Releases: panther-labs/panther-analysis
Releases · panther-labs/panther-analysis
v3.55.0
What's Changed
🏡 Miscellaneous
- Replace panther_analysis_tool import with updated import by @egibs in #1230
- Update Action versions; use SHAs by @egibs in #1231
- migrates the gcp_storage_hmac_keys_create rule to by @arielkr256 in #1233
- move scheduled rules to the queries directory by @arielkr256 in #1234
- consistency nit fixes by @kjihso in #1235
- AppOmni Alert passthrough by @jzandona in #1211
- Push Security rules by @jstanulis-push in #1207
- Push Security pack by @arielkr256 in #1239
- Push logtype update by @arielkr256 in #1240
- Remove Node/NPM/Prettier by @egibs in #1241
- Small Workflow tweaks by @egibs in #1243
- Use harden-runner Action for all Workflows by @egibs in #1244
- Threat 319 Replace geoinfo_from_ip with new version by @akozlovets098 in #1242
- Use full Action SHAs rather than versioned releases by @egibs in #1245
- THREAT-321 Auth0 CIC Credential Stuffing by @arielkr256 in #1246
- Update panther-core to 0.10.1 via PAT by @egibs in #1249
- Tweak Snowflake queries by @egibs in #1250
- Fixed typo in README.md by @JPhenglavong in #1253
- build(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1 by @dependabot in #1254
- Using GITHUB_OUTPUT env var instead of old ::set-output shorthand by @c0nfleis in #1255
- OCSF data model, VPC/DNS by @akozlovets098 in #1214
- fix: consider deny rules for ssh network acl policy by @skeggse in #1236
- AWS Honeypot Detections threat-306 by @JPhenglavong in #1252
- Update aws_console_login_without_mfa.py by @JPhenglavong in #1237
- Update PAT to 0.50.0 by @egibs in #1259
- Push Security schema rename by @arielkr256 in #1258
- build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #1263
- Update PAT to 0.50.1 by @egibs in #1261
- improve error handling for dynamic functions by @arielkr256 in #1262
- update vscode schema to honor correlation rules by @nskobov in #1264
- Remove .husky directory by @le4ker in #1266
- update snowflake queries with p_occurs_since by @arielkr256 in #1265
- remove greynoise luts by @arielkr256 in #1267
- Edit: Downgrade Okta.Anonymizing.VPN.Login to INFO severity if Apple Relay used by @ben-githubs in #1268
- Remove unnecessary pipenv step by @egibs in #1270
New Contributors
- @jstanulis-push made their first contribution in #1207
- @skeggse made their first contribution in #1236
Full Changelog: v3.54.0...v3.55.0
Contributors
le4ker, skeggse, and 11 other contributors
Assets 4
v3.54.0
v3.53.0
What's Changed
🏡 Miscellaneous
- Update PAT to 0.48.0; PDH to 0.4.0 (#1227) by @egibs in #1228
- Add threat-research as codeowners (#1213) by @egibs in #1229
- Replace panther_analysis_tool import with updated import by @egibs in #1230
- Update Action versions; use SHAs by @egibs in #1231
Full Changelog: v3.52.0...v3.53.0
Contributors
egibs
Assets 4
v3.52.0
v3.51.0
What's Changed
🏡 Miscellaneous
- Prepare for
3.50.0by @egibs in #1217 - Fix timestamps by @nhakmiller in #1219
Full Changelog: v3.50.0...v3.51.0
Contributors
egibs and nhakmiller
Assets 4
v3.50.0
What's Changed
🏡 Miscellaneous
- Deprecate GreyNoise detections by @melenevskyi in #1205
- fix - Notion Login From New Location - NoneType error by @akozlovets098 in #1206
- Remove codeowners by @le4ker in #1208
- fix - GCP rules - AttributeError by @akozlovets098 in #1210
- MITRE ATT&CK Mappings for MS Rules by @ben-githubs in #1209
- traildiscover enrichment with managed schema by @arielkr256 in #1177
- Update PAT to 0.46.0 by @egibs in #1216
Full Changelog: v3.49.0...v3.50.0
Contributors
melenevskyi, le4ker, and 4 other contributors
Assets 4
v3.49.0
What's Changed
🏡 Miscellaneous
- bump black by @le4ker in #1184
- disable dependabot by @le4ker in #1185
- remove failing test case by @arielkr256 in #1189
- apply make fmt using upgraded black version by @arielkr256 in #1196
- Add mongodb_alert_context by @melenevskyi and @arielkr256 in #1178
- Update linting Makefile targets to run isort and prettier --check by @egibs in #1194
- Format code before committing it by @le4ker in #1193
- fix - Okta Password Accessed False positive by @akozlovets098 in #1198
- Add MongoDB.2FA.Disabled rule by @melenevskyi in #1190
- Add MongoDB.User.Created.Or.Deleted and Add MongoDB.User.Roles.Changed rules by @melenevskyi in #1192
- MongoDB - alerting disabled (rule) by @akozlovets098, @egibs, and @arielkr256 in #1197
- MongoDB - Allow access from anywhere (rule) by @akozlovets098 and @arielkr256 in #1199
- MongoDB - org membership restriction disabled (rule) by @akozlovets098 and @arielkr256 in #1200
- Add MongoDB.External.UserInvited.NoConfig fule by @melenevskyi and @arielkr256 in #1191
- Add MongoDB.Identity.Provider.Activity rule by @melenevskyi and @arielkr256 in #1202
- Add MongoDB.Logging.Toggled rule by @melenevskyi in #1203
- Use make venv rather than make install by @egibs in #1186
- Fix Dockerfile; add Workflow to test image by @egibs in #1187
Full Changelog: v3.48.0...v3.49.0
Contributors
melenevskyi, le4ker, and 3 other contributors
Assets 4
v3.48.0
What's Changed
🏡 Miscellaneous
- Update github_advanced_security_change.py by @JPhenglavong in #1173
- Format YAML and Markdown files by @le4ker in #1174
- osquery detection for CVE-2024-3094 by @arielkr256 in #1181
- Add CloudTrail Rule to detect vulnerable EC2 AMIs re: CVE-2024-3094 by @egibs in #1182
Full Changelog: v3.47.1...v3.48.0
Contributors
le4ker, egibs, and 2 other contributors
Assets 4
v3.47.1
What's Changed
🏡 Miscellaneous
Remove CLA reference from contribution guidelines (#1169) by @egibs
Revert "custom enrichment LUT for TrailDiscover" (#1170) by @arielkr256
Full Changelog: 3.46.0...3.47.1
Contributors
egibs and arielkr256
Assets 4
v3.46.0
What's Changed
🏡 Miscellaneous
- Rework base64 recognition to use python functions rather than regex (#1146) by @arielkr256
- Lolbas tuning (#1147) by @arielkr256
- Add GCP.IAM.serviceAccounts.getAccessToken.Privilege.Escalation rule (#1149) by @melenevskyi
- converted is_private to not is_global (#1150) by @arielkr256
- Renames .yaml files to .yml (#1151) by @le4ker
- fix - GCP compute.instance.create AttributeError (#1152) by @akozlovets098
- Update PAT to 0.43.0 (#1154) by @egibs
- fix - Several GCP rules with NoneType errors (#1155) by @akozlovets098
Full Changelog: v3.45.0...v3.46.0
Contributors
melenevskyi, le4ker, and 3 other contributors