Arya Bahnken
Arya Bahnken
From Jeff: >we should probably also have pgNetDetective look at `Q` packets in case the bandwidth is coming from tools that are not using prepared statements
As an example, have a link to https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_stealth.html within the alert body (https://bugzilla.mozilla.org/show_bug.cgi?id=1626813#c35) since the finding type is `Stealth:IAMUser/CloudTrailLoggingDisabled`
Add support for filtering out certain alerts within the alert summary analysis in post processing. Then, filter out `amo_cloud_submission` alerts specifically.
It would be nice to be able to view metrics on how our code coverage is doing across our unit tests. If we have a tool that can support multiple...
We should write tooling to support integration tests between the cloud functions in contrib/ and the pipeline code. Some examples: * Test that Guardduty findings get processed through Gatekeeper, get...
Within our parsing logic, we make use of the pubsub timestamp rather than the parsed events timestamp ([`Parser.stripStackdriverEncapsulation`](https://github.com/mozilla-services/foxsec-pipeline/blob/master/src/main/java/com/mozilla/secops/parser/Parser.java#L259)). This creates problems in the case of old messages getting backfilled into...