►
From YouTube: Defend: Threat Insights Weekly Group Discussion
Description
Weekly meeting for the Defend:Threat Insights group
A
Welcome
to
defends
weekly
threat
insights
group
conversation.
I
hope
everyone's
had
a
chance
to
take
a
look
at
the
agenda.
We've
got
a
good
amount
of
things
to
talk
about
today,
I'll
just
kick
it
off,
because
I
have
the
first
agenda
item
so
there's
and
I
see
that
andy's
here-
hi
andy
you're,
a
big
part
of
this
conversation,
so
we've
been
talking
a
lot
about
the
changes
to
the
security
dashboards
that
were
made
when
we
recreated
them
with
graphql
around
pagination.
A
So
you
know
at
the
time
we
were
moving
very
quickly.
We
ran
into
some
struggles
or
challenges
around
implementing
the
same
type
of
pagination
in
graphql,
so
we
moved
to
infinite
scroll.
Infinite
scroll
is
not
ideal
for
a
number
of
reasons.
We've
got
an
issue
in
13
1
around
pinning
the
headers
that
we
think
is
a
great
temporary
measure
to
improve
the
customer
experience.
A
But
this
issue-
that's
here
in
the
agenda,
is
the
more
long-term
issue
around
going
back
to
pagination
and
when
I
say
pagination,
I
don't
necessarily
mean
the
exact
same
pagination
we
had
before,
because
avielle
did
bring
to
our
attention
that
there
are
performance
concerns
around
pagination,
especially
with
large
lists.
A
I
do
see
that
both
the
issues
in
the
mr's
in
gitlab
are
still
using
the
same
pagination
that
we
had
on
the
security
dashboards
before
but
they're,
not
using
graphql,
so
this
ticket
needs-
and
this
is
where
I
wanted
your
guys's
feedback
especially-
is
I'm
not
sure
if
this
requires
some
kind
of
a
technical
spike
or
if
it's
just
an
inflated
sized
ticket,
because
we
know
that
there
are
challenges
with
the
technology.
I've
been
told
it's
both
a
front-end
and
back-end
issue.
A
So
I
wanted
to
see
how
this
group
wanted
to
approach
it.
Should
I
split
this
off
into
like
a
technical
investigation
issue
that
would
be
in
13.1
alongside
our
temporary
kind
of
measure.
Unless
of
matt,
you
know,
that's
the
priority
say
otherwise,
and
it
goes
into
13.2,
but
or
do
we
groom
and
size?
This
issue
that
I
have
in
the
agenda,
just
knowing
that
there
are
some
challenges
around
the
technology
that
we're
using
to
implement
this
I'll,
be
quiet
and
let
other
people
talk
now.
B
I
can
jump
in
I've.
Seen
you're
hearing
hearing
me
right,
the
microphone's
working
go
ahead.
Yes,
I
can
hear
you.
A
B
Yeah,
so
I've
seen
that
sam
he
recorded
a
video
regarding
the
graphql
pagination.
I
think
there
is
an
ongoing
bug
with
the
apollo
queries,
so
the
next
page
and
previous
page
cursors
they're
not
consistent.
So
that's
the
only
reason
why
it
was,
if
I'm
not
mistaken,
that
that
was
the
major
reason
why
we
didn't
do
the
pagination.
So
if
it's
still
ongoing,
I'm
not
sure
how
we
can
so
that
needs
investigation.
A
Exactly
and
I
tried
to
capture
that
from
the
slack
threat
in
this
issue,
so
thank
you
for
summarizing
that.
So
I'm
not.
I
wasn't
clear
on
whether
the
bug
was
something
in
our
implementation
or
in
the
library
that
we're
using
it's
in
the
library,
okay
or
if,
like
you
said,
if
it's
been
resolved,
I
mean
I
couldn't
tell
from
my
investigation.
So
if
we
can't
use
pagination,
I
have
to
imagine
that
there's
other
solutions
that
are
better
than
the
infinite
scroll
available
to
instant
graphql
and
we'd
want
to
work
with
andy
and
matt.
A
To
find
you
know
what
the
next
iteration
on
this
is,
like.
I
said
we're
going
to
be
doing
the
pinning
of
the
headers
at
the
top
of
the
dashboard,
which
will
help
for
the
time
being.
But
you
know
we
can't
move
straight
to
a.
You
have
x
number
of
results
with
y
number
of
pages
to
view
them
on,
and
these
requirements
that
I
think
andy
gave
us
yesterday
in
the
ticket
which
are
very
clear
priorities
requirements.
However,
you
want
to
define
those
of
how
we
want
this
behavior
to
function
like
what
are
the
must-haves
here.
A
C
I
mean
it's
probably
way
too
early
or
anything
to
be
throwing
ideas
out
for
that.
But
if
we
were
to
categorize
the
the
criticality
of
the
the
vulnerability
into
like
groupings
and
be
able
to
shrink
and
grow
them,
that
would
be
an
option
or
somehow
breaking
them
up
like
that.
A
D
Yes,
yeah,
and
I
mean
that
could
impact
the
aggregate
data
that
we
want
to
show
right.
You
know
340
detected
versus
850
vulnerabilities,
like
if
there's
a
ton
of
vulnerabilities
but
they're
in
different
states,
communicating
that
ton
doesn't
really
matter
as
much
as
communicating
the
state
and
severity
of
like
detected
or
confirmed
like
those
bite
size
informations
that
our
users
could
could
desire.
At
this
point,.
A
Great,
I
see
a
few
nodding
heads
there,
so
what
I'll
do
then
is
convert
this
issue
that
we're
linking
to
here
into
a
technical
spike
I'll
sign
it
up,
for
a
couple
of
folks
to
you
know,
add
a
weight
to
it
out
any
additional
information
around
what
the
goal
of
that
spike
would
be,
which
would
set
us
up
in
a
future
iteration
to
implement
something
that
everybody's
agreed
on.
C
And-
and
I
mean
my
understanding-
is
that
there's
still
a
conversation
between
linked
issues
and
ethics,
but
this
probably
would
be
a
good
candidate
for
an
epic
to
come
out
of
this.
One.
D
And
I
think
there'll
be
some
points
of
compromise
too,
because
we
can,
we
can
do
like
magic
in
the
experience
right
like
if
we're
having
trouble
navigating
users
back
to
lists.
We
can
create
a
preview
of
the
vulnerability
right
so
that
they're
actually
never
leaving
the
list
and
so
on,
like
there's,
there's
different
experiences
that
we
can
create
to
solve
for
these
known
problems,
as
opposed
to
being
very
black
and
white
like
it
has
to
be
pagination,
doesn't
necessarily
as
long
as
we
can
hit
check
off
many
of
the
one
through
three
things.
A
A
Unless
you
know
andy
or
matt,
say
that
the
priority
is
lower
than
I
believe
it
is.
A
E
B
It's
still
not
complete
by
the
way
thanks.
I
still
I'm
struggling
right.
I
was
struggling
with
another,
mr,
so
I
didn't
find
time
to
finish
the
tests,
but
I
should
be
able
I
think
tonight
I
should
be
able
to,
or
tomorrow
morning
I
should
be
able
to
push
it,
but
I
doubt
it
it's
going
to
go
out
in
this.
A
Gotcha,
this
is
not
going
to
make
it
into
13.00.
I'm
assuming
your
mrs,
are
also
to
help
the
folks
that
are
doing
the
reviews
for
them
too.
Awesome
thanks
rush,
and
then
we
have
a
big
list
of
issues
for
planning
breakdown.
You
know
we
definitely
have
a
lot
here
to
talk
about.
I
don't
know
if
we're
gonna
make
it
through
and
the
whole
call,
but
I
would
like
to
hand
it
over
well
here.
Let's
someone
else
want
to
drive
this
part
of
the
conversation.
A
A
Easiest
over
here
conveniently
the
first
couple
of
issues
are
ones
that
you've
been
looking
at.
So.
E
F
F
The
first
one
is
display
history
of
an
mr
created
from
a
remediation.
This
is
something
jonathan
and
I
have
been
working
on
being
able
to
create
an
mr
from
the
standalone
vulnerability
page
or
I
guess
we
can
just
start
calling
it
the
vulnerability
page.
This
is
similar
to
when
you
change
the
status
of
a
vulnerability.
F
It's
and
it
says
that
you
know
andrew
changed
it
whatever
an
hour
ago
and
then
links
to
the
issue
or
the
status
change.
This
will
link
to
the
mr
in
terms
of
what
we're
doing
here
again.
We
are
not
necessarily
giving
estimates,
but
just
making
sure
that
we
understand
the
requirements
so
from
a
front
perspective.
I
probably
have
the
most
knowledge
about
this
seems
straightforward
to
me.
It
seems
like
that
is
answered.
Could
someone
from
the
back
end
tell
me
if
they
have
all
the
information
they
need.
A
That's
fine,
so
not
from
a
grooming
perspective,
but
just
let's
I
mean
from
a
high
level.
If
you
haven't
looked
at
it
at
all.
I
guess
it's
the
same
thing,
but.
A
C
Yeah
and
yes,
I
mean
I
I'm
assuming
that
would
just
be
a
graphql
implementation
to
pull
that
stuff
out.
A
One
thing
that's
been
a
concern
for
me
is
test
data
for
this.
This
is
something
that
came
to
our
attention
kind
of
late,
because
it's
a
fairly
specific
use
case.
I
think
olivier
brought
this
up
to
us.
One
thing
that
I
think
you
know
myself
or
thiago
can
do
early
on
is
to
help
wrangle
test
cases
for
this.
Does
that
sound
like
a
good.
A
So
you
know
not:
every
vulnerability
has
the
auto
remediation
and
then
not.
Every
auto
remediation
has
a
download
patch
available
in
order
to
be
able
to
test
the
whole.
You
know
big
picture
here,
including
the
history.
Do
we
need?
Is
there
help
that
could
be
provided
around
giving
you
know
getting
vulnerabilities
that
would
meet
these
criterias
or
clarity
around
what
the
criterias
are
and
when
we
should
see
this
or
anything
along
those
lines.
F
No,
I
don't
think
so
anymore.
It
may
have
been
the
case
initially
when
we
started
to
create
the
button
to
create
an
mr
from
a
vulnerability,
but
now
that
that
is
merged,
and
we
have
figured
all
that
out.
We
know
that
yarn
remediation
is
the
perfect
project
to
get
a
lot
of
these
cases
also
just
for
clarity's
sake,
andy
posted
in
another
ticket,
all
the
different
use
cases,
and
he
did
not
point
out
a
situation
where
the
download
patch
would
be
available
when
the
create
mr
button
was
available.
F
So
there's
just
he
has
laid
out
all
the
use
cases
there,
but
thank
you,
okay
cool.
So
it
sounds
like
we
know
what
to
do
here.
C
F
Yeah,
which
should
make
that
ticket
a
lot
easier
because
we
know
exactly
we
it's
being
done
somewhere
else,
okay,
so
this
one
detail
view
for
third-party
scan
results,
so
this
one
similar
to
on
the
vulnerability
page
similar
to
the
information
given
from
a
scanner
like
sas
or
dast.
We
now
want
to
support
not
sas
and
death.
F
C
G
F
I
see
thank
you.
I
did
not
understand
that
one
question
I
had
about
this
is
the
open
this
one,
so
this
information
that's
being
displayed
here
is
in
a
slightly
different
format
than
what
is
currently
on
staging
or
production.
So
does
this
work
include
updating
this
details
portion
to
be
in
this?
It's
a
similar
format.
It's
just
slightly
different.
C
Not,
I
think,
that's
an
important
question
because
it
does
look
different.
We
might
need
some
updated
screenshots
to
have
them.
Take
a
look
at
what's
currently
out
there
and
if
that
actually
does
need
to
be
changed
or
what's
out,
there
is
appropriate.
D
And
this
was
created
by
another
designer
prior
to
the
final
implementation
of
first
class
vulnerabilities
that
stand
alone,
so
they
to
me
this
is
desirable
in
the
way
that
it's
created,
so
the
bolding
of
the
label.
Headers.
D
B
I
have
a
question
here
if
so
that
part,
as
far
as
I
know,
that's
not
a
view
application
is
it
it's
not,
and
we
have
an
issue
to
migrate.
This
part
to
the
view
application,
if
I'm
not
mistaking
so,
is
this
work
overlapping
with
that
issue?
Should
we
prioritize
accordingly.
A
F
Given
that
this
is
we're
like
just
talking
about
sort
of
the
details
of
what
of
this
ticket
now
daniel
has
put
up
an
mr
to
convert
this
to
a
view
application
it's
still
on
whip,
but
it
does
exist,
and
so
that
will
probably
get
merged
before
this
even
gets
started
on.
And
so
I
think
we
should
be
good.
D
Yeah,
I
see
two
things
that
are
that
might
need
to
be
addressed
here,
especially
the
suggested
solution
is
presented
differently
than
how
we're
presenting
it
today
and
then
the
issue
not
issue
line
underneath
suggested
fix
I'll
sync
up
with
the
soon
to
design
this,
because
I
think
we
want
to
keep
that
the
same
as
today.
That
would
be
a
fairly
large
change.
D
A
Great,
I'm
going
to
add
a
comment
to
the
issue:
andy
that
you're
looking
at
ensuring
that
the
screenshots
for
the
standalone
page
are
updated.
We
did
talk
about
this
last
week
as
well,
and
thiago
took
the
action
to
follow
up
on
some
assumptions
from
our
discussion.
So
if
you
want
to
pull
the
bottom
part
of
that
page
up
alexander,
you
can
see
his
his
his
work.
There.
A
So,
for
the
sake
of
planning
breakdown,
you
know:
we've
looked
at
this
issue
twice.
Now,
we've
done
a
bit
of
homework.
We
do
have
two
issues
around
this
on
our
list
today.
This
is
for
the
detail
view
we
have
another
one
for
the
list
view.
So,
looking
at
the
dashboards
going
back
to
what
our
questions
are
for
planning
breakdown,
do
we
feel
like
we
understand
the
requirements
and,
what's
being
asked.
F
D
Where
am
I
no
well,
I
I
think,
there's
some
really
good
questions
that
are
being
called
out
here
and
I
question
how
nbc
this
is
at
this
moment.
So
I
think
matt-
and
I
can
take
this
as
a
to
do.
G
G
I
think
the
objective
was
assuming
that
that
top
section
was
already
done
in
static,
and
it
was
only
going
to
be
some
variation
of
you
know,
adding
a
block
to
the
bottom.
It's
I
would
argue
it's
just
that
we
need
the
designs
to
be
brought
back
in
line
to
clear
up
any
potential
confusion
with
this
one
and
if
it
makes
sense
to
split
this
out
into
saying,
let's
just
re
excuse
me
redesign
the
top
section,
the
detail
section
of
information
that
already
exists.
G
D
And
then
we
wouldn't,
we
wouldn't
have
to
necessarily
prioritize
the
the
re
design
of
what
we're
seeing
here
over
the
addition
of
those
extra
data
fields.
G
C
I
got
you,
I
got
you
so
does
that
mean
like
some
of
the
stuff
like
code
snippet
and
the
other
part
should
also
go
in
the
other,
like
the
specif
like
it's
something
specific
to
the
scanner
should
go
in
the
other
category.
G
That's
a
really
good
question,
so
I
think
some
of
that
is
a
little
bit
more
deterministic
based
on
the
common
report
format.
Otherwise,
if
I'm
remembering
correctly
was
literally
just
a
freeform
key
value
pair,
you
can
stuff
whatever
you
want
inside
of
the
json
object
and
it's
not
something
that's
predefined
and
known.
G
So
I
believe
from
location.
There
is
a
code
snippet,
I
think,
that's
already
available.
G
Okay,
I'd
have
to
re-look
at,
but
those
are
good
questions.
I
think
we'd
want
to
make
sure
that
those
are
not
potentially
going
into
the
wrong
section.
So
I
don't
know
I
I
think,
unless
anybody
degrees,
I'm
in
favor
of
just
splitting
this
into
two
issues,
one
will
just
be
restyling
the
top
component-
or
I
guess,
just
in
general,
this
kind
of
header,
bold
label
and
then
the
other
will
be
actually
what
goes
into
those
blocks
on
the
bottom.
A
F
Well,
this
information,
first
of
all,
like
the
information
that
we
do
show
here
currently,
is
not
from
graphql.
It's
just
passed
up
from
the
rails
application,
and
so
this
wouldn't
be
a
graphql
query.
This
would
be
a
change
to
that
vulnerability.
Helper
jonathan,
that
you
touched
for
the
mr
button
right
right.
So,
yes,.
C
There
would
need
to
be
that
that
change
added
because
it
would
reside
within
the
json.
So
I
don't
think
it
would
require
a
change
to
the
graphql
schema,
but
it
would
require
a
change
to
what
gets
loaded
into
the
graphql
and
also
on
the
other.
A
So,
let's
just
reiterate
that
one
more
time
the
standalone
page
is
not
using
graphql.
The
standalone
page
is
built
with
view
and
rest
endpoint.
It's
just
the
security
dashboard,
that's
using
graphql.
So
we
will
have
the
same
discussion
on
the
next
issue
or
two
down,
probably
not
today,
where
we
look
at
the
same
support
for
third-party
scanners
in
the
dashboard.
But
the
stand-alone
view
is
like
alexander,
said:
not
using
graphql.
Yet
gotcha.
E
B
Also
in
minor
collection,
the
standalone
page,
only
the
the
header
and
the
footer
are
using
the
view
view,
and
then
the
rest
is
the
it's.
It's
hamel.
B
F
Come
on
get
over
it
all
right,
so
that
sounds
sounds
like
this
there's
a
lot
of
questions
left
so.
A
But
we're
going
to
take
this
back
into
the
next
call,
once
it's
broken
down
into
two
issues,
we'll
have
the
one
around
the
redesign
of
the
page
that
seems
very
straightforward
or
the
the
visual
changes
to
the
page
with
the
bullying
and
such
and
then
one
around
absorbing
this
third-party
data
in
an
extensible,
flexible
fashion.
F
Right
and
then
this
lindsay
there
might
be
like
I
don't
know
how
to
get
a
third-party
scanner
working
locally.
So
this
could,
I
know
who
knows
how
to
do
that.
A
G
So
there
is
an
easy
hack
for
that.
It
is
basically
you
can
just
make
your
own
json
report.
Artifacts
sam
kerr
on
the
secure
side
has
been
poking
around
with
us
and
he's
actually
he's
got
a
lot
of
the
kinks
worked
out.
So
he's
he's
faking
it
all
out,
so
you
can
add
whatever
you
need
to
inside
those
structures.
G
B
F
Yeah
we
we
should
put
in
the
comments
someone
should
put
in
the
comments
being
like
at
samker,
show
us
how
to
do
this
cool.
So
I'm.
F
F
Okay,
so
it's
like
a
related,
it's
a
related
issue,
so
at
the
top,
the
button's-
not
here
right
now,
but
there's
the
status
here
and
if
an
issue
hadn't
been
linked
to
the
vulnerability
already.
There
would
be
a
create
issue
button
right
here
and
you
click
on
that
and
link
it
to
here
and
then
similar
to
the
first
issue.
F
There
would
be
a
little
history
right
here
to
be
like
alexander,
created
an
issue
from
this
vulnerability
and
there's
a
link
there
and
so
they're
saying
if
an
issue
was
created
independently
of
that
button,
how
would
we
link
it
to
the
vulnerability?
Oh
here's,
the
create
issue
button.
I
just
noticed
okay,
so
they
want
to
move
the
button
down
from
up
here
to
down
here
and
then
also
use
an
add
issue
button.
D
Yes
and
then
thinking
about
our
remediation
too,
we
would
want
to
maintain
that
features
location
in
the
top.
So
for
here
we're
just
going
to
allow
for
the
same
feature
of
like
creating
an
issue
from,
and
it's
automatically
linked
to,
as
well
as
adding
an
external
issue.
F
D
So
I'd
have
to
I'm
going
to
check
in
on
that,
because
I
know
there
are
components
that
allow
for
the
smaller
mr
button,
but
I
don't
know
if
that's
the
right
place
to
do
it
since
now.
It's
this
section
of
related
issues
is
talking
about
issues
specific,
so
putting
like
automediate
merge
requests
would
feel.
G
You're.
Just
going
straight
to
it's
saying,
there's
a
patch
available.
We've
identified
it
and
it'll
just
pull
in
an
mr
for
that
patch,
so
yeah.
I
think
that's
kind
of
why
we
want
to
keep
the
issue
portion
separate
from
that
auto
remediate.
Since
it's
it's
a
different
of
difference
of
what
you're
creating.
F
Oh
with
a
little
x
here-
okay-
well
we're
at
time,
so
I
guess
we
should
all
just
think
about
that
until
next
time
I
will.
F
A
I'll
share
this
recording
and
update
the
tickets
accordingly.
Thank
you
for
your
time.
Everyone
thanks
alexander
for
hosting.