Releases: panther-labs/panther-analysis
Releases · panther-labs/panther-analysis
v3.64.0
What's Changed
🕵️ New Detections
- Wiz audit rules by @akozlovets098 in #1323
🔍️️ New Queries
- Remove Multi-Table Queries from Packs by @ben-githubs in #1353
🗓️️ Scheduled Rules
- THREAT-354 Converting caching rules to correlation by @akozlovets098 in #1348
- more correlation rules from AWS re:inforce by @arielkr256 in #1289
🏡 Miscellaneous
- Prepare for
v3.62.0
by @arielkr256 in #1338 - Prepare for 3.63.0 by @akozlovets098 in #1350
- build(deps): bump step-security/harden-runner from 2.9.1 to 2.10.1 by @dependabot in #1352
- Refreshing Contributing Guidelines by @arielkr256 in #1344
- validate and upload on PRs by @arielkr256 in #1351
- Validate on PR approval by @arielkr256 in #1354
Full Changelog: v3.63.0...v3.64.0
v3.63.0
What's Changed
🐛 Bug Fixes and Tunes
- AWS SAML Activity Tuning by @arielkr256 in #1341
- Tuning Snyk Rules by @arielkr256 in #1340
- Update Pack Manifests with Data Models and Globals by @ben-githubs in #1342
- added get_actor_user method to data model by @biancafu-panther in #1343
- Add Missing Pack Items by @ben-githubs in #1345
🏡 Miscellaneous
- build(deps): bump actions/setup-python from 5.1.1 to 5.2.0 by @dependabot in #1339
New Contributors
- @biancafu-panther made their first contribution in #1343
Full Changelog: v3.62.0...v3.63.0
v3.62.0
What's Changed
🏡 Miscellaneous
- Prepare for
v3.61.0
by @arielkr256 in #1321 - Remove deprecated IOC helpers by @arielkr256 in #1325
- Info Alerts are Signals, Nonrouted by @arielkr256 in #1328
- New Rules: CS EventStream Audit Events by @ben-githubs in #1307
- Okta rate limit tuning by @arielkr256 in #1329
- traffic mirroring tuning by @arielkr256 in #1330
- GCP K8S tuning by @arielkr256 in #1331
- Missing MITRE ATT&CK tactics by @arielkr256 in #1322
- tuning Wiz Alert Passthrough rule by @arielkr256 in #1326
- Improve GitHub Webhook Modified rule by @geoffg-sentry in #1324
- Add Dynamic Severity to AWS.CloudTrail.SnapshotMadePublic by @ben-githubs in #1333
- Fix Unit Tests Failing in Pypanther by @ben-githubs in #1335
- Convert to Signals by @arielkr256 in #1336
- THREAT 371: Slack Anomaly Detection Tuning by @ben-githubs in #1334
- PAT update v0.52.1 by @arielkr256 in #1337
Full Changelog: v3.61.0...v3.62.0
v3.61.0
What's Changed
🏡 Miscellaneous
- Releasing performance improvements by @nhakmiller in #1305
- Update rule_jsonschema.json by @chrisarav in #1306
- build(deps): bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by @dependabot in #1309
- UDM safe lookups by @nhakmiller in #1311
- Minor typo fix in displayname, potentiall -> potentially by @kjihso in #1312
- Add Github Dependabot Alert Dismissed Rule by @elimgh in #1310
- added default values to get/deep_get by @arielkr256 in #1313
- AWS Compromised Service Role - CR -> Scheduled Rule by @arielkr256 in #1315
- GitHub Advanced Security Change WITHOUT Repo Archived - Sequence to Group CR by @arielkr256 in #1314
- build(deps): bump step-security/harden-runner from 2.9.0 to 2.9.1 by @dependabot in #1317
- Update again gcp_k8s_cron_job_created_or_modified.yml by @chrisarav in #1318
- Prepare for
3.60.0
by @akozlovets098 in #1319 - CR upload fixes by @arielkr256 in #1320
New Contributors
- @chrisarav made their first contribution in #1306
- @elimgh made their first contribution in #1310
Full Changelog: v3.59.0...v3.60.0
Full Changelog: v3.60.0...v3.61.0
v3.59.0
What's Changed
🏡 Miscellaneous
- Prepare for 3.58 by @ben-githubs in #1299
- Add entity JSON object to Slack Privilege Escalation tests by @bmbeverst in #1300
- Update rates by @nhakmiller in #1301
- Bump rate minutes more by @nhakmiller in #1302
Full Changelog: v3.58.0...v3.59.0
v3.58.0
What's Changed
🏡 Miscellaneous
- 3.57.0 Release by @le4ker in #1291
- Update safe lookup by @nhakmiller in #1292
- Update default timeouts by @nhakmiller in #1294
- build(deps): bump step-security/harden-runner from 2.8.1 to 2.9.0 by @dependabot in #1293
- build(deps): bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @dependabot in #1297
- build(deps): bump docker/setup-qemu-action from 3.1.0 to 3.2.0 by @dependabot in #1298
- Fix methodName lookups for Cloud Run rules, add tests by @geoffg-sentry in #1296
- Correct the target and actor in Slack Audit log UserPrivilegeEscalation plus clean up by @bmbeverst in #1288
- bugfix for base64 encoded arguments by @arielkr256 in #1295
New Contributors
- @bmbeverst made their first contribution in #1288
Full Changelog: v3.57.0...v3.58.0
v3.57.0
What's Changed
🏡 Miscellaneous
- Remove explorer/powershell relationship by @geoffg-sentry in #1278
- build(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0 by @dependabot in #1281
- build(deps): bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @dependabot in #1282
- Aws gd ref links by @JPhenglavong in #1283
- Add initial Correlation Rules by @egibs in #1260
- Snowflake Data Exfiltration CR by @arielkr256 in #1257
- lower severity for sensor update requests by @arielkr256 in #1285
- correlation rules from AWS re:inforce by @arielkr256 in #1279
- build(deps): bump actions/setup-python from 5.1.0 to 5.1.1 by @dependabot in #1284
- Formatting: Converting Tabs to Spaces in YAML Files by @ben-githubs in #1290
- CrowdStrike event stream api rules by @JPhenglavong in #1286
- Push Security correlation rules by @arielkr256 in #1280
New Contributors
- @geoffg-sentry made their first contribution in #1278
Full Changelog: v3.56.0...v3.57.0
v3.56.0
What's Changed
🏡 Miscellaneous
- Update PAT to 0.51.0 by @egibs in #1272
- latest traildiscover updates by @arielkr256 in #1273
- Threat-315 Wiz Alert Passthrough by @akozlovets098 in #1251
Full Changelog: v3.55.0...v3.56.0
v3.55.0
What's Changed
🏡 Miscellaneous
- Replace panther_analysis_tool import with updated import by @egibs in #1230
- Update Action versions; use SHAs by @egibs in #1231
- migrates the gcp_storage_hmac_keys_create rule to by @arielkr256 in #1233
- move scheduled rules to the queries directory by @arielkr256 in #1234
- consistency nit fixes by @kjihso in #1235
- AppOmni Alert passthrough by @jzandona in #1211
- Push Security rules by @jstanulis-push in #1207
- Push Security pack by @arielkr256 in #1239
- Push logtype update by @arielkr256 in #1240
- Remove Node/NPM/Prettier by @egibs in #1241
- Small Workflow tweaks by @egibs in #1243
- Use harden-runner Action for all Workflows by @egibs in #1244
- Threat 319 Replace geoinfo_from_ip with new version by @akozlovets098 in #1242
- Use full Action SHAs rather than versioned releases by @egibs in #1245
- THREAT-321 Auth0 CIC Credential Stuffing by @arielkr256 in #1246
- Update panther-core to 0.10.1 via PAT by @egibs in #1249
- Tweak Snowflake queries by @egibs in #1250
- Fixed typo in README.md by @JPhenglavong in #1253
- build(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1 by @dependabot in #1254
- Using GITHUB_OUTPUT env var instead of old ::set-output shorthand by @c0nfleis in #1255
- OCSF data model, VPC/DNS by @akozlovets098 in #1214
- fix: consider deny rules for ssh network acl policy by @skeggse in #1236
- AWS Honeypot Detections threat-306 by @JPhenglavong in #1252
- Update aws_console_login_without_mfa.py by @JPhenglavong in #1237
- Update PAT to 0.50.0 by @egibs in #1259
- Push Security schema rename by @arielkr256 in #1258
- build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #1263
- Update PAT to 0.50.1 by @egibs in #1261
- improve error handling for dynamic functions by @arielkr256 in #1262
- update vscode schema to honor correlation rules by @nskobov in #1264
- Remove .husky directory by @le4ker in #1266
- update snowflake queries with p_occurs_since by @arielkr256 in #1265
- remove greynoise luts by @arielkr256 in #1267
- Edit: Downgrade Okta.Anonymizing.VPN.Login to INFO severity if Apple Relay used by @ben-githubs in #1268
- Remove unnecessary pipenv step by @egibs in #1270
New Contributors
- @jstanulis-push made their first contribution in #1207
- @skeggse made their first contribution in #1236
Full Changelog: v3.54.0...v3.55.0