1.4.0

Another round of updates, mostly minor changes. The main change is the addition of the default panther helper to support more hybrid CLI/web driven workflows.

1.3.0: CloudTrail Rule Updates (#57)

This version brings the default policies and rules up to date with how Panther now handles the global analysis type.

• #56 modifies the global helper to work with multiple globals
• #54 and #55 updates the default global to communicate with a dynamo table deployed in Panther specifically for rules and policies to use as a key/value store
• #52 updates some rules to reflect bug fixes in Panther
• #53 and #57 add additional rules for s3 and CloudTrail respectively

v1.2.0: Updated globals (#49)

This release includes a number of minor changes related to policy and rule tuning and bug fixes, and one large change to adapt to the new globals format.

You'll find the new analysis type global configured in the globals directory. If you were previously using aws_globals in order to share code amongst policies and rules, follow these steps to be compatible with the new format:

1. Copy your code from aws_globals.py into the panther.py file in the globals directory (we advise appending your custom globals to the default ones already present in panther.py)
2. Update all policies and rules from import aws_globals to import panther. Update any usages of the functions found within aws_globals as well.
3. Use the panther_analysis_tool (be sure you're on the latest version) to upload your new globals directory.
4. From within the Panther UI, delete the aws_globals policy or rule

If you were not previously taking advantage of custom globals, no changes are necessary although you may still wish to perform step 4 above, deleting the old aws_globals policy from the Panther web UI.

Globals will be included in both the panther-analysis-policies and panther-analysis-rules packages, as it is shared between policies and rules.

v1.1.1: Update Rule Fields (#36)

Updated all rules to take advantage of the new rule specific fields.

v1.1.0: Metadata Updates (#34)

This is a large change, which renames almost every single policy and changes the tagging conventions on the majority of policies and rules. This is in pursuit of a more standard, cleaner presentation of the analysis that Panther has to offer.

If you wish to upgrade an existing Panther deployment to this latest pack of policies and rules, we highly recommend destroying all policies in the existing deployment before deploying this pack. This is because we are changing all the policy IDs, which means that upgrading will not work as normal.

We try to make changes like this very rarely, but as we have made a lot of changes to the presentation of the newer analysis packs we decided to bring everything up to date in anticipation of the Panther v1 launch.

v1.0.3

Minor patches.

v1.0.2: AWS Rules - DeleteBucket, S3 Insecure Access Fix (#21)

Updating all rules to perform safe lookups in accordance with backend changes to Panther.

Updated Log Types for Rules

Updated rules to have the correct log types in their specification files.

Initial Release

The initial policy and rule packs available for Panther.