Merge pull request panther-labs#1432 from panther-labs/develop

Release 3.68.0
bcpenta · Nov 14, 2024 · 886e068 · 886e068
2 parents a871308 + 2920b0a
commit 886e068
Show file tree

Hide file tree

Showing 135 changed files with 5,545 additions and 837 deletions.
diff --git a/.github/workflows/check-deprecated.yml b/.github/workflows/check-deprecated.yml
@@ -21,14 +21,14 @@ jobs:
             github.com:443
             pypi.org:443
       - name: Checkout panther-analysis
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
 
       - name: Fetch Release
         run: |
           git fetch --depth=1 origin develop
 
       - name: Set python version
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #v5.3.0
         with:
           python-version: "3.11"
 

diff --git a/.github/workflows/check-mitre.yml b/.github/workflows/check-mitre.yml
@@ -19,10 +19,10 @@ jobs:
             github.com:443
             pypi.org:443
       - name: Checkout panther-analysis
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
 
       - name: Set python version
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #v5.3.0
         with:
           python-version: "3.11"
 

diff --git a/.github/workflows/check-packs.yml b/.github/workflows/check-packs.yml
@@ -25,28 +25,30 @@ jobs:
             pypi.org:443
 
       - name: Checkout panther-analysis
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
 
       - name: Set python version
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #v5.3.0
         with:
           python-version: "3.11"
 
       - name: Install panther_analysis_tool
         run: pip install panther_analysis_tool
 
       - name: Check packs
-        continue-on-error: true
         id: check-packs
         run: |
+          # Get the output for the PR comment body
           panther_analysis_tool check-packs 2> errors.txt || true
+          echo ::set-output name=errors::`cat errors.txt`
 
-          # run again to get exit code
-          panther_analysis_tool check-packs || echo "errors=`cat errors.txt`" >> $GITHUB_OUTPUT
+      - name: Check packs (Exit Code)
+        run: |
+          exit $(panther_analysis_tool check-packs)
 
       - name: Comment PR
-        uses: thollander/actions-comment-pull-request@e2c37e53a7d2227b61585343765f73a9ca57eda9
-        if: ${{ steps.check-packs.outputs.errors }}
+        uses: thollander/actions-comment-pull-request@v3
+        if: failure()
         with:
           mode: upsert
           message: |
@@ -56,15 +58,10 @@ jobs:
             ${{ steps.check-packs.outputs.errors }}
             ```
           comment-tag: check-packs
+
       - name: Delete comment
-        uses: thollander/actions-comment-pull-request@e2c37e53a7d2227b61585343765f73a9ca57eda9
-        if: ${{ !steps.check-packs.outputs.errors }}
+        uses: thollander/actions-comment-pull-request@v3
+        if: success()
         with:
           mode: delete
-          message: |
-            :scream:
-            looks like some things could be wrong with the packs
-            ```diff
-            ${{ steps.check-packs.outputs.errors }}
-            ```
           comment-tag: check-packs
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -27,7 +27,7 @@ jobs:
             registry-1.docker.io:443
             www.python.org:443
       - name: Checkout panther-analysis
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
       - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf #v3.2.0
       - name: Set up Docker Buildx
         id: buildx

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -19,10 +19,10 @@ jobs:
             github.com:443
             pypi.org:443
       - name: Checkout panther-analysis
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
 
       - name: Set python version
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #v5.3.0
         with:
           python-version: "3.11"
 

diff --git a/.github/workflows/pre-release-upload.yml b/.github/workflows/pre-release-upload.yml
@@ -0,0 +1,43 @@
+on:
+  pull_request_review:
+    types: [submitted]
+
+permissions:
+  contents: read
+
+jobs:
+  upload:
+    if: github.head_ref == 'main'
+    name: Pre-Release Upload to GA
+    runs-on: ubuntu-latest
+    env:
+      API_HOST: ${{ secrets.GA_API_HOST }}
+      API_TOKEN: ${{ secrets.GA_API_TOKEN }}
+    steps:
+      - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
+
+      - name: Validate Secrets
+        if: ${{ env.GA_API_HOST == '' || env.GA_API_TOKEN == '' }}
+        run: |
+          echo "API_HOST or API_TOKEN not set"
+          exit 0
+
+      - name: Checkout panther-analysis
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+
+      - name: Set python version
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #v5.3.0
+        with:
+          python-version: "3.11"
+
+      - name: Install pipenv
+        run: pip install pipenv
+
+      - name: Setup venv
+        run: make venv
+
+      - name: upload
+        run: |
+          pipenv run panther_analysis_tool upload --api-host ${{ env.GA_API_HOST }} --api-token ${{ env.GA_API_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -18,7 +18,7 @@ jobs:
       - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
         with:
           egress-policy: audit
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
         with:
           fetch-depth: 0
           token: ${{ env.GITHUB_TOKEN }}
@@ -29,7 +29,7 @@ jobs:
           aws-region: ${{ secrets.AWS_REGION }}
           role-session-name: panther-analysis-release
       - name: Install Python
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #v5.3.0
         with:
           python-version: "3.11"
       - name: Create new panther-analysis release

diff --git a/.github/workflows/sync-from-upstream.yml b/.github/workflows/sync-from-upstream.yml
@@ -37,7 +37,7 @@ jobs:
           branch: "sync_upstream_${{steps.set_upstream.outputs.latest-release}}"
       # Checkout this repo into the branch
       - name: Checkout your local repo in PR branch
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
         with:
           ref: "sync_upstream_${{steps.set_upstream.outputs.latest-release}}"
           token: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -6,6 +6,35 @@ permissions:
 
 jobs:
   test:
+    if: github.event.pull_request.head.repo.fork == true
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          disable-sudo: true
+          egress-policy: audit
+
+      - name: Checkout panther-analysis
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+
+      - name: Set python version
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #v5.3.0
+        with:
+          python-version: "3.11"
+
+      - name: Install pipenv
+        run: pip install pipenv
+
+      - name: Setup venv
+        run: make venv
+
+      - name: test
+        run: |
+          pipenv run panther_analysis_tool test --show-failures-only
+
+  test-authenticated:
+    if: github.event.pull_request.head.repo.fork == false
     name: Test
     runs-on: ubuntu-latest
     env:
@@ -24,10 +53,10 @@ jobs:
           exit 0
           
       - name: Checkout panther-analysis
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
 
       - name: Set python version
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #v5.3.0
         with:
           python-version: "3.11"
 

diff --git a/.github/workflows/upload.yml b/.github/workflows/upload.yml
@@ -25,10 +25,10 @@ jobs:
           exit 0
 
       - name: Checkout panther-analysis
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
 
       - name: Set python version
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #v5.3.0
         with:
           python-version: "3.11"
 

diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
@@ -7,7 +7,7 @@ permissions:
 
 jobs:
   validate:
-    if: github.event.review.state == 'approved'
+    if: github.event.review.state == 'approved' && github.event.pull_request.head.repo.fork == false
     name: Validate
     runs-on: ubuntu-latest
     env:
@@ -24,10 +24,10 @@ jobs:
           exit 0
 
       - name: Checkout panther-analysis
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
 
       - name: Set python version
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #v5.3.0
         with:
           python-version: "3.11"
 

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,6 +1,6 @@
 # Contributing to `panther-analysis`
 
-Thank you for your interest in contributing to Panther's open-source ruleset!  We appreciate all types of contributions, including new detection rules, feature requests, and bug reports.
+Thank you for your interest in contributing to Panther's open-source ruleset! We appreciate all types of contributions, including new detection rules, feature requests, and bug reports.
 
 ## What makes a good detection?
 
@@ -19,18 +19,18 @@ Before submitting your pull request, make sure to:
 - Write or update relevant unit tests
 - Redact any sensitive information or PII from example logs
 - Format, lint, and test your changes to ensure CI tests pass, using the following commands:
-    ```bash
-    make fmt
-    make lint
-    make test
-    ```
+  ```bash
+  make fmt
+  make lint
+  make test
+  ```
 
 ## Pull Request process
 
 1. Make desired detection changes. This may include creating new detections in existing log type directories, creating new log type directories, updating existing detections, etc
 2. Commit both the Python and Metadata files
 3. Write a clear commit message
-4. Open a [Pull Request](https://github.com/panther-labs/panther-analysis/pulls).
+4. Open a [Pull Request](https://github.com/panther-labs/panther-analysis/pulls) against the `develop` branch.
 5. Once your PR has been approved by code owners, if you have merge permissions, merge it. If you do not have merge permissions, leave a comment requesting a code owner merge it for you
 
 ## Code of Conduct
@@ -42,4 +42,5 @@ in all of your interactions with this project.
 
 If you need assistance at any point, feel free to open a support ticket, or reach out to us on [Panther Community Slack](https://pnthr.io/community).
 
-Thank you again for your contributions, and we look forward to working together!
+Thank you again for your contributions, and we look forward to working together!
+
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-dirs := $(shell ls | egrep 'policies|rules|helpers|models|templates|queries' | xargs)
+dirs := $(shell ls | egrep 'policies|rules|global_helpers|models|templates|queries' | xargs)
 UNAME := $(shell uname)
 TEST_ARGS :=
 

diff --git a/Pipfile b/Pipfile
@@ -21,6 +21,7 @@ policyuniverse = "==1.5.1.20230817"
 requests = "==2.31.0"
 panther-analysis-tool = "~=0.54.0"
 panther-detection-helpers = "==0.4.0"
+pycountry = "==24.6.1"
 
 [requires]
 python_version = "3.11"