Releases: panther-labs/panther-analysis
Releases · panther-labs/panther-analysis
v3.22.0
What's Changed
🏡 Miscellaneous
- gcp_k8s_rules: fix logic matching irrelevant events by @cheahjs in #928
- Always use the "our" CODEOWNERS by @grantjoy in #927
- ID to Name path change zendesk_data_model.yml by @JPhenglavong in #929
- AWS CloudTrail Password Discovery detection by @natezpanther in #628
- Fix the Zeek selectors in luts by @rleighton in #930
- updated title to use profileId if no email by @arielkr256 in #931
- Update aws_unauthorized_api_call dedup function by @egibs in #932
New Contributors
- @cheahjs made their first contribution in #928
- @JPhenglavong made their first contribution in #929
Full Changelog: v3.21.0...v3.22.0
Contributors
cheahjs, grantjoy, and 5 other contributors
Assets 4
v3.21.0
What's Changed
🏡 Miscellaneous
- kbailey: rule for phished okta session by @k-bailey in #500
- build(deps): bump requests from 2.28.1 to 2.31.0 by @dependabot in #923
- build(deps): bump urllib3 from 1.26.12 to 1.26.18 by @dependabot in #922
- Move from AGPL to Apache Software License by @egibs in #924
- Update sync-from-upstream.yml GH action from 'master' to 'main' by @AndrewMohawk in #925
- Remove PAT clone from lint-test Workflow by @egibs in #926
New Contributors
- @AndrewMohawk made their first contribution in #925
Full Changelog: v3.20.0...v3.21.0
Contributors
AndrewMohawk, k-bailey, and 2 other contributors
Assets 4
v3.20.0
What's Changed
🕵️ New Detections
- Tines Rule - Story Jobs Clearance by @josh-panther in #800
🏡 Miscellaneous
- added test case for user modified by System by @arielkr256 in #910
- Expanded Microsoft365.Exchange.External.Forwarding to work with ForwardingAddress property by @ben-githubs in #909
- Fix Standard.ImpossibleTravel.Login by @corrylc in #912
- added default strings to deep_walks by @arielkr256 in #913
- update upstream branch in README by @le4ker in #914
- fixed severity issue for Super admin granted by @arielkr256 in #917
- Template: example_scheduled_query update by @nkulig in #689
- Set severity to INFO if making calendar private by @apanzerj in #904
- saved search for IOCs published by Okta by @arielkr256 in #916
- build(deps-dev): bump werkzeug from 3.0.0 to 3.0.1 by @dependabot in #911
- Up-to-date implementation of #868 by @egibs in #918
- Update global-helpers-unit-test call syntax by @wadells in #903
- Add a helper to retrieve the AWS account ID associated with a given access key ID by @egibs in #920
New Contributors
Full Changelog: v3.19.0...v3.20.0
Contributors
wadells, le4ker, and 8 other contributors
Assets 2
v3.19.0
What's Changed
🏡 Miscellaneous
- Okta new rules by @arielkr256 in #894
- Added removed workspace.settings line back by @tiffany-leong in #902
- Allow Dependabot to update all pip package sources by @egibs in #905
- build(deps): bump urllib3 from 1.26.17 to 1.26.18 by @dependabot in #901
- Fix typo in slack_privilege_changed_to_user.yml by @bfrisbie-wiz in #870
- replacing set_key_expiration with epoch_seconds field by @maxrichie5 in #892
- Check for GuardDuty sample data by @piercedouglas in #871
- deprecating duplicate impossible travel rules by @arielkr256 in #907
- fixed caching bug by @arielkr256 in #908
New Contributors
- @arielkr256 made their first contribution in #894
- @piercedouglas made their first contribution in #871
Full Changelog: v3.18.0...v3.19.0
Contributors
piercedouglas, egibs, and 5 other contributors
Assets 4
v3.18.0
v3.17.1
v3.17.0
What's Changed
🏡 Miscellaneous
- Add .panther_settings.yml to .gitignore by @grantjoy in #895
- Update example_rule.py by @nhakmiller in #897
- replacing kv globals with caching module part 2 by @maxrichie5 in #890
- using caching module in detections instead of globals by @maxrichie5 in #888
Full Changelog: v3.16.0...v3.17.0
Contributors
grantjoy, maxrichie5, and nhakmiller
Assets 4
v3.16.0
What's Changed
🏡 Miscellaneous
- Add .vscode gen files to .gitignore by @papanikge in #877
- Fixed invalid summary attributes by @nhakmiller in #879
- removes duplicated test and updates a test name to be more accurate by @darwayne in #881
- Adding python version file by @grantjoy in #883
- Azure passthrough error fix by @tiffany-leong in #880
- replacing kv globals with caching funcs by @maxrichie5 in #884
- Update dependencies in Pipfile by @egibs in #885
- reverting using panther detection helpers in kv globals by @maxrichie5 in #889
- improve exception handling for some policies by @darwayne in #891
New Contributors
- @grantjoy made their first contribution in #883
- @tiffany-leong made their first contribution in #880
Full Changelog: v3.15.0...v3.16.0
Contributors
papanikge, darwayne, and 5 other contributors
Assets 4
v3.15.0
🐛 Bug Fixes and Tunes
- fix: OneLogin detections were comparing int to str (event_type_id) by @ben-githubs in #865
- fix: Asana, GitHub, and Okta rule cleanup by @jacknagz in #867
- fix: Added missing Crowdstrike aid context to global helper by @jamesejr in #869
- fix: Update select Dropbox and GSuite rules to return Dict, not PantherEvent by @ben-githubs in #873
🏠 Miscellaneous
- Migrate Azure.SignIn rules to Azure.Audit by @papanikge in #876
Full Changelog: v3.14.0...v3.15.0
Contributors
papanikge, jamesejr, and 2 other contributors
Assets 4
v3.14.0
What's Changed
🐛 Bug Fixes and Tunes
🏡 Miscellaneous
- make vscode-config instruction improvement by @nkulig in #862
- feat: p_a_t update to 0.25.0 by @edyesed in #863
New Contributors
Full Changelog: v3.13.0...v3.14.0
Contributors
wadells, edyesed, and nkulig