Releases: panther-labs/panther-analysis
Releases · panther-labs/panther-analysis
v3.7.5
What's Changed
🐛 Bug Fixes and Tunes
🏡 Miscellaneous
- gcp_alert_context by @calkim-panther in #765
- removing dupe cloudflare test case by @andrea-youwakim in #773
- Improve Greynoise and IPInfo Helpers by @rleighton in #759
- add crowdstrike data model to pack by @calkim-panther in #775
Full Changelog: v3.7.4...v3.7.5
v3.7.4
What's Changed
🕵️ New Detections
- feat: a generic approach to impossible travel for login style events by @edyesed in #766
- feat: extend the Standard.ImpossibleTravel.Login detection to include Okta.SystemLog by @edyesed in #770
🐛 Bug Fixes and Tunes
- fix: When Snyk users are added via SAML, the userId on the audit log entry is the same as the userid of the added user by @edyesed in #768
- fix: Tune cloudflare bot alert up to 2req/sec. Disable some cloudflare blocked alerts due to cloudflare having blocked the request by @edyesed in #769
Full Changelog: v3.7.3...v3.7.4
v3.7.3
What's Changed
🐛 Bug Fixes and Tunes
- fix: panther_oss_helpers.set_key_expiration should make an effort to
turn epoch_seconds kwarg into an int by @edyesed in #764 - fix: some cache ttls were getting stringified, which leads to dynamodb silently not expiring them by @edyesed in #763
Full Changelog: v3.7.2...v3.7.3
v3.7.2
What's Changed
🌯 New Packs and Pack Expansion
- add fdr detections to pack by @calkim-panther in #748
- Adding credential security pack by @nhakmiller in #761
🏡 Miscellaneous
Full Changelog: v3.7.1...v3.7.2
v3.7.1
v3.7.0
What's Changed
🕵️ New Detections
- feat: Tines.Audit detections and pack by @edyesed in #754
- feat: Tines detections for API Tokens and CustomCA by @edyesed in #755
🐛 Bug Fixes and Tunes
🏡 Miscellaneous
- chore: there was a little copy-pasta in the global filter yaml file for Snyk by @edyesed in #752
- Adding global helpers for Auth0 by @andrea-youwakim in #753
- bump PAT version to 0.22.1 by @darwayne in #756
- maxrichmond: removing detections as code owners by @maxrichie5 in #757
- New: Auth0 Detections and Pack by @andrea-youwakim in #758
New Contributors
Full Changelog: v3.6.0...v3.7.0
v3.6.0
What's Changed
🕵️ New Detections
🐛 Bug Fixes and Tunes
- Safely handle Zoom user group context by @allanbreyes in #749
New Contributors
- @allanbreyes made their first contribution in #749
Full Changelog: v3.5.0...v3.6.0
v3.5.0
What's Changed
🕵️ New Detections
- feat: More Snyk Detections by @edyesed in #741
- gcp detections by @calkim-panther in #727
- Crowdstrike embargoed by @jzandona in #743
- crowdstrike pt 1 by @calkim-panther in #742
- crowdstrike detections pt2 by @calkim-panther in #744
- Salesforce loginas detection: Alerts when an admin logs in as another user by @andrea-youwakim in #747
🐛 Bug Fixes and Tunes
- missing event in deep_get by @calkim-panther in #746
New Contributors
Full Changelog: v3.4.0...v3.5.0
v3.4.0
What's Changed
🕵️ New Detections
🏡 Miscellaneous
- Calkim dropbox by @calkim-panther in #736
- Snowflake Scheduled Queries by @andrea-youwakim in #737
- pat version update by @nhakmiller in #738
- chore: update github asana action by @LucySuddenly in #740
- fix: add Zeek IP addresses to Enrichment LUTs by @le4ker in #739
New Contributors
- @LucySuddenly made their first contribution in #740
- @le4ker made their first contribution in #739
Full Changelog: v3.3.0...v3.4.0
v3.3.0
What's Changed
🕵️ New Detections
- Feat/edyesed/snyk roles and svcaccts by @edyesed in #731
- New Snowflake Queries by @andrea-youwakim in #733
🐛 Bug Fixes and Tunes
- Adding Panther.Audit to the Greynoise LUTs by @nkulig in #732
- fix: AWS ELBs now have TLS 1.3 SSL Policies by @edyesed in #734
Full Changelog: v3.2.2...v3.3.0