diff --git a/packs/asana.yml b/packs/asana.yml
index d346d0f88..a42d49849 100644
--- a/packs/asana.yml
+++ b/packs/asana.yml
@@ -13,6 +13,7 @@ PackDefinition:
     - Asana.Workspace.Require.App.Approvals.Disabled
     - Asana.Workspace.Password.Requirements.Simple
     - Asana.Workspace.Org.Export
+    - Asana.Workspace.New.Admin
     # Globals used in these detections
     - panther_asana_helpers
     - panther_base_helpers
diff --git a/packs/atlassian.yml b/packs/atlassian.yml
index 28c5c25a4..33c88dd9c 100644
--- a/packs/atlassian.yml
+++ b/packs/atlassian.yml
@@ -4,6 +4,7 @@ Description: Group of all Atlassian detections
 PackDefinition:
   IDs:
     - Atlassian.User.LoggedInAsUser
+    - Confluence.0DayIPs
     # Globals used in these detections
     - panther_base_helpers
 DisplayName: "Panther Atlassian Pack"
diff --git a/packs/box.yml b/packs/box.yml
index 2b0b593eb..6868d0e05 100644
--- a/packs/box.yml
+++ b/packs/box.yml
@@ -12,6 +12,8 @@ PackDefinition:
     - Box.Untrusted.Device
     - Box.Large.Number.Downloads
     - Box.Large.Number.Permission.Updates
+    - Box.Item.Shared.Externally
+    - Box.Event.Triggered.Externally
     # Globals used in these detections
     - panther_base_helpers
     - panther_box_helpers
diff --git a/packs/cisco_umbrella_dns.yml b/packs/cisco_umbrella_dns.yml
index 55cae731c..527f45088 100644
--- a/packs/cisco_umbrella_dns.yml
+++ b/packs/cisco_umbrella_dns.yml
@@ -4,5 +4,7 @@ Description: Group of all Cisco Umbrella detections
 PackDefinition:
   IDs:
     - CiscoUmbrella.DNS.Blocked
+    - CiscoUmbrella.DNS.FuzzyMatching
+    - CiscoUmbrella.DNS.Suspicious
     # Globals used in these detections
 DisplayName: "Panther Cisco Umbrella Pack"
diff --git a/packs/crowdstrike.yml b/packs/crowdstrike.yml
index d3e7a51ed..bc5261905 100644
--- a/packs/crowdstrike.yml
+++ b/packs/crowdstrike.yml
@@ -19,6 +19,10 @@ PackDefinition:
     - Crowdstrike.Macos.Add.Trusted.Cert
     - Crowdstrike.Macos.Plutil.Usage
     - Crowdstrike.Macos.Osascript.Administrator
+    - Crowdstrike.DNS.Request
+    - OnePassword.Login.From.CrowdStrike.Unmanaged.Device
+    - Okta.Login.From.CrowdStrike.Unmanaged.Device
+    - AWS.Authentication.From.CrowdStrike.Unmanaged.Device
     # Globals used in these detections
     - panther_base_helpers
     # Data models
diff --git a/packs/dropbox.yml b/packs/dropbox.yml
index 3ad8e3845..acd02b37a 100644
--- a/packs/dropbox.yml
+++ b/packs/dropbox.yml
@@ -9,6 +9,8 @@ PackDefinition:
     - Dropbox.Ownership.Transfer
     - Dropbox.User.Disabled.2FA
     - Dropbox.Admin.sign.in.as.Session
+    - Dropbox.Many.Deletes
+    - Dropbox.Many.Downloads
     # Globals used in these detections
     - panther_base_helpers
     - panther_config
diff --git a/packs/github.yml b/packs/github.yml
index 3349e4908..697465398 100644
--- a/packs/github.yml
+++ b/packs/github.yml
@@ -23,6 +23,7 @@ PackDefinition:
     - Github.Organization.App.Integration.Installed
     - Github.Public.Repository.Created
     - Github.Repository.Transfer
+    - GitHub.Action.Failed
     # Data model
     - Standard.Github.Audit
     # Globals
diff --git a/packs/gravitational_teleport.yml b/packs/gravitational_teleport.yml
index 4c9fb8e2b..f374677e9 100644
--- a/packs/gravitational_teleport.yml
+++ b/packs/gravitational_teleport.yml
@@ -8,6 +8,14 @@ PackDefinition:
     - Teleport.NetworkScanning
     - Teleport.ScheduledJobs
     - Teleport.SuspiciousCommands
+    - Teleport.SAMLLoginWithoutCompanyDomain
+    - Teleport.LocalUserLoginWithoutMFA
+    - Teleport.CompanyDomainLoginWithoutSAML
+    - Teleport.LongLivedCerts
+    - Teleport.LockCreated
+    - Teleport.RoleCreated
+    - Teleport.SAMLCreated
+    - Teleport.RootLogin
     # Globals used in these detections
     - panther_base_helpers
 DisplayName: "Panther Teleport Pack"
diff --git a/packs/notion.yml b/packs/notion.yml
index 4e6b28bfa..cc124db9e 100644
--- a/packs/notion.yml
+++ b/packs/notion.yml
@@ -15,6 +15,7 @@ PackDefinition:
     - Notion.Workspace.Exported
     - Notion.Workspace.SCIM.Token.Generated
     - Notion.Workspace.Public.Page.Added
+    - Notion.LoginFromBlockedIP
     # Globals used in these detections
     - panther_base_helpers
     - panther_oss_helpers
diff --git a/packs/okta.yml b/packs/okta.yml
index 603d6546b..4058b8729 100644
--- a/packs/okta.yml
+++ b/packs/okta.yml
@@ -6,7 +6,6 @@ PackDefinition:
     - Okta.AdminRoleAssigned
     - Okta.APIKeyCreated
     - Okta.APIKeyRevoked
-    # - Okta.GeographicallyImprobableAccess DEPRECATED
     - Okta.Support.Access
     - Okta.Global.MFA.Disabled
     - Okta.ThreatInsight.Security.Threat.Detected
@@ -25,6 +24,11 @@ PackDefinition:
     - Okta.Org2org.Creation.Modification
     - Okta.Password.Extraction.via.SCIM
     - Okta.Phishing.Attempt.Blocked.FastPass
+    - Okta.User.MFA.Reset.Single
+    - Okta.PasswordAccess
+    - Okta.Login.From.CrowdStrike.Unmanaged.Device
+    - Okta.PotentiallyStolenSession
+    - Okta.Support.Reset
     # Globals used in these detections
     - panther_base_helpers
     - panther_oss_helpers
diff --git a/packs/onepassword.yml b/packs/onepassword.yml
index f4b418a9d..c12dc8882 100644
--- a/packs/onepassword.yml
+++ b/packs/onepassword.yml
@@ -8,6 +8,9 @@ PackDefinition:
     - Standard.OnePassword.SignInAttempt
     # 1Password Specific Rules
     - OnePassword.Unusual.Client
+    - OnePassword.Lut.Sensitive.Item
+    - OnePassword.Sensitive.Item
+    - OnePassword.Login.From.CrowdStrike.Unmanaged.Device
     # Supporting Global Helpers
     - panther_base_helpers
     - panther_event_type_helpers
diff --git a/packs/osquery.yml b/packs/osquery.yml
index 41a8ad3e4..0c727de74 100644
--- a/packs/osquery.yml
+++ b/packs/osquery.yml
@@ -14,6 +14,7 @@ PackDefinition:
     - Osquery.UnsupportedMacOS
     - Osquery.SSHListener
     - Osquery.SuspiciousCron
+    - Osquery.Linux.LoginFromNonOffice
     # Globals used in these detections
     - panther_base_helpers
 DisplayName: "Panther OSQuery Pack"
diff --git a/packs/panther.yml b/packs/panther.yml
index 1d5ffabc4..0262e5b0c 100644
--- a/packs/panther.yml
+++ b/packs/panther.yml
@@ -7,6 +7,10 @@ PackDefinition:
     - Panther.SAML.Modified
     - Panther.Sensitive.Role
     - Panther.User.Modified
+    - IOC.SunburstFQDNIOCs
+    - IOC.SunburstSHA256IOCs
+    - Confluence.0DayIPs
+    - IOC.Log4jExploit
     # Data Model
     - Standard.Panther.Audit
     # Helpers
diff --git a/packs/tines.yml b/packs/tines.yml
index 08a815560..5a9e45e0e 100644
--- a/packs/tines.yml
+++ b/packs/tines.yml
@@ -12,6 +12,7 @@ PackDefinition:
     - Tines.Story.Jobs.Clearance
     - Tines.Team.Destruction
     - Tines.Tenant.AuthToken
+    - Tines.Actions.DisabledChanges
     # Globals
     - global_filter_tines
     - panther_base_helpers