Skip to content

Commit

Permalink
Merge branch 'develop' into THREAT-367/snowflake-streaming-rules
Browse files Browse the repository at this point in the history
  • Loading branch information
arielkr256 authored Oct 29, 2024
2 parents 56dc658 + f06112f commit ed1ee3c
Show file tree
Hide file tree
Showing 5 changed files with 75 additions and 3 deletions.
43 changes: 43 additions & 0 deletions .github/workflows/pre-release-upload.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
on:
pull_request_review:
types: [submitted]

permissions:
contents: read

jobs:
upload:
if: github.head_ref == 'main'
name: Pre-Release Upload to GA
runs-on: ubuntu-latest
env:
API_HOST: ${{ secrets.GA_API_HOST }}
API_TOKEN: ${{ secrets.GA_API_TOKEN }}
steps:
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit

- name: Validate Secrets
if: ${{ env.GA_API_HOST == '' || env.GA_API_TOKEN == '' }}
run: |
echo "API_HOST or API_TOKEN not set"
exit 0
- name: Checkout panther-analysis
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1

- name: Set python version
uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0
with:
python-version: "3.11"

- name: Install pipenv
run: pip install pipenv

- name: Setup venv
run: make venv

- name: upload
run: |
pipenv run panther_analysis_tool upload --api-host ${{ env.GA_API_HOST }} --api-token ${{ env.GA_API_TOKEN }}
29 changes: 29 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,35 @@ permissions:

jobs:
test:
if: github.event.pull_request.head.repo.fork == true
name: Test
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: audit

- name: Checkout panther-analysis
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1

- name: Set python version
uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0
with:
python-version: "3.11"

- name: Install pipenv
run: pip install pipenv

- name: Setup venv
run: make venv

- name: test
run: |
pipenv run panther_analysis_tool test --show-failures-only
test-authenticated:
if: github.event.pull_request.head.repo.fork == false
name: Test
runs-on: ubuntu-latest
env:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/validate.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ permissions:

jobs:
validate:
if: github.event.review.state == 'approved'
if: github.event.review.state == 'approved' && github.event.pull_request.head.repo.fork == false
name: Validate
runs-on: ubuntu-latest
env:
Expand Down
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Please familiarize yourself with these helpful resources on writing high-quality

- The blog post Panther's founder, Jack Naglieri, wrote on [The Anatomy of a High Quality SIEM Rule](https://jacknaglieri.substack.com/p/hq-siem-rules)
- Panther's [Detection Documentation](https://docs.panther.com/detections)
- The `panther-analysis` [Style Guide](https://github.com/panther-labs/panther-analysis/blob/main/STYLE_GUIDE.md)
- The `panther-analysis` [Style Guide](https://github.com/panther-labs/panther-analysis/blob/main/style_guides/STYLE_GUIDE.md)

Especially excellent contributions will be considered for a quarterly prize! We will announce a winner in the **Panther-Analysis Seasonal Newsletter**, where we share updates and celebrate contributions to Panther’s open-source ruleset.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,5 @@ def title(event):
f"GSuite workspace setting for default calendar sharing was changed by "
f"[{event.deep_get('actor', 'email', default='<UNKNOWN_EMAIL>')}] "
+ f"from [{event.deep_get('parameters', 'OLD_VALUE', default='<NO_OLD_SETTING_FOUND>')}] "
+ "to [{event.deep_get('parameters', 'NEW_VALUE', default='<NO_NEW_SETTING_FOUND>')}]"
+ f"to [{event.deep_get('parameters', 'NEW_VALUE', default='<NO_NEW_SETTING_FOUND>')}]"
)

0 comments on commit ed1ee3c

Please sign in to comment.