Discussion meeting 23-04-2024

[madelondohmen]

• Define systems #2034
  Actions: Further develop example/survey. Contact Stakeholders

• Generating multiple reports at once #2874
  Reference should go other way, from aggegreate to underlying report, instead of an aggregated_by on underlying report. Idea: add flag to reflect whether something is a partial or final product. Need to discuss with whether this is feasible.

• Advanced Octopoes queries #1292
  We have to think about what will/won't work with oa switch to XTDB2 and accelerate Octopoes v2.

• First official release of OpenKAT Ansible installation playbook. #1789
  We have to discuss this with Foobar. It's better to put it in our own git repo so it is easy to publish on ansible galaxy.

• Investigate scheduler replication strategy for kubernetes #2665
  Redundancy not important as long as recovery functionality is available.
  Testing with 500 organizations.
  Not yet known what happens if you throw in 5000 organizations.
  Docker-compose run 3 schedulers to see problems quickly.
  Further investigate if replication would be a better solution, taking into account that maybe 1 pod with 5000 orgs could work fine.
  By testing with replication in docker compose be able to figure out where problems with replication in a Kubernetes setup would be. Ideally the scheduler could run on its own in a replicated setting.

• I want to duplicate/create boefjes with custom arguments #2828
  Installation administrator determines which boefjes/normalizer are available.
  Users should not determine scan level themselves (not without an approval from and administrator) There should be a loose approval on it. This may also be done by someone with a high enough clearance level. This can also be done by a colleague. Installation administrator must be able to set what is/is not allowed on the hardware (his installation). Boefje manifests are always shared and available within an organization.

• Showing chain of custody of objects/findings #2822
  Flow of objects through OpenKAT
  More on ISO chain of custody, who added things, muted, etc.
  Every operation on OOI/release an audit trail (xtdb) with which user and when was this.
  XTDB -> add userid to actions.
  Be able to request userlog via UI.

• Appendix chapter headers title naming #2825
  We are going to come up with/check names for headers.