►
From YouTube: Threat Insights Weekly Group Discussion
Description
Weekly meeting for the Secure:Threat Insights group
A
Welcome
to
the
weekly
secure
threat,
insight
group
discussion:
we've
got
a
lot
of
accomplishments
to
highlight
over
the
last
week,
so
feel
free
to
click
through
any
of
those
links
in
the
agenda,
and
our
first
agenda
item
is
from
our
guest
attendee
james
johnson
who's
gonna
introduce
himself
and
then
tell
us
what
he
put
in
the
agenda.
B
B
So
it's
not
so
much
contributing
directly
to
the
product
or
maintaining
features
long
term.
It's
more
about
the
research.
We
also
do
a
few
other
things.
We
maintain
gymnasium
db
and
we
run
the
cna
program.
So
we
can
issue
cve,
ids
yeah
and
I
link
to
the
page
in
the
handbook.
If
you
wanted
to
read
up
a
little
more
on
it
but
yeah,
it's
pretty
small
team.
It's
myself
julian
julian
tome,
and
isaac,
dawson
and
mark
art
is
our
manager.
B
So
yeah
is
that
about
what
you
were
looking
for,
lindsay
awesome,
very
cool.
So
to
that.
So
I'm
also.
My
agenda
item
specifically
is
about
this
individual
contributor
gearing
working
group.
There
was
a
very
large
merge
request.
A
few
weeks
ago,
thing
was
open,
maybe
a
month
ago,
about
having
gearing
ratios
for
the
staff
plus
roles
so
for
staff
and
everything
above,
and
it
brought
up
a
lot
of
interesting
concerns.
Things
to
talk
about
and
a
the
merge
request
ended
up
being
closed.
B
The
discussion
was
too
big
to
handle
and
to
really
have
effectively,
and
so
eric
wanted
to
try
a
functional
leads
approach
where
they
work,
where
a
working
group
works
with
a
smaller
set
of
representatives
from
different
organizations,
and
so
I'm
representing
the
defendant,
secure
department,
and
I
have
an
epic
that
is
keeping
track
of
my
notes
of
every
meeting
and
any
ongoing
feedback
and
discussions
that
people
have
so
it
does
kind
of
impact
most
people
if
you
wanted
to
go
down
the
individual
contributor
route.
B
So
it's
very
interesting
keeping
track
of
the
discussions.
There's
four.
Actually
five
different
proposals,
we're
looking
at
right
now
and
one
of
the
proposals
is,
we
do
nothing
and
we
leave
things
how
they
are
so
yeah.
My
agenda
item
is
mostly
bringing
this
to
your
attention.
I
meant
to
do
this
last
week,
but
I
did
not
make
that
happen.
So
here
I
am
today.
C
No
there's
a
lot
to
read
so
the
end,
there's
a
good
discussion
with
lucas
already,
so
I
got
some
some
stuff
to
to
catch
up
on
thanks
thanks
for
doing
that,
and
this
is.
D
Half
the
team,
which
is
great,
or
at
least
you
know,
representative
of
half
team,
since
there's
two
groups
thiago
or
lindsay,
can
you
let
the
the
container
security
group
know
about
this
as
well?.
D
There's
james
there's
two
groups
there's
threat
insights,
which
is
this
group
of
which
about
half
people
come
because
half
are
in
half
for
an
apac
half
are
into
me
and
then
some
in
north
america
and
then
there's
a
container
security
group
too,
which
is
also
smaller
gotcha.
B
Gotcha
all
right
yeah.
So
if
anybody
does
have
any
questions,
feel
free
to
reach
out
to
me
directly
too
or
comment
in
the
issue.
There
yeah
lucas,
because
charles
had
some
concerns
about
not
being
involved
in
the
broader
discussion,
and
so
that
is
a
secondary
scope
of
the
working
group
is
to
try
to
figure
out
a
better
way
to
scale
very
large
discussions.
B
And
so
I
actually
started
so.
We
made
lucas-
and
I
made
a
separate
proposal
specifically
about
that
about
splitting
things
off
by
topic
and
using
automation,
to
try
to
make
it
scale.
But
I'll,
be
that's
like
very
proof
of
concept
e
in
the
works
and
we'll
be
talking
about
that
in
the
next
meeting
for
the
working
group.
But
yeah
yeah
feel
free
to
reach
out.
If
you
have
any
questions.
B
A
Okay,
alexander
didn't
want
to
note
anything,
but
I
wanted
to
note
something
because
I
was
just
looking
on
the
dashboards
in
production
when
I
was
participating
in
some
really
interesting
user
interviewing
earlier
and
noticed
some
stuff
that
was
live
on
the
dashboard
that
wasn't
the
last
time
I
like,
so
you
can
now
sort
by
detective
detected
date.
Description
and
we've
already
had
the
severity
out
there.
So
I
wanted
to
call
that
out
and
I
can
share.
You
can
always
call
this
link
and
then
the
activity
column
is
live.
A
A
And
we've
got
a
few
items
for
planning
breakdown.
One
is
a
continuation
of
last
week's
discussion
around
an
issue
that
alexander
created
as
a
product
improvement
around
our
filters,
which
I
think
alexander
might
be
a
little
bit
scarred
from
talking
to
talking
about
it
because
he's
been
working
on
this
for
a
while
now
so
alexander,
do
you
want
to
just
for
the
sake
of
getting
everyone
on
the
same
page?
Just
do
a
quick
summary
of
what
this
issue
is
requesting
or.
H
Yeah
yeah,
definitely
so,
basically
in
in
working
on
the
vendor
scanner
filter
issue.
One
thing
that
came
up
is
it
made
things
simpler
by
disabling
filters
that
would
not
produce
any
results.
H
H
Mirror
that
feature
across
all
the
existing
scanners
and
ones
going
forward.
The
this
would
require
additional
calls
to
sort
of
dynamically
figure
out
which
one
should
be
disabled
or
not
up
front,
and
this
also
brought
a
lot
of
discussion
about
the
complexity
of
this,
but
also
you
know
what
was
in
scope
so
yeah.
It
wasn't.
D
D
It
doesn't
do
anything,
but
just
if
it
disappears,
they
may
not
realize
there
is
that
field
there
and
there's
a
filter
ability
on
it
is
the
benefit
of
have
we
looked
at
the
benefits
of
it,
hiding
hiding
it
if
it
wouldn't
do
anything
versus
not
and
the
you
know
the
with
the
benefit
of
seeing
it
there
and
not
doing
anything,
but
knowing
that
it's
possible
to
do
that.
D
I
Yeah
so
the
alligator's
original
proposal,
I
think
we
just
like
kind
of
gray
out
or
it
would
be
in
like
a
disabled,
ui
state,
but
not
hidden
because,
like
hiding,
let's
say
sassed
one
day
doesn't
produce
anything.
So
we
like
remove
the
sass
filter
you're,
like
hey.
E
I
That
all
the
time,
what
the
heck,
why
isn't
it
here,
whereas
graying
it
out,
would
just
allow
the
user
to
not
be
ending
in
an
odd
path
of
no
results?
I
So
it's
still
going
to
be
there
and
also
help
generate
that
awareness.
There
are
more
scanners
available
because
guys.
I
D
G
That's
probably
the
best
of
both
worlds:
okay
could
could
we
instead
not
disable
it,
but
just
show
the
counts
instead,
because
I
see
a
situation
where
somebody
might
want
to
bookmark
a
specific
set
of
filters
that
they
can
click
on
it
and
see
if
any
pop
up
and
if
it's
disabled,
then
they
won't
be
able
to
do
that.
Bookmark.
H
That
sounds
very
cool
to
me
and
it
was
something
we
had
talked
about.
I
do
see
a
an
issue
and
actually
there's
there's.
This
is
a
similar
issue
with
disabling
them
is
say
you
there's
some
detected
but
they're
all
of
severity.
H
H
The
problem
with
that
I
see
with
disabling
is
people
are
gonna
click,
but
you
can
still
get
to
a
state
where
there's
nothing,
nothing's,
gonna
show
and
it's
through
a
combination
and
making
that
dynamic
makes
the
things
even
more
complicated
and
it's
the
same
issue
with
the
counters
is
you're
gonna,
see
like
oh
there's,
eight
detected
but
they're
all
high.
H
So
when
you
filter
on
critical
you're
still
gonna
see
detected
and
there's
still
gonna
be
eight
there,
you're
gonna
click
on
that
and
you're
gonna
see
eight
and
you'll
be
like
why
I
don't
know
and
that
both
those
are
both
complex
scenarios
but
would
be
possible
sort
of
with
either
of
these.
H
Solutions
but
yeah,
so
I
feel
like
with
with
counters
we.
It
would
have
definitely
have
to
be
dynamic
based
on
what
you
select.
Otherwise,
the
user's
gonna
get
confused
and
I
think,
with
disabling,
maybe
maybe
that
still
needs
to
be
the
dynamic.
E
I
guess
I
want
to
derail
the
conversation
to
the
direction,
we're
heading,
I'm
wondering
if
we're
trying
to
get
too
fancy
with
something.
That's,
maybe
I
I'm
worried
that
the
effort
is
going
to
be
really
big
and
the
payoff
is
going
to
be
that
somebody
clicks
a
filter
and
it's
like
whoops,
the
filter
didn't
produce
any
results
and
they're
like,
and
then
they
just
take
the
filter
off.
A
Well,
ultimately,
it's
you
know,
mats
call
whether
this
is
something
we
pursue
and
we
are
that
planning
breakdown
portion
of
our
questions
where
we're
really
just
asking
if
we
understand
the
requirement,
so
if
understanding
the
requirements
leads
us
to
or
matt
to
decide
that
this
is
something
that
you
know
may
not
have
enough
reward
based
on
the
effort.
Maybe
we
should
move
on
offense
alexander,
because
I
do
want
to
encourage
people
to
propose
product
improvements
like.
I
think
it's
really
great
that
you
know
you
created
this
and
that
we've
had
this
good
discussion
around
it.
H
Yeah,
I
thank
you.
I
I
have
no
qualms
about
this
going
nowhere.
I
just
brought
it
up
for
as
a
suggestion.
So
if
it
it
does
sound,
very
complex
and
if
it
isn't
worth
it,
then
that's
fine,
but
I'm
I'm.
D
E
I
mean
I
don't
want
to
decide
just
yet
on
it.
I
think
if
we
realize
that
this
is
going
to
be
a
very
big
effort,
then
I'm
likely
to
defer
it
to
later.
I
think
this.
This
is
a
really
nice
optimization.
E
H
I
do
not
know
I
have
not
done.
I
have
no
idea.
I
Deep
filtering
and
labels
and
not
labels,
but
deep
filtering
and
tables
are
not
like
a
like
the
competency.
We
have
here
because
it's
something
we
don't
really
manage
and
deal
with
that
much
in
the
product.
So
there
isn't
like
a
lot
of
existing
pets.
I
mean
even
the
table.
Pattern
itself
is
like
column,
column
list
item
list
item,
it's
very
rudimentary,
so
we'd
have
to
be
building
these
things
out.
A
So
I
I
don't
want
to
leave
this
on
a
mount
matt.
You
mentioned
wanting
to
know
the
effort
before
determining
if
it's
something
we're
moving
forward
with,
because
we're
ahead
of
refinement
right
now.
So
do
you
want
us
to
go
through
and
put
a
level
of
effort
or
put
some
refinement
towards
us,
and
if
so,
I
think
we
would
look
to
you
and
andy
to
clarify
some
of
these
requirement
questions
around
it.
I
just
want
to
know
what
we
should
do
with
this
issue
and
be
able
to
move
forward.
H
Also
before
you
answer,
I,
you
know
we,
I
just
want
to
say
one
thing
which
is
you
talked
about
you
know.
Maybe
the
complexity
isn't
worth
the
effort
and
I
think
that
probably
extends
to
the
the
work
that
you
and
andy
would
have
to
do
as
well.
Regarding,
like
the
complexity
and
the
work
to
like
figure
out
edge
cases
or
or
think
about
edge
cases
or
even
like
thinking
about
this
to
create
requirements,
and
so,
if
you
don't
think
it's
worth
thinking
about,
that's
also
fine.
E
E
A
A
B
A
H
Yeah-
and
I
can
I
can
give
you
a
link
james
in
the
document
later
tweet.
Thank
you.
C
C
But
assume
assume
the
design
was
complete
and,
and
we
legitimately
only
needed
a
planning
breakdown.
I
guess
I
guess
we
keep
it
on
the
stage
that
he
needs
right.
We
just
consider
the
milestone
where
it's
planned
for
whether
or
not
to
bring
to
this
meeting
yeah.
That
sounds
obvious
now
that
I
say
it.
Thank
you.
Yeah.
E
A
A
H
A
They're
really
getting
huge
they're
still
so
cute,
okay,
so
we're
gonna
move
a
feature
flag.
I
might
have
a
symbol,
another
very
similar
issue
to
create
around
a
feature
flag
that
someone
has
around
dismissals,
but
I'm
still
looking
into
that
one.
So
this
was
created
to
get
rid
of
any
of
the
code
around
the
introduction
of
the
instance
level,
security,
dashboard.
A
J
A
I
don't
think
there's
any
questions
around
research
or
solution
validation.
This
just
needs
to
be
done
and
the
final
well
not
final
question.
I
think
we've
tacked
out
a
few
other
questions
that
tiago-
and
I
would
like
to
get
information
about
at
this
point-
is
there?
Is
this
small
enough
to
complete
in
one
iteration.
A
A
I
don't
think
so,
and
documentation
we've
been
missing,
putting
documentation
labels
on
things
it
puts
us
in
a
bind
at
the
end.
I
don't
think
that
the
removal
of
this
feature
flag
would
require
any
documentation
updates.
A
A
C
I
did
so
because
there
are
no
backhand
people
who
who
actually
well,
apart
from
you
james,
who
actually
understand
what
they're
talking
about,
might
be
a
bit
of
a
meta
discussion,
but
I've
structured
in
the
epic.
What
I
think
is
a
good
approach
to
to
breaking
down
and
tackling
it
and
also
what
what
the
outcome
should
be.
So,
if
I
share
my
screen,
so
we
can
all
look
at
what
I'm
looking
at.
A
C
It
was
really
fun,
they
were,
they
were
great
examples.
It
was
a
fun
brown
bag,
so
so
what
what
that
produces
for
us
just
to
to
take
a
couple
steps
back
and
and
why
this
is
interesting-
is
to
integrate
an
analyzer.
You
need
to
change
three
spots
you
need
to
aside
from
writing
the
analyzer
itself.
You
need
the
schema
that
will
that
will
that
will
describe
what
the
analyzer
has
produced.
C
Then
you
need
to
change
the
that's
the
json
schema.
Then
you
need
to
change
the
data
database
scheme
in
preparation
for
ingesting
that
report,
that
has
that
has
been
produced
and
then,
as
a
final
step.
Probably
the
most
important
is
being
able
to
show
that
to
the
user
in
a
you
know,
easy
to
digest
and
easy
to
work
way
on
the
front
end,
and
these
are
three
separate
sort
of
groups
of
people
not
so
much
on
on
the
on
the
vulnerability
management
database
model
and
and
front
end,
because
we're
always
threatening
sites.
C
But
the
schema
is
a
separate
one.
So
james
has
done
a
proof
of
concept.
The
the
work
is
there,
it's
available
it
it.
It
works.
What
the
the
ask
to
threaten
sites
now
is
that
we're
gonna
own
this
we're
gonna,
we
it's
gonna,
be
ours
to
keep,
but
also
maintain
and
because
we're
gonna
be
maintaining
it.
C
We
we
want
to
review
it
and
make
sure
there
are
no
maintainability
issues
or
any
room
for
improvement,
and
the
general
approach
that
I
described
there
is
that
our
engineers
backhanded
front-end
review
the
mrs
that
have
been
produced
and
then
propose
whatever
needs
to
be
done
with
it.
If,
if
the
minor
changes
on
the
existing
merge
request,
that's
great,
it's
probably
the
the
smallest
easiest
of
the
probably
the
most,
I
don't
know
the
most
straightforward
way
of
doing
it,
but
I
think
it's
unlikely.
C
What
would
what
might
what
we
might
want
to
do
on
the
opposite?
End
of
that
is
take
those
changes
and
and
break
them
apart
into
into
smaller
slices
of
functionality
or
even
by
by
expertise,
front-end,
back-end
and-
and
the
report
schema
so
with
that
the
floor
is
open.
A
You
already
kind
of
addressed
my
question,
the
top
question
that
I
added
to
the
agenda
thiago,
which
was
around
how
much
of
this
is
us
integrating
the
poc
that
james
created
versus
writing
new
code,
and
I,
like
the
way
you
described
that
my
second
question
is,
I
felt
like
james's
poc
can
contain
kind
of
two
big
topics
and
I
might
be
kind
of
crazy,
but
the
way
I
reviewed
it
was
there's
the
fingerprinting
aspect
which
helps
us
identify.
You
know,
has
a
vulnerability
been
seen
or
not?
J
A
Me
to
me
that
was
sort
of
a
natural
division
and
I'm
open
to
other
ways
that
maybe
we
could
break
that
up
james.
You
know
I
don't
know
from
your
perspective.
How
much
of
does
that
make
sense?
Would
it
yeah.
B
That's
exactly
how
I
see
it
so
there's
if
you
wanted
a
totally
generic
security
report
as
like
an
end
goal,
you
need
the
dynamic
display
with
the
details,
field
or
whatever
field
it
ends
up
being
put
in
right,
and
then
you
need
a
generic
way
to
track
vulnerabilities
as
the
project
changes.
So
those
two
are
to
me
distinct
requirements
to
be
able
to
have
the
generic
security
report
and
yeah.
I
would
totally
do
them
separately.
They
are
completely
separate
yeah.
C
A
Awesome
one
final
question
for
me
is
that
I
know
one
of
the
dependent
scanners.
That's
looking
to
leverage
this
display
is
the
fuzz
testing
results
and
I
think
they've
been
somewhat
blocked
on
enhancing
the
vulnerability
detail
page
to
accommodate
for
some
of
the
very
different
results
that
they
they
show
there.
A
C
I'll
actually
comment
on
that
as
well
lindsay
I
yesterday,
I
I
I
met
with
some
people
who
do
like
secret
squirrel
work
for
the
australian
government
and
there
is
sort
of
a
niche
because
it's
air-gapped
environment
and
they
can't
talk
too
much
about
what
they're
doing.
But
what
they
did
ask
me
is
whether
we
can
do
custom
analyzers
and-
and
I
said
oh,
you
know
this
is
coming
up
and
we're
talking
about
that
right
now.
C
C
C
So
I
think
what
what
I
wanted
to
have
out
of
this
is
I
I
have
a
back
end
a
volunteer
in
the
back
end
to
to
read
through
dmr's.
I
think
I
haven't
seen
mehmed's
report
or
or
feedback,
but
he's
he's
the
one
reviewing
it
and
we
we
probably
need
someone
on
the
front
end
side
for.
C
A
Just
ask
somebody
and
savage
is
out
this
week
so
unfortunately,
and
it
could
wait
and
there's,
like
I
said,
there's
also
the
possibility
of
getting
some
eyes
from
folks
on
neil's
team
as
well,
who
have
a
lot
of
domain
knowledge
in
this
area.
F
Yeah
definitely
we
have
upcoming
projects
that
are,
I
don't
want
to
say,
being
held
back
necessarily,
but
there's
a
lot
of
considerations
in
terms
of
where
does
this
data
go
without
making
it
overly
complex
and
it's
work
that's
possibly
planned
for
136.
Even
so,
I
don't
know
how
fast
we're
going
to
move
here,
but
yeah
definitely
want
to
be
involved.
A
So
maybe
we
can
have
one
person
from
the
thread:
insights
group,
I'm
I'm
looking
daniel
or
alexander
volunteer,
and
also
somebody
from
neil's
team
to
take
a
look
at
the
front
end
line
here.
Does
that
seem?
Okay.
H
Yeah,
I
can
do
it,
I
can
take
a
look
and
then
I
will
what's
do
you
know
what
matt's
report
like?
Is
he
going
there
like?
I
guess
quick
put
comments
in
the
this
issue.
Then.