Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tweak - Cloudflare L7 DDoS #475

Merged
merged 3 commits into from
Aug 8, 2022
Merged

Tweak - Cloudflare L7 DDoS #475

merged 3 commits into from
Aug 8, 2022

Conversation

wey-chiang
Copy link
Contributor

Background

The Cloudflare L7 DDoS is prone to false positives as it alerts on events that were blocked.

Changes

  • Tweaked the Cloudflare L7 DDoS detection to filter out blocks

Testing

  • make ci

@wey-chiang wey-chiang requested a review from nhakmiller as a code owner August 8, 2022 22:04
@wey-chiang wey-chiang requested review from a team August 8, 2022 22:04
k-bailey
k-bailey previously approved these changes Aug 8, 2022
View reviewed changes
@wey-chiang wey-chiang enabled auto-merge (squash) August 8, 2022 22:28
@wey-chiang wey-chiang disabled auto-merge August 8, 2022 22:28
@wey-chiang wey-chiang enabled auto-merge (squash) August 8, 2022 22:28
@wey-chiang wey-chiang merged commit 22541ed into master Aug 8, 2022
@wey-chiang wey-chiang deleted the weyland-fx-tweak-cloudflare-l7-ddos branch August 8, 2022 22:30
kbroughton added a commit to kbroughton/panther-analysis that referenced this pull request Aug 19, 2022
@kbroughton
Merge branch 'k8s-unauthorized-exec-into-pod' of github.com:kbroughto…
eeafd65 
…n/panther-analysis into k8s-unauthorized-exec-into-pod

* 'k8s-unauthorized-exec-into-pod' of github.com:kbroughton/panther-analysis: (21 commits)
  fix: greynoise object function call not attribute (panther-labs#479)
  Packs: Cloudflare & Slack (panther-labs#478)
  feat: bring additional alert_context to AWS rules which had none (panther-labs#472)
  feat: cyclomatic complexity linting (panther-labs#474)
  Tweak - Cloudflare L7 DDoS (panther-labs#475)
  chore: update test badge to use github actions (panther-labs#471)
  Combine GSuite High/Medium/Low Rule alerts into one (panther-labs#467)
  kbailey: remove circleCI (panther-labs#470)
  Kbroughton/make lint action (panther-labs#452)
  fix: panther specific github actions should not run on forks (panther-labs#469)
  Remove managed schemas (panther-labs#421)
  Slack Detections - User (panther-labs#464)
  Slack Detections - EKM (panther-labs#463)
  Slack Detections - App (panther-labs#462)
  Initial Commit - Slack Detections - File (panther-labs#465)
  Slack Detections - Channel (panther-labs#461)
  Slack Detections - Workspace/Org (panther-labs#460)
  Update GSuite Alerts Rules with Rule Name (panther-labs#440)
  Add example lookup table and data file (panther-labs#446)
  Slack Data Models & Alert Context Helper (panther-labs#458)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@k-bailey k-bailey k-bailey approved these changes

@nhakmiller nhakmiller Awaiting requested review from nhakmiller

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wey-chiang @k-bailey