►
From YouTube: Secure:Threat Insights group discussion 2021-07-20
Description
https://docs.google.com/document/d/1OoBhaX2sRcLAndm7B2ENUTi5f6OGaQfAcBN1Rv1Bukw (internal link)
A
A
A
Yeah
we
had
some
questions
in
the
document
the
house
not
here
to
verbalize
he
he,
I
don't
think
he
had
the
full
picture.
He
was
talking
about
documentation,
updates
and
links
to
references,
but
lindsey,
replied
and
explained
that
we
we're
gonna
integrate
with
the
with
the
training
solution,
and
his
second
question
is
about
which
training
and
then
matt
replied.
B
B
So
right
now
we
have
two
training
vendors
that
are
interested
in
offering
their
training,
and
so
it
would
be
almost
kind
of
a
like
a
free
sample
in
the
event
that
there
are
even
more
than
two.
I
think
what
the
idea
is
is
we'll.
Let
users
choose,
they
may
have
experience
or
preference
for
one
versus
the
other,
but
none
of
these
vendors
is
going
to
cover
everything,
so
every
language
and
cwe
combination.
B
A
A
I'm
not
sure
I
follow
so
the
implementing
this
means
doing
the
front
end
doing
the
the
back
end
stuff,
the
storing
the
configuration.
I'm
thinking
that
we
don't.
We
don't
know
if
this
thing
is
going
to
pan
out.
If
you
want
to
keep
it,
we
could
not
do
the
screen
and
use
a
feature
flag
instead,
say
hey.
If
you
want
to
use
it,
we'll
turn
it
on
the
promise
that
on.com
we
need
to
ask.
A
B
X,
guess
I'm
still
not
really
following,
so
if
we
have
at
least
one
of
the
training
vendors
well,
I
have
one
that
is
definitely
wants
to
move
forward
with
this.
So
I
we
have
an
nda
in
place.
We
have
the
api
from
them,
so
the
idea
is
as
soon
as
we
build
this
out.
It's
it's
live!
That's
why
the
feature
is
going
to
default
to
being
off.
So
I
guess
I'm
still
understanding
what
the
feature
flag
would
get
us.
A
A
B
Go
for
it,
I
was
going
to
say
the.
I
think.
The
one
reason
that
I
don't
want
to
go
a
feature
flag
route
is
that
those
are
not
very
visible
and
it
requires
a
lot
of
effort
to
go
turn
those
on.
So
one
of
the
designs
in
here
is
actually
we're
going
to
try
to
drive
people
to
this
with
an
end
product
notice
which
will
take
them
to
that
part
of
the
configuration
screen
because
really
want
to
say,
hey,
look,
there's,
there's
something
here,
that's
new!
It's
shiny!
A
C
So,
on
that
same
note
of
iteration,
you
know
one
area
that
seems
like.
Maybe
we
could
release
in
a
second
iteration
would
be
that
defaulting
to
the
second
vendor
and
choosing
the
primary.
Would
it
be
possible
to
consider
this
as
a
first
iteration?
If
you
just
configure
your
vendor
say
we
do
have
two.
This
will
be
a
lot
more
simple
if
we
have
one
obviously,
but
if
we
end
up
with
two,
you
choose
your
one
vendor.
C
B
C
B
Yeah,
we
only
have
two
that
are
engaged
right
now.
I
think
my
thinking
behind
this
is
once
we
have
all
of
this
in
place
and
by
all
of
it
I
mean
what
we
see
here
in
the
design,
I'd
like
to
go
out
and
approach
additional
training
vendors
to
see
if
they
want
to
be
included
here.
So
then
it's
a
lot
easier
to
add
them,
but
if
there
is
just
two
having
a
toggle
yeah,
I
think
that's
perfectly.
Okay,.
A
B
B
A
B
F
B
It's
already
on
a
much
more
public
video
from
a
chat,
but
I
I
actually
on
a
very
recent
webinar
showed
this
mock-up,
and
somebody
pointed
out
to
me
that,
apparently,
that
is
a
there's,
a
lot
of
negative
history
behind
that
term.
And
it's
something
that
if
I
mentioned
eddie,
we
should
probably
take
that
out
of
the
vodkas.
But.
B
B
C
Think
it'd
be
none
and
then
one
and
then
option
two
right:
you
can
choose
nothing.
I'm
sure
that,
like
danielle
has
some
great
suggestions,
I'm
sure
andy
might
have
some
thoughts
on
how
we
could
accomplish
that.
But
I
just
imagine
the
logic
to
do.
The
default
team
would
be
harder
than
figuring
out
like
how
we'd
implement
that
in
the
ui.
E
So
from
back
back
in
perspective,
I'm
saying
like
if
we
are
adding
in
future
more
options
it's
in
in
the
back
end
it
it
would
be
rather
to
save
it
in
a
fashion
like
how
we
will
deal
with
in
the
in
future
because
like
if
it's
boolean
boolean
now
as
a
column,
then
we
need
to
remove
that
and
make
it
state
something
one.
Two
three
or
four
yeah.
E
B
E
B
B
Us
tracking
cwes
internally,
so
if
the
cwes
are
part
of
the
same
hierarchy,
then
I
know
at
least
one
of
the
vendors
apis.
You
can
ask
for
a
cwe
anywhere
from
forget
how
deep
the
cw
hierarchy
is
like
five
or
six.
I
think
layers
any
of
those
will
return,
basically
the
same
training
if
they're
different,
that's
a
good
question.
So
maybe
we
just
go
with
the
primary
identifier
for
the
vulnerability
and
if
that's
not
available,
just
take
first
cwe.
B
C
A
A
A
C
A
great
response
around
the
back
end
effort
might
not
be
saved
at
all,
and
I
don't
know
if
there's
a
big
amount
of
savings
in
the
front
end
for
the
suggestion
I
made.
But
that
doesn't
mean
there's
not
other
ones,
so
other
ways
that
we
can
approach
this
and
not
have
two
full
milestones
until
it
gets
out
the
door.
B
Yeah
lindsay,
I
was
thinking
about
what
you
said,
though,
and
if
we
modified
the
mock-up
slightly
suvashish
could
pursue
where
we
know
we
want
to
go
on
the
back
end.
But
if
the
front
end,
it
really
was
like
a
check
box
to
enable
the
entire
sort
of
chunk
of
the
functionality,
and
once
you
enabled
the
chunk,
you
had
the
radio
boxes.
C
Daniel,
I
don't
know
what
your
thoughts
on
this
like
doing,
one
with
the
other,
but
for
me
the
savings
wasn't
from
a
front-end
perspective.
It
was
around
the
defaulting
on
the
back
end,
like
I
found
out
that
my
primary
vendor
doesn't
have
a
solution
now
I
need
to
check
and
see
if
the
secondary
vendor
has
a
solution
and
display
that,
instead,
that
would
be
where
the
potential
savings
were
again.
I
don't
know
how
much
but
daniel
do
you
think
from
a
front
end?
There's
any.
C
A
A
C
C
A
A
A
C
B
Okay,
so
the
the
the
longer
the
short
of
this
is.
This
is
something
that's
going
to
give
you
a
whole
overview
from
a
group
level
of
the
status
of
all
projects
under
that
group
in
terms
of
how
the
scanners
are
configured
when
they
last
ran,
if
there
are
any
particular
problems
in
any
individual
jobs
or
pipelines,
so
this
is
sort
of
the
scanner
pipeline
health
check
for
an
entire
group.
It's
it's
something
that
becca
came
up
with.