From d737f4f70982088320d6bd0776d6c21c6decf493 Mon Sep 17 00:00:00 2001 From: dvaliotis <107468845+dvaliotis@users.noreply.github.com> Date: Wed, 23 Oct 2024 15:12:07 +0300 Subject: [PATCH 1/3] Update gsuite_workspace_calendar_external_sharing.py (#1406) --- .../gsuite_workspace_calendar_external_sharing.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/gsuite_activityevent_rules/gsuite_workspace_calendar_external_sharing.py b/rules/gsuite_activityevent_rules/gsuite_workspace_calendar_external_sharing.py index d290a1d30..72d602aba 100644 --- a/rules/gsuite_activityevent_rules/gsuite_workspace_calendar_external_sharing.py +++ b/rules/gsuite_activityevent_rules/gsuite_workspace_calendar_external_sharing.py @@ -18,5 +18,5 @@ def title(event): f"GSuite workspace setting for default calendar sharing was changed by " f"[{event.deep_get('actor', 'email', default='')}] " + f"from [{event.deep_get('parameters', 'OLD_VALUE', default='')}] " - + "to [{event.deep_get('parameters', 'NEW_VALUE', default='')}]" + + f"to [{event.deep_get('parameters', 'NEW_VALUE', default='')}]" ) From 569b3c87554e1ef44ddbe36cf5ed35c2ab1ad040 Mon Sep 17 00:00:00 2001 From: Emmanuel Ferdman Date: Mon, 28 Oct 2024 18:12:54 +0200 Subject: [PATCH 2/3] Update style guide reference (#1400) Signed-off-by: Emmanuel Ferdman Co-authored-by: Ariel Ropek <79653153+arielkr256@users.noreply.github.com> --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 99449ad73..24ab6793e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -8,7 +8,7 @@ Please familiarize yourself with these helpful resources on writing high-quality - The blog post Panther's founder, Jack Naglieri, wrote on [The Anatomy of a High Quality SIEM Rule](https://jacknaglieri.substack.com/p/hq-siem-rules) - Panther's [Detection Documentation](https://docs.panther.com/detections) -- The `panther-analysis` [Style Guide](https://github.com/panther-labs/panther-analysis/blob/main/STYLE_GUIDE.md) +- The `panther-analysis` [Style Guide](https://github.com/panther-labs/panther-analysis/blob/main/style_guides/STYLE_GUIDE.md) Especially excellent contributions will be considered for a quarterly prize! We will announce a winner in the **Panther-Analysis Seasonal Newsletter**, where we share updates and celebrate contributions to Panther’s open-source ruleset. From f06112fe60aa6b1ddb23d39a2fdc25a95d257461 Mon Sep 17 00:00:00 2001 From: Ariel Ropek <79653153+arielkr256@users.noreply.github.com> Date: Tue, 29 Oct 2024 13:52:50 -0600 Subject: [PATCH 3/3] Gha improvements (#1407) --- .github/workflows/pre-release-upload.yml | 43 ++++++++++++++++++++++++ .github/workflows/test.yml | 29 ++++++++++++++++ .github/workflows/validate.yml | 2 +- 3 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/pre-release-upload.yml diff --git a/.github/workflows/pre-release-upload.yml b/.github/workflows/pre-release-upload.yml new file mode 100644 index 000000000..413feefdd --- /dev/null +++ b/.github/workflows/pre-release-upload.yml @@ -0,0 +1,43 @@ +on: + pull_request_review: + types: [submitted] + +permissions: + contents: read + +jobs: + upload: + if: github.head_ref == 'main' + name: Pre-Release Upload to GA + runs-on: ubuntu-latest + env: + API_HOST: ${{ secrets.GA_API_HOST }} + API_TOKEN: ${{ secrets.GA_API_TOKEN }} + steps: + - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + + - name: Validate Secrets + if: ${{ env.GA_API_HOST == '' || env.GA_API_TOKEN == '' }} + run: | + echo "API_HOST or API_TOKEN not set" + exit 0 + + - name: Checkout panther-analysis + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1 + + - name: Set python version + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0 + with: + python-version: "3.11" + + - name: Install pipenv + run: pip install pipenv + + - name: Setup venv + run: make venv + + - name: upload + run: | + pipenv run panther_analysis_tool upload --api-host ${{ env.GA_API_HOST }} --api-token ${{ env.GA_API_TOKEN }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5fe44d67c..e3827cc9b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,6 +6,35 @@ permissions: jobs: test: + if: github.event.pull_request.head.repo.fork == true + name: Test + runs-on: ubuntu-latest + steps: + - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + disable-sudo: true + egress-policy: audit + + - name: Checkout panther-analysis + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1 + + - name: Set python version + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0 + with: + python-version: "3.11" + + - name: Install pipenv + run: pip install pipenv + + - name: Setup venv + run: make venv + + - name: test + run: | + pipenv run panther_analysis_tool test --show-failures-only + + test-authenticated: + if: github.event.pull_request.head.repo.fork == false name: Test runs-on: ubuntu-latest env: diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 65b4285cf..35368a592 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -7,7 +7,7 @@ permissions: jobs: validate: - if: github.event.review.state == 'approved' + if: github.event.review.state == 'approved' && github.event.pull_request.head.repo.fork == false name: Validate runs-on: ubuntu-latest env: