.
A
A
So
it's
you
know
to
figure
out.
What's
coming
in
13,
you
kind
of
have
to
look
across
few
columns
now,
but
we'll
have
those
three
items
for
13,
a
fter
13
I
plan
to
put
a
pause
on
the
policy.
Man
work,
not
that
it's
not
good.
It
is,
it
is,
you
know,
very
important
for
us,
but
we
have
a
good
base
there
this,
but
you
know
once
we
have
to
create
edit
and
delete
we'll
have
a
good
foundation
there.
A
So
we
can
pause
that
and
we're
going
to
start
working
on
providing
an
alert
dashboard
where
you
can
go
and
see,
alerts
that
have
come
through
the
system
and
again
since
we
have
just
a
little
bit
of
extra
time,
can
give
you
just
a
rough
concept
of
what
it
might
look
like.
So
we
have
a
similar
parallel
today
in
operations
alerts.
This
is
for
a
different
persona.
A
These
are
alerts
about
like
the
performance
of
your
cluster
that
have
had
problems,
but
a
lot
of
these
principles
are
the
same
and
will
likely
end
up
reusing
some
of
these
divine.
You
know
some
of
this
design
as
well,
if
it's
not
all
of
it,
where
you
get
basically
a
list
of
alerts
that
have
come
in,
there's
a
severity
associated
with
them.
You
know,
there's
a
count,
so
you're
rolling
things
up
and
aggregating
duplicates.
You
can
put
a
status
on
them.
A
You
can
dive
in
and
be
details
and
then
take
action,
so
you
know
create
an
issue
or
if
an
issue
has
already
been
created,
you
can
be
the
issue.
You
should
be
able
to
assign
these
out
to
people
but
having
some
kind
of
an
alert
dashboards
where
you
know
this
would
not
be
everything
that's
captured
in
the
logs,
because
that
would
just
overwhelming
and
spammy.
You
know.
The
assumption
is
that
users
would
tailor
a
list
of
things
that
they
actually
care
about.
A
You
know
things
that
are
truly
alerting
to
them
that
you
know
and
again
it
may
be
more
combinations
of
things
like
if
I
see
a
process
started
and
I
see
a
network
port
open.
You
know
and
I
see
attempted
communication
between
pods
and
so
I
am
you
know,
so
it
could
be
a
combination
of
things
that
contributes
to
these
alerts.
But
then
that's
concerning
to
me
and
I
want
to
actually
go
investigate
that
more.
So
you
know,
starting
in
in
thirteen
three.
Our
plan
is
to
shift
our
focus
to
building
out
this
alert
dashboard.
A
A
Then
we're
going
to
want
to
put
a
pause
on
adding
new
technologies
there
and
go
back
and
do
some
of
the
other
foundational
things
that
we've
done
for
the
other
technologies,
like
you
know,
giving
it
an
on
and
off
switch
in
the
UI
exporting
the
logs
out
to
syslog
and
adding
something
to
the
the
I'm
spacing
on
the
name.
The
statistics
page.
Basically
adding
you
know
container
host
security
statistics.
E
Maybe
Turnitin
chat.
Okay,
we
can
hear
you
now
Ellen
go
ahead,
all
right
about
NMR
for
Falco.
You
know
we
have
a
ping-pong
with
with
maintain
earth.
We
are
undecided
what
to
do.
Actually,
if
we're
going
to
stay
with
the
name
that
we've
decided,
I
mean
gitlab,
container
security
or
like
house
security
or
or
we
gonna
revert
that
to
falco
only
I'm
just
curious
with
what
we
want
to
do
now.
C
We're
losing
your
audio
again
yeah
I'm.
A
Losing
your
audio
there
at
the
end,
but
the
only
reason
I
have
an
opinion
on
that
at
all
is
simply
because
we
don't
want
to
bind
ourselves
to
three
years
of
support.
Otherwise
I
would
not
care
at
all
what
we
have
in
the
in
the
back
end
and
the
text
so
I
just
want
to
make
that
super
clear,
like
you
know
that
that
is
the
only
reason
that
I'm
getting
involved
in
this
one
at
all.
A
You
know
what
David
posted
most
recently
is
that
we
should
just
go
with
the
assumption
that
it's
one
year
or
less
of
you
know
an
obligation
that
we're
binding
ourselves
to
support
so
I'm
much
more
comfortable
with
that.
I
have
not
had
a
chance
yet
this
morning,
since
I
got
into
post
on
the
EMR,
but
if
we're
going
with
the
assumption
that
it's
a
year
or
less,
but
it's
a
lot
less
concerning
to
me
and
I'm,
okay
with
using
the
term
Falco.