# Miscellaneous Notes from Fred ## Stuff that Fred did regularly as maintenance: ### Ensure `xdr-terraform-live` is fully applied ``` cd xdr-terraform-live git checkout master git pull # option 1: will have errors on github, sensu, and others that need special keys: terragrunt-apply-all-everywhere # option 2: may need VPN for some things OKTA_API_TOKEN=blahblahblah GITHUB_TOKEN=blahblahblah SENSU_PASSWORD=blahblahblah terragrunt-apply-all-everywhere ``` (note: you can also do this in phases, via `--envtest`, `--envprod`, and `--envcommon` flags) Review changes. Take care that you: a) Aren't undoing somebody's work in progress in test. b) know the implications of whatever you're applying Notes: * For IAM policies, things frequently switch order. This is inconsequential. I usually answer 'yes'. * The TGW module will refresh "offers" to other accounts. These are safe, but come up from time to time. Just answer yes. * For a few modules, tags will flip-flop back and forth, removing and readding tags. Unknown why. ### Check the Monitoring Dashboard Review the monitoring dashboard at https://moose-splunk.pvt.xdr.accenturefederalcyber.com/en-US/app/search/freds_monitoring_dashboard Look for signs of trouble: * Anything at 100% CPU for an extended time? * Anybody's disk filling up? * Obvious WAF false positives? * Any virus detections? * Failing backups? ### Review the Drift Reports Review the drift report regularly. * Apply states that are missing * Highstate stuff from time to time # Fred's Bookmarks Some of these might be useful: Most Often Used * [Jira Infrastructure](https://jira.xdr.accenturefederalcyber.com/secure/RapidBoard.jspa?projectKey=MSOCI&rapidView=28) * [XDR Wiki](https://github.xdr.accenturefederalcyber.com/mdr-engineering/msoc-infrastructure/wiki) * [MDR Okta](https://mdr-multipass.okta.com/) * [T&E](https://time.accenturefederal.com/) Administrative * [Managed Active Directory Groups](https://directory.accenturefederal.com/IdentityManagement/default.aspx) * [XDR Documentation](https://afs365.sharepoint.com/sites/MDR-Documentation) * [MDR Team Quad](https://afs365.sharepoint.com/:p:/r/sites/MDR-Documentation/Shared%20Documents/Status%20Meetings/Quads/XDR%20Team%20Quad%20-%20current.pptx?d=wf59e6e7b7a7a4332b9ccafae8bea13c7&csf=1&web=1&e=3YmMxW) * [XDR Team PTO Tracker](https://afs365.sharepoint.com/:x:/s/MDR-Documentation/EUe74m9l1N5In3W0sY_2RQABFjTsETeARs3nN9ocnRF7Iw?e=4%3AfEOhvo&at=9&wdLOR=cC23A811E-02A0-5845-980B-9B60BBB0F271) Jira Stuff: * [Jira CIS Exception Template](https://jira.xdr.accenturefederalcyber.com/browse/COMP-29) Splunk Dashboards: * [Decomission Servers](https://moose-splunk.pvt.xdr.accenturefederalcyber.com/en-US/app/SplunkEnterpriseSecuritySuite/ess_lookups_edit?namespace=SA-IdentityManagement&transform=simple_asset_lookup&file=assets.csv&owner=nobody) * [XDR Asset Inventory](https://moose-splunk.pvt.xdr.accenturefederalcyber.com/en-US/app/search/xdr_asset_inventory?form.filter=*) * [AWS Compliance](https://moose-splunk.pvt.xdr.accenturefederalcyber.com/en-US/app/splunk_app_aws/xdr_aws_compliance) * [Private CA Status](https://moose-splunk.pvt.xdr.accenturefederalcyber.com/en-US/app/splunk_app_aws/private_ca_status_dashboard) * [Freds Monitoring Dashboard](https://moose-splunk.pvt.xdr.accenturefederalcyber.com/en-US/app/search/freds_monitoring_dashboard) Procedures and Policies: * [XDR Contingency Planning](https://afs365.sharepoint.com/sites/MDR-Documentation/Shared%20Documents/Forms/AllItems.aspx?csf=1&e=h0G8V0&cid=bd38b203%2D7803%2D4d26%2D9889%2Dc253901f0698&FolderCTID=0x01200045349E8204507C47BFE5CD47561296AF&viewid=76d97d05%2Dab42%2D455a%2D8259%2D24b51862b35e&id=%2Fsites%2FMDR%2DDocumentation%2FShared%20Documents%2FFedRamp%2FMDR%20FedRAMP%20Documentation%2FFedRAMP%20High%2FIR%20CP%20test%20exercise%2FCP) * [Monthly Backup Verifications](https://afs365.sharepoint.com/sites/MDR-Documentation/Shared%20Documents/Forms/AllItems.aspx?csf=1&e=h0G8V0&cid=bd38b203%2D7803%2D4d26%2D9889%2Dc253901f0698&FolderCTID=0x01200045349E8204507C47BFE5CD47561296AF&viewid=76d97d05%2Dab42%2D455a%2D8259%2D24b51862b35e&id=%2Fsites%2FMDR%2DDocumentation%2FShared%20Documents%2FFedRamp%2FMDR%20FedRAMP%20Documentation%2FFedRAMP%20High%2FIR%20CP%20test%20exercise%2FCP%2FMonthly%20backup%20verification)