v3.55.0
What's Changed
🏡 Miscellaneous
- Replace panther_analysis_tool import with updated import by @egibs in #1230
- Update Action versions; use SHAs by @egibs in #1231
- migrates the gcp_storage_hmac_keys_create rule to by @arielkr256 in #1233
- move scheduled rules to the queries directory by @arielkr256 in #1234
- consistency nit fixes by @kjihso in #1235
- AppOmni Alert passthrough by @jzandona in #1211
- Push Security rules by @jstanulis-push in #1207
- Push Security pack by @arielkr256 in #1239
- Push logtype update by @arielkr256 in #1240
- Remove Node/NPM/Prettier by @egibs in #1241
- Small Workflow tweaks by @egibs in #1243
- Use harden-runner Action for all Workflows by @egibs in #1244
- Threat 319 Replace geoinfo_from_ip with new version by @akozlovets098 in #1242
- Use full Action SHAs rather than versioned releases by @egibs in #1245
- THREAT-321 Auth0 CIC Credential Stuffing by @arielkr256 in #1246
- Update panther-core to 0.10.1 via PAT by @egibs in #1249
- Tweak Snowflake queries by @egibs in #1250
- Fixed typo in README.md by @JPhenglavong in #1253
- build(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1 by @dependabot in #1254
- Using GITHUB_OUTPUT env var instead of old ::set-output shorthand by @c0nfleis in #1255
- OCSF data model, VPC/DNS by @akozlovets098 in #1214
- fix: consider deny rules for ssh network acl policy by @skeggse in #1236
- AWS Honeypot Detections threat-306 by @JPhenglavong in #1252
- Update aws_console_login_without_mfa.py by @JPhenglavong in #1237
- Update PAT to 0.50.0 by @egibs in #1259
- Push Security schema rename by @arielkr256 in #1258
- build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #1263
- Update PAT to 0.50.1 by @egibs in #1261
- improve error handling for dynamic functions by @arielkr256 in #1262
- update vscode schema to honor correlation rules by @nskobov in #1264
- Remove .husky directory by @le4ker in #1266
- update snowflake queries with p_occurs_since by @arielkr256 in #1265
- remove greynoise luts by @arielkr256 in #1267
- Edit: Downgrade Okta.Anonymizing.VPN.Login to INFO severity if Apple Relay used by @ben-githubs in #1268
- Remove unnecessary pipenv step by @egibs in #1270
New Contributors
- @jstanulis-push made their first contribution in #1207
- @skeggse made their first contribution in #1236
Full Changelog: v3.54.0...v3.55.0
Contributors
le4ker, skeggse, and 11 other contributors