Releases: panther-labs/panther-analysis
Releases · panther-labs/panther-analysis
v3.10.0
What's Changed
🐛 Bug Fixes and Tunes
🏡 Miscellaneous
- Fixes misnaming of github_repo_collaborator_change by @bfrisbie-wiz in #844
- fix: unit testing suite should test by using the panther_analysis_tool.immutable types by @edyesed in #846
New Contributors
- @bfrisbie-wiz made their first contribution in #844
Full Changelog: v3.9.3...v3.10.0
Contributors
edyesed, egibs, and bfrisbie-wiz
Assets 4
v3.9.3
v3.9.2
What's Changed
🕵️ New Detections
- Tines Rule - Job Deletion (2 cases) by @josh-panther in #787
- Tines Rule - Story Items Destruction by @josh-panther in #788
- Tines Rule - Team Destruction by @josh-panther in #789
🐛 Bug Fixes and Tunes
🏡 Miscellaneous
- Upgrading to pat 0.23.0 by @andrea-youwakim in #838
- Update slack_potentially_malicious_file_shared description by @denniswebb in #839
- fix: update spacing in deep_walk docstring by @egibs in #837
New Contributors
- @denniswebb made their first contribution in #839
Full Changelog: v3.9.1...v3.9.2
Contributors
edyesed, denniswebb, and 3 other contributors
Assets 4
v3.9.1
What's Changed
🕵️ New Detections
- Mongodb by @calkim-panther in #833
🐛 Bug Fixes and Tunes
- fixes fallback behavior in slack app added severity function by @cpascale43 in #829
🏡 Miscellaneous
- docs: Test+Lint queries directory by @edyesed in #834
- Update deep_walk type hints by @egibs in #832
- fix: update MongoDB RuleIDs to convention, prefer deep_get over dict.get by @edyesed in #836
Full Changelog: v3.9.0...v3.9.1
Contributors
edyesed, egibs, and 2 other contributors
Assets 4
v3.9.0
What's Changed
🕵️ New Detections
CrowdStrike
- Rule: CrowdStrike MacOS Osascript as Administrator by @mbellifa in #824
- Rule: CrowdStrike MacOS plutil Usage by @mbellifa in #825
Auth0
- Auth0 MFA Risk Assessment Enabled by @papanikge in #818
- Auth0: Role Created by @alexmylonas in #812
- Auth0 MFA Policy Enabled by @kleon919 in #813
- feat: Detection for Auth0 post login flow by @le4ker in #814
🐛 Bug Fixes and Tunes
- fix: summaryattributes reference required fields by @edyesed in #826
- feat: Standard.ImpossibleTravel.Login now using p_match via LookupTableMatches by @edyesed in #828
🏡 Miscellaneous
Global Helper Updates
- feat: find enrichments by value leveraging p_match field by @edyesed in #809
- Add deep_walk function and tests by @egibs in #819
- docs: add unit test to ensure that GetGreyNoiseObject({}).lut_matches is None by @edyesed in #830
Docs Updates
- docs: Update README by @edyesed in #823
- fixes duplicate slack rule display names by @cpascale43 in #827
- fixing display name and runbook of auth0 rule by @andrea-youwakim in #831
New Contributors
Full Changelog: v3.8.3...v3.9.0
Contributors
papanikge, edyesed, and 7 other contributors
Assets 4
v3.8.3
v3.8.2
What's Changed
🕵️ New Detections
Tines
- Tines Rule - Global Resource Destruction by @josh-panther in #786
Notion
Auth0
- Rule: Auth0 User Joined Tenant by @mbellifa in #807
- auth0 mfa enabled detection by @kouknick in #811
- feat: new auth0_integration_installed detection by @georgesimos in #815
- Add detection for auth0 user invitations to tenants and organizations by @kalafut in #816
Crowdstrike
🐛 Bug Fixes and Tunes
- fix: lookuptables base class needs to be in the pack.yml for all artifacts that leverage it by @edyesed in #821
New Contributors
- @kouknick made their first contribution in #811
- @georgesimos made their first contribution in #815
Full Changelog: v3.8.1...v3.8.2
Contributors
kalafut, edyesed, and 5 other contributors
Assets 4
v3.8.1
What's Changed
🕵️ New Detections
🐛 Bug Fixes and Tunes
🏡 Miscellaneous
New Contributors
Full Changelog: v3.8.0...v3.8.1
Contributors
kalafut, edyesed, and miotke
Assets 4
v3.8.0
What's Changed
🕵️ New Detections
GCP
- Add detections for GCP DNS zone operations by @egibs in #779
- Create detection for GCP firewall rule modifications by @egibs in #785
- Add detection for GCP firewall rule creations by @egibs in #791
- Add detection for GCP firewall rule deletions by @egibs in #794
- Add detections for GCP logging bucket or sink deletions by @egibs in #798
- Add detections for GCP logging sink modifications by @egibs in #799
- Add detection for denied GCP service account access by @egibs in #801
Notion
- add: notion rule many pages deleted by @LucySuddenly in #795
- add: notion rule scim token generated by @LucySuddenly in #796
- feat: Notion audit log exported detection by @le4ker in #793
Tines
GitHub
- add: github rule add org moderator by @LucySuddenly in #782
🌯 New Packs and Pack Expansion
- add: github org moderators add rule to pack by @LucySuddenly in #797
🐛 Bug Fixes and Tunes
- fix: impossible travel short distances tweak by @edyesed in #783
- fix: tines_actions_disabled should use the global filter by @edyesed in #792
- Allow for any API version for certain GCP detections by @egibs in #803
- Alias column names with invalid characters by @dekatzenel in #802
- tune embargo country detection to low by @calkim-panther in #790
🏡 Miscellaneous
- remove dynamo encryption policy from pack by @calkim-panther in #784
Full Changelog: v3.7.6...v3.8.0
Contributors
edyesed, le4ker, and 5 other contributors
Assets 4
v3.7.6
What's Changed
🕵️ New Detections
- deprecate dynamo encryption policy by @calkim-panther in #778
🐛 Bug Fixes and Tunes
- chore: add units to alert_context on standard impossible travel by @edyesed in #777
- fix: Standard.ImpossibleTravel.Login should not alert on VPN or ApplePrivateRelay by @edyesed in #780
🏡 Miscellaneous
Full Changelog: v3.7.5...v3.7.6
Contributors
edyesed and calkim-panther