Releases: panther-labs/panther-analysis
Releases · panther-labs/panther-analysis
v3.35.0
Contributors
egibs
Assets 4
v3.33.0
What's Changed
🏡 Miscellaneous
- [sync] Address CVEs; move to Wolfi-based Dockerfile (#45) by @egibs in #1066
- [sync] Revert changes to aws_ami_modified_for_public_access.py/.yml (#48) by @egibs in #1067
- [sync] Add Azure.MonitorActivity to ip selectors for LUTs (#50) by @egibs in #1068
- [sync] Reintroduce netskope_admin_user_change rule with fixed severity function by @egibs in #1069
- [sync] Update PAT to 0.36.0 (#51) by @egibs in #1070
Full Changelog: v3.32.0...v3.33.0
Contributors
egibs
Assets 4
v3.32.0
What's Changed
🏡 Miscellaneous
- Sync changes from staging repository by @egibs in #1043
- Update how tests are run in test.yml by @egibs in #1053
- new and improved Notion rules for demo by @arielkr256 in #1039
- Updated packs by @melenevskyi in #1038
- adding example inline filter syntax to the rule template by @nkulig in #1044
- [sync] Update rules' references (aws_cloudtrail) (#5) by @egibs in #1056
- [sync] Update rules' references (onepassword) (#6) by @egibs in #1057
- [sync] Update rules' references (onelogin) (#7) by @egibs in #1058
- [sync] Update rules' references (okta) (#8) by @egibs in #1059
- [sync] Update rules' references (gsuite_reports) (#9) by @egibs in #1060
- [sync] Update rules' references (box) (#10) by @egibs in #1061
- [sync] Update rules' references (gsuite_activityevent) (#12) by @egibs in #1062
- [sync] Update rules' references (slack) (#11) by @egibs in #1063
- [sync] updated severity, system user returns info (#38) by @egibs in #1064
- Aws system location hb by @hbenac10 in #624
- build(deps): bump jinja2 from 3.1.2 to 3.1.3 by @dependabot in #1055
- build(deps-dev): bump gitpython from 3.1.40 to 3.1.41 by @dependabot in #1054
Full Changelog: v3.31.0...v3.32.0
Contributors
melenevskyi, egibs, and 4 other contributors
Assets 4
v3.31.0
Contributors
egibs
Assets 4
v3.27.0
What's Changed
🏡 Miscellaneous
- Update GitHub Data Model to display admin-add events instead of UNKNOWN_ROLE by @egibs in #979
- Allow for auto-formatting on save when using VSCode by @egibs in #981
- updated GCP pack with some missing rules by @arielkr256 in #982
- Add linting config to example_settings.json by @egibs in #984
- Update kubernetes_pod_create_or_modify_host_path_vol_mount_query.yml by @dotbeseck in #983
- Add a config system for Panther detections by @jof in #950
- Update Teleport Rules by @jof in #955
- gsuite pack refresh by @arielkr256 in #987
- Moved URL from Description to Reference (microsoft_rules) by @akozlovets098 in #986
- Moved URL from Description to Reference (okta_rules) by @akozlovets098 in #985
- build(deps-dev): bump cryptography from 41.0.5 to 41.0.6 by @dependabot in #980
- Update PAT to 0.34.0 by @egibs in #989
New Contributors
- @akozlovets098 made their first contribution in #986
Full Changelog: v3.26.0...v3.27.0
Contributors
jof, egibs, and 4 other contributors
Assets 4
v3.26.0
What's Changed
🏡 Miscellaneous
- Add threat research team to CODEOWNERS by @egibs in #963
- Update standard_ruleset.yml to include Notion Data Model by @LCMeed in #961
- Update github_secret_scanning_alert_created rule/tests by @egibs in #962
- Snowflake Kubernetes Inital Detection Drop by @sfc-gh-kderevyanik in #965
- Enable Dependabot for GitHub actions by @wadells in #968
- build(deps): bump actions/checkout from 3 to 4 by @dependabot in #969
- build(deps): bump peterjgrainger/action-create-branch from 2.3.0 to 2.4.0 by @dependabot in #970
- build(deps): bump actions/github-script from 6 to 7 by @dependabot in #971
- Teleport: Update Rules by @jof in #966
- Carbonblack passthrough rule by @arielkr256 in #967
- Add rule to detect AWSCompromisedKeyQuarantineV2 policy attachments by @egibs in #964
- k8s pack by @arielkr256 in #974
- Renamed default rule to avoid by @arielkr256 in #975
- k8s queries disabled by default by @arielkr256 in #976
- Update CRYPTO_MINING_DOMAINS IOCs; add two additional tests by @egibs in #973
- Checkout repository with GITHUB_TOKEN by @egibs in #977
- Add rule to alert on known cryptomining ports in VPC flow logs by @egibs in #972
- Revert "Add rule to alert on known cryptomining ports in VPC flow logs" by @egibs in #978
New Contributors
- @sfc-gh-kderevyanik made their first contribution in #965
- @jof made their first contribution in #966
Full Changelog: v3.25.0...v3.26.0
Contributors
jof, wadells, and 5 other contributors
Assets 4
v3.25.0
What's Changed
🏡 Miscellaneous
- Update release Workflow by @egibs in #946
- Fix zeek mappings for greynoise riot basic lut by @rleighton in #945
- Update License in README by @le4ker in #948
- added dynamic severity function and MITRE tags by @arielkr256 in #947
- Add EXCLUDED_BUCKET_NAMES set for aws_cloudtrail_s3_bucket_public.py policy by @egibs in #951
- Adds a check for messages in the response by @grantjoy in #944
- fix selector syntax by @nskobov in #952
- remove deprecated azure.signin related detections by @nskobov in #953
- Add GCP SSO persistence rules by @egibs in #954
- Carbonblack audit rules, part 1 by @arielkr256 in #956
- Update PAT to 0.33.0 by @egibs in #957
- Update release Workflow with GITHUB_TOKEN env var by @egibs in #958
- Update gh release create command by @egibs in #959
- Use --generate-notes for release creation by @egibs in #960
Full Changelog: v3.24.0...v3.25.0
Contributors
le4ker, grantjoy, and 4 other contributors
Assets 4
v3.24.0
What's Changed
🏡 Miscellaneous
- adding optional TEST_ARGS to the test targets by @rootshellz in #935
- added MITRE ATT&CK tags to all Slack rules by @arielkr256 in #933
- Set git_config_pull_rebase: true for fork sync step by @egibs in #936
- Auto deploy on Wednesday mornings by @grantjoy in #934
- Updating panther_user_modified to use default severity by @stedrow in #938
- bump
shallow_sincefrom 1 month to 5 years to look back to the beginning of git history by @grantjoy in #937 - fix path to CODEOWNERS by @grantjoy in #940
- Add Workflow to automate panther-analysis releases by @egibs in #939
- removing
shallow_sinceby @grantjoy in #941 - Add Pull config by @egibs in #942
- Creating common ancestor commit by @egibs in #943
New Contributors
- @rootshellz made their first contribution in #935
- @stedrow made their first contribution in #938
Full Changelog: v3.22.0...v3.24.0
Contributors
rootshellz, grantjoy, and 3 other contributors
Assets 4
v3.22.0
What's Changed
🏡 Miscellaneous
- gcp_k8s_rules: fix logic matching irrelevant events by @cheahjs in #928
- Always use the "our" CODEOWNERS by @grantjoy in #927
- ID to Name path change zendesk_data_model.yml by @JPhenglavong in #929
- AWS CloudTrail Password Discovery detection by @natezpanther in #628
- Fix the Zeek selectors in luts by @rleighton in #930
- updated title to use profileId if no email by @arielkr256 in #931
- Update aws_unauthorized_api_call dedup function by @egibs in #932
New Contributors
- @cheahjs made their first contribution in #928
- @JPhenglavong made their first contribution in #929
Full Changelog: v3.21.0...v3.22.0
Contributors
cheahjs, grantjoy, and 5 other contributors
Assets 4
v3.21.0
What's Changed
🏡 Miscellaneous
- kbailey: rule for phished okta session by @k-bailey in #500
- build(deps): bump requests from 2.28.1 to 2.31.0 by @dependabot in #923
- build(deps): bump urllib3 from 1.26.12 to 1.26.18 by @dependabot in #922
- Move from AGPL to Apache Software License by @egibs in #924
- Update sync-from-upstream.yml GH action from 'master' to 'main' by @AndrewMohawk in #925
- Remove PAT clone from lint-test Workflow by @egibs in #926
New Contributors
- @AndrewMohawk made their first contribution in #925
Full Changelog: v3.20.0...v3.21.0
Contributors
AndrewMohawk, k-bailey, and 2 other contributors