2 vuotta sitten · c0f6417b65
--- a/Braindump.md
+++ b/Braindump.md
@@ -0,0 +1,75 @@
 
				+# Miscellaneous Notes from Fred
			
 
				+
			
 
				+## Stuff that Fred did regularly as maintenance:
			
 
				+
			
 
				+### Ensure `xdr-terraform-live` is fully applied
			
 
				+
			
 
				+```
			
 
				+cd xdr-terraform-live
			
 
				+git checkout master
			
 
				+git pull
			
 
				+# option 1: will have errors on github, sensu, and others that need special keys:
			
 
				+terragrunt-apply-all-everywhere
			
 
				+# option 2: may need VPN for some things
			
 
				+OKTA_API_TOKEN=blahblahblah GITHUB_TOKEN=blahblahblah SENSU_PASSWORD=blahblahblah terragrunt-apply-all-everywhere
			
 
				+```
			
 
				+
			
 
				+(note: you can also do this in phases, via `--envtest`, `--envprod`, and `--envcommon` flags)
			
 
				+
			
 
				+Review changes. Take care that you:
			
 
				+  a) Aren't undoing somebody's work in progress in test.
			
 
				+  b) know the implications of whatever you're applying
			
 
				+
			
 
				+Notes:
			
 
				+* For IAM policies, things frequently switch order. This is inconsequential. I usually answer 'yes'.
			
 
				+* The TGW module will refresh "offers" to other accounts. These are safe, but come up from time to time. Just answer yes.
			
 
				+* For a few modules, tags will flip-flop back and forth, removing and readding tags. Unknown why.
			
 
				+
			
 
				+### Check the Monitoring Dashboard
			
 
				+
			
 
				+Review the monitoring dashboard at https://moose-splunk.pvt.xdr.accenturefederalcyber.com/en-US/app/search/freds_monitoring_dashboard
			
 
				+
			
 
				+Look for signs of trouble:
			
 
				+* Anything at 100% CPU for an extended time?
			
 
				+* Anybody's disk filling up?
			
 
				+* Obvious WAF false positives?
			
 
				+* Any virus detections?
			
 
				+* Failing backups?
			
 
				+
			
 
				+### Review the Drift Reports
			
 
				+
			
 
				+Review the drift report regularly.
			
 
				+
			
 
				+* Apply states that are missing
			
 
				+* Highstate stuff from time to time
			
 
				+
			
 
				+
			
 
				+# Fred's Bookmarks
			
 
				+
			
 
				+Some of these might be useful:
			
 
				+
			
 
				+Most Often Used
			
 
				+* [Jira Infrastructure](https://jira.xdr.accenturefederalcyber.com/secure/RapidBoard.jspa?projectKey=MSOCI&rapidView=28)
			
 
				+* [XDR Wiki](https://github.xdr.accenturefederalcyber.com/mdr-engineering/msoc-infrastructure/wiki)
			
 
				+* [MDR Okta](https://mdr-multipass.okta.com/)
			
 
				+* [T&E](https://time.accenturefederal.com/)
			
 
				+
			
 
				+Administrative
			
 
				+* [Managed Active Directory Groups](https://directory.accenturefederal.com/IdentityManagement/default.aspx)
			
 
				+* [XDR Documentation](https://afs365.sharepoint.com/sites/MDR-Documentation)
			
 
				+* [MDR Team Quad](https://afs365.sharepoint.com/:p:/r/sites/MDR-Documentation/Shared%20Documents/Status%20Meetings/Quads/XDR%20Team%20Quad%20-%20current.pptx?d=wf59e6e7b7a7a4332b9ccafae8bea13c7&csf=1&web=1&e=3YmMxW)
			
 
				+* [XDR Team PTO Tracker](https://afs365.sharepoint.com/:x:/s/MDR-Documentation/EUe74m9l1N5In3W0sY_2RQABFjTsETeARs3nN9ocnRF7Iw?e=4%3AfEOhvo&at=9&wdLOR=cC23A811E-02A0-5845-980B-9B60BBB0F271)
			
 
				+
			
 
				+Jira Stuff:
			
 
				+* [Jira CIS Exception Template](https://jira.xdr.accenturefederalcyber.com/browse/COMP-29)
			
 
				+
			
 
				+Splunk Dashboards:
			
 
				+* [Decomission Servers](https://moose-splunk.pvt.xdr.accenturefederalcyber.com/en-US/app/SplunkEnterpriseSecuritySuite/ess_lookups_edit?namespace=SA-IdentityManagement&transform=simple_asset_lookup&file=assets.csv&owner=nobody)
			
 
				+* [XDR Asset Inventory](https://moose-splunk.pvt.xdr.accenturefederalcyber.com/en-US/app/search/xdr_asset_inventory?form.filter=*)
			
 
				+* [AWS Compliance](https://moose-splunk.pvt.xdr.accenturefederalcyber.com/en-US/app/splunk_app_aws/xdr_aws_compliance)
			
 
				+* [Private CA Status](https://moose-splunk.pvt.xdr.accenturefederalcyber.com/en-US/app/splunk_app_aws/private_ca_status_dashboard)
			
 
				+* [Freds Monitoring Dashboard](https://moose-splunk.pvt.xdr.accenturefederalcyber.com/en-US/app/search/freds_monitoring_dashboard)
			
 
				+
			
 
				+Procedures and Policies:
			
 
				+* [XDR Contingency Planning](https://afs365.sharepoint.com/sites/MDR-Documentation/Shared%20Documents/Forms/AllItems.aspx?csf=1&e=h0G8V0&cid=bd38b203%2D7803%2D4d26%2D9889%2Dc253901f0698&FolderCTID=0x01200045349E8204507C47BFE5CD47561296AF&viewid=76d97d05%2Dab42%2D455a%2D8259%2D24b51862b35e&id=%2Fsites%2FMDR%2DDocumentation%2FShared%20Documents%2FFedRamp%2FMDR%20FedRAMP%20Documentation%2FFedRAMP%20High%2FIR%20CP%20test%20exercise%2FCP)
			
 
				+* [Monthly Backup Verifications](https://afs365.sharepoint.com/sites/MDR-Documentation/Shared%20Documents/Forms/AllItems.aspx?csf=1&e=h0G8V0&cid=bd38b203%2D7803%2D4d26%2D9889%2Dc253901f0698&FolderCTID=0x01200045349E8204507C47BFE5CD47561296AF&viewid=76d97d05%2Dab42%2D455a%2D8259%2D24b51862b35e&id=%2Fsites%2FMDR%2DDocumentation%2FShared%20Documents%2FFedRamp%2FMDR%20FedRAMP%20Documentation%2FFedRAMP%20High%2FIR%20CP%20test%20exercise%2FCP%2FMonthly%20backup%20verification)