Releases: panther-labs/panther-analysis
Releases · panther-labs/panther-analysis
v3.57.0
What's Changed
🏡 Miscellaneous
- Remove explorer/powershell relationship by @geoffg-sentry in #1278
- build(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0 by @dependabot in #1281
- build(deps): bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @dependabot in #1282
- Aws gd ref links by @JPhenglavong in #1283
- Add initial Correlation Rules by @egibs in #1260
- Snowflake Data Exfiltration CR by @arielkr256 in #1257
- lower severity for sensor update requests by @arielkr256 in #1285
- correlation rules from AWS re:inforce by @arielkr256 in #1279
- build(deps): bump actions/setup-python from 5.1.0 to 5.1.1 by @dependabot in #1284
- Formatting: Converting Tabs to Spaces in YAML Files by @ben-githubs in #1290
- CrowdStrike event stream api rules by @JPhenglavong in #1286
- Push Security correlation rules by @arielkr256 in #1280
New Contributors
- @geoffg-sentry made their first contribution in #1278
Full Changelog: v3.56.0...v3.57.0
Contributors
egibs, JPhenglavong, and 4 other contributors
Assets 4
v3.56.0
What's Changed
🏡 Miscellaneous
- Update PAT to 0.51.0 by @egibs in #1272
- latest traildiscover updates by @arielkr256 in #1273
- Threat-315 Wiz Alert Passthrough by @akozlovets098 in #1251
Full Changelog: v3.55.0...v3.56.0
Contributors
egibs, arielkr256, and akozlovets098
Assets 4
v3.55.0
What's Changed
🏡 Miscellaneous
- Replace panther_analysis_tool import with updated import by @egibs in #1230
- Update Action versions; use SHAs by @egibs in #1231
- migrates the gcp_storage_hmac_keys_create rule to by @arielkr256 in #1233
- move scheduled rules to the queries directory by @arielkr256 in #1234
- consistency nit fixes by @kjihso in #1235
- AppOmni Alert passthrough by @jzandona in #1211
- Push Security rules by @jstanulis-push in #1207
- Push Security pack by @arielkr256 in #1239
- Push logtype update by @arielkr256 in #1240
- Remove Node/NPM/Prettier by @egibs in #1241
- Small Workflow tweaks by @egibs in #1243
- Use harden-runner Action for all Workflows by @egibs in #1244
- Threat 319 Replace geoinfo_from_ip with new version by @akozlovets098 in #1242
- Use full Action SHAs rather than versioned releases by @egibs in #1245
- THREAT-321 Auth0 CIC Credential Stuffing by @arielkr256 in #1246
- Update panther-core to 0.10.1 via PAT by @egibs in #1249
- Tweak Snowflake queries by @egibs in #1250
- Fixed typo in README.md by @JPhenglavong in #1253
- build(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1 by @dependabot in #1254
- Using GITHUB_OUTPUT env var instead of old ::set-output shorthand by @c0nfleis in #1255
- OCSF data model, VPC/DNS by @akozlovets098 in #1214
- fix: consider deny rules for ssh network acl policy by @skeggse in #1236
- AWS Honeypot Detections threat-306 by @JPhenglavong in #1252
- Update aws_console_login_without_mfa.py by @JPhenglavong in #1237
- Update PAT to 0.50.0 by @egibs in #1259
- Push Security schema rename by @arielkr256 in #1258
- build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #1263
- Update PAT to 0.50.1 by @egibs in #1261
- improve error handling for dynamic functions by @arielkr256 in #1262
- update vscode schema to honor correlation rules by @nskobov in #1264
- Remove .husky directory by @le4ker in #1266
- update snowflake queries with p_occurs_since by @arielkr256 in #1265
- remove greynoise luts by @arielkr256 in #1267
- Edit: Downgrade Okta.Anonymizing.VPN.Login to INFO severity if Apple Relay used by @ben-githubs in #1268
- Remove unnecessary pipenv step by @egibs in #1270
New Contributors
- @jstanulis-push made their first contribution in #1207
- @skeggse made their first contribution in #1236
Full Changelog: v3.54.0...v3.55.0
Contributors
le4ker, skeggse, and 11 other contributors
Assets 4
v3.54.0
v3.53.0
What's Changed
🏡 Miscellaneous
- Update PAT to 0.48.0; PDH to 0.4.0 (#1227) by @egibs in #1228
- Add threat-research as codeowners (#1213) by @egibs in #1229
- Replace panther_analysis_tool import with updated import by @egibs in #1230
- Update Action versions; use SHAs by @egibs in #1231
Full Changelog: v3.52.0...v3.53.0
Contributors
egibs
Assets 4
v3.52.0
v3.51.0
What's Changed
🏡 Miscellaneous
- Prepare for
3.50.0by @egibs in #1217 - Fix timestamps by @nhakmiller in #1219
Full Changelog: v3.50.0...v3.51.0
Contributors
egibs and nhakmiller
Assets 4
v3.50.0
What's Changed
🏡 Miscellaneous
- Deprecate GreyNoise detections by @melenevskyi in #1205
- fix - Notion Login From New Location - NoneType error by @akozlovets098 in #1206
- Remove codeowners by @le4ker in #1208
- fix - GCP rules - AttributeError by @akozlovets098 in #1210
- MITRE ATT&CK Mappings for MS Rules by @ben-githubs in #1209
- traildiscover enrichment with managed schema by @arielkr256 in #1177
- Update PAT to 0.46.0 by @egibs in #1216
Full Changelog: v3.49.0...v3.50.0
Contributors
melenevskyi, le4ker, and 4 other contributors
Assets 4
v3.49.0
What's Changed
🏡 Miscellaneous
- bump black by @le4ker in #1184
- disable dependabot by @le4ker in #1185
- remove failing test case by @arielkr256 in #1189
- apply make fmt using upgraded black version by @arielkr256 in #1196
- Add mongodb_alert_context by @melenevskyi and @arielkr256 in #1178
- Update linting Makefile targets to run isort and prettier --check by @egibs in #1194
- Format code before committing it by @le4ker in #1193
- fix - Okta Password Accessed False positive by @akozlovets098 in #1198
- Add MongoDB.2FA.Disabled rule by @melenevskyi in #1190
- Add MongoDB.User.Created.Or.Deleted and Add MongoDB.User.Roles.Changed rules by @melenevskyi in #1192
- MongoDB - alerting disabled (rule) by @akozlovets098, @egibs, and @arielkr256 in #1197
- MongoDB - Allow access from anywhere (rule) by @akozlovets098 and @arielkr256 in #1199
- MongoDB - org membership restriction disabled (rule) by @akozlovets098 and @arielkr256 in #1200
- Add MongoDB.External.UserInvited.NoConfig fule by @melenevskyi and @arielkr256 in #1191
- Add MongoDB.Identity.Provider.Activity rule by @melenevskyi and @arielkr256 in #1202
- Add MongoDB.Logging.Toggled rule by @melenevskyi in #1203
- Use make venv rather than make install by @egibs in #1186
- Fix Dockerfile; add Workflow to test image by @egibs in #1187
Full Changelog: v3.48.0...v3.49.0
Contributors
melenevskyi, le4ker, and 3 other contributors
Assets 4
v3.48.0
What's Changed
🏡 Miscellaneous
- Update github_advanced_security_change.py by @JPhenglavong in #1173
- Format YAML and Markdown files by @le4ker in #1174
- osquery detection for CVE-2024-3094 by @arielkr256 in #1181
- Add CloudTrail Rule to detect vulnerable EC2 AMIs re: CVE-2024-3094 by @egibs in #1182
Full Changelog: v3.47.1...v3.48.0
Contributors
le4ker, egibs, and 2 other contributors