infrastructure-notes/Freds Braindump.md

Miscellaneous Notes from Fred

Stuff that Fred did regularly as maintenance:

Ensure xdr-terraform-live is fully applied

cd xdr-terraform-live
git checkout master
git pull
# option 1: will have errors on github, sensu, and others that need special keys:
terragrunt-apply-all-everywhere
# option 2: may need VPN for some things
OKTA_API_TOKEN=blahblahblah GITHUB_TOKEN=blahblahblah SENSU_PASSWORD=blahblahblah terragrunt-apply-all-everywhere

(note: you can also do this in phases, via --envtest, --envprod, and --envcommon flags)

Review changes. Take care that you: a) Aren't undoing somebody's work in progress in test. b) know the implications of whatever you're applying

Notes:

• For IAM policies, things frequently switch order. This is inconsequential. I usually answer 'yes'.
• The TGW module will refresh "offers" to other accounts. These are safe, but come up from time to time. Just answer yes.
• For a few modules, tags will flip-flop back and forth, removing and readding tags. Unknown why.

Check the Monitoring Dashboard

Review the monitoring dashboard at https://moose-splunk.pvt.xdr.accenturefederalcyber.com/en-US/app/search/freds_monitoring_dashboard

Look for signs of trouble:

• Anything at 100% CPU for an extended time?
• Anybody's disk filling up?
• Obvious WAF false positives?
• Any virus detections?
• Failing backups?

Review the Drift Reports

Review the drift report regularly.

• Apply states that are missing
• Highstate stuff from time to time

Fred's Bookmarks

Some of these might be useful:

Most Often Used

• Jira Infrastructure
• XDR Wiki
• MDR Okta
• T&E

Administrative

• Managed Active Directory Groups
• XDR Documentation
• MDR Team Quad
• XDR Team PTO Tracker

Jira Stuff:

• Jira CIS Exception Template

Splunk Dashboards:

• Decomission Servers
• XDR Asset Inventory
• AWS Compliance
• Private CA Status
• Freds Monitoring Dashboard

Procedures and Policies:

• XDR Contingency Planning
• Monthly Backup Verifications