Commit Graph

13 Commits

Author SHA1 Message Date
03c4155731 sync: auto-sync from HOWARD-HOME at 2026-04-21 18:50:48
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-21 18:50:48
2026-04-21 18:50:52 -07:00
1fd68c11da sync: auto-sync from HOWARD-HOME at 2026-04-21 15:07:39
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-04-21 15:07:39
2026-04-21 15:07:42 -07:00
71af8b1a78 sync: auto-sync from ACG-TECH03L at 2026-04-21 08:09:28
Author: Howard Enos
Machine: ACG-TECH03L
Timestamp: 2026-04-21 08:09:28
2026-04-21 08:09:38 -07:00
0a70aad0d2 sync: auto-sync from ACG-TECH03L at 2026-04-20 14:15:01
Author: Howard Enos
Machine: ACG-TECH03L
Timestamp: 2026-04-20 14:15:01
2026-04-20 14:15:07 -07:00
a7afd52c76 Remediation report: breach check john.trozzi@cascadestucson.com — mailbox clean, phishing received
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-20 11:35:18 -07:00
52e625f102 report: Cascades Tucson phishing sweep - deleted 14 phish across 7 users
Triggered by John Trozzi reporting a spoof email. Single-user check
confirmed him clean (reported, not compromised). Tenant-wide sweep
found a sustained ~1 month campaign from 4 external IPs (UA/US/DE/AT
- deltahost + ColoCrossing) plus a compromised-M365-tenant relay
vector. Deleted 14 messages (Groups A+B) per Mike's explicit
authorization. Preserved legitimate HR thread (HRPYDBRUN xlsx) and
user outbound forwards as evidence.

Recommendations in report: DMARC p=quarantine/reject for
cascadestucson.com (biggest leverage), TABL IP blocks, zoom.nl
URL block, Defender impersonation protection.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-20 09:39:22 -07:00
545496c22a sync: auto-sync from DESKTOP-0O8A1RL at 2026-04-20 08:05:31
Author: Mike Swanson
Machine: DESKTOP-0O8A1RL
Timestamp: 2026-04-20 08:05:31
2026-04-20 08:05:34 -07:00
9644851810 sync: auto-sync from ACG-TECH03L at 2026-04-19 12:50:13
Author: Howard Enos
Machine: ACG-TECH03L
Timestamp: 2026-04-19 12:50:13
2026-04-19 12:50:24 -07:00
140cc82dac sync: auto-sync from ACG-TECH03L at 2026-04-18 14:28:21
Author: Howard Enos
Machine: ACG-TECH03L
Timestamp: 2026-04-18 14:28:21
2026-04-18 14:34:04 -07:00
ed620af3fc sync: auto-sync from ACG-TECH03L at 2026-04-18 10:17:42
Author: Howard Enos
Machine: ACG-TECH03L
Timestamp: 2026-04-18 10:17:42
2026-04-18 10:17:45 -07:00
68b385d1a6 sync: auto-sync from ACG-TECH03L at 2026-04-17 11:44:31
Author: Howard Enos
Machine: ACG-TECH03L
Timestamp: 2026-04-17 11:44:31
2026-04-17 11:44:33 -07:00
1eaf32d838 sync: auto-sync from ACG-TECH03L at 2026-04-17 11:26:41
Author: Howard Enos
Machine: ACG-TECH03L
Timestamp: 2026-04-17 11:26:41
2026-04-17 11:26:46 -07:00
1c7df5018e Session log: multi-user setup, audit + gap fixes, Howard onboarding package
Two session logs:
- session-logs/2026-04-16-session.md: cross-cutting (multi-user, audit, infrastructure)
- guru-rmm session log appended: MSI installer, Len's Auto Brokerage, Uranus, migration drift

Gap fixes: GrepAI initialized + MCP server added, Ollama models pulling,
settings.json created (bypassPermissions), MCP_SERVERS.md written.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 18:56:26 -07:00