v3.7.5

What's Changed

🐛 Bug Fixes and Tunes

• Fix: snyk SAMl IdP initiated user-adds are attributed to the user being added by @edyesed in #771

🏡 Miscellaneous

• gcp_alert_context by @calkim-panther in #765
• removing dupe cloudflare test case by @andrea-youwakim in #773
• Improve Greynoise and IPInfo Helpers by @rleighton in #759
• add crowdstrike data model to pack by @calkim-panther in #775

Full Changelog: v3.7.4...v3.7.5

v3.7.4

What's Changed

🕵️ New Detections

• feat: a generic approach to impossible travel for login style events by @edyesed in #766
• feat: extend the Standard.ImpossibleTravel.Login detection to include Okta.SystemLog by @edyesed in #770

🐛 Bug Fixes and Tunes

• fix: When Snyk users are added via SAML, the userId on the audit log entry is the same as the userid of the added user by @edyesed in #768
• fix: Tune cloudflare bot alert up to 2req/sec. Disable some cloudflare blocked alerts due to cloudflare having blocked the request by @edyesed in #769

Full Changelog: v3.7.3...v3.7.4

v3.7.3

What's Changed

🐛 Bug Fixes and Tunes

• fix: panther_oss_helpers.set_key_expiration should make an effort to
  turn epoch_seconds kwarg into an int by @edyesed in #764
• fix: some cache ttls were getting stringified, which leads to dynamodb silently not expiring them by @edyesed in #763

Full Changelog: v3.7.2...v3.7.3

v3.7.2

What's Changed

🌯 New Packs and Pack Expansion

• add fdr detections to pack by @calkim-panther in #748
• Adding credential security pack by @nhakmiller in #761

🏡 Miscellaneous

• chore: update panther_analysis_tool to 0.22.2 by @edyesed in #762

Full Changelog: v3.7.1...v3.7.2

v3.7.1

What's Changed

🐛 Bug Fixes and Tunes

• chore: add a clickable link to snyk alert context to identify users by @edyesed in #760

Full Changelog: v3.7.0...v3.7.1

v3.7.0

What's Changed

🕵️ New Detections

• feat: Tines.Audit detections and pack by @edyesed in #754
• feat: Tines detections for API Tokens and CustomCA by @edyesed in #755

🐛 Bug Fixes and Tunes

• chore: downgrade log4j alert severity by @le4ker in #751

🏡 Miscellaneous

• chore: there was a little copy-pasta in the global filter yaml file for Snyk by @edyesed in #752
• Adding global helpers for Auth0 by @andrea-youwakim in #753
• bump PAT version to 0.22.1 by @darwayne in #756
• maxrichmond: removing detections as code owners by @maxrichie5 in #757
• New: Auth0 Detections and Pack by @andrea-youwakim in #758

New Contributors

• @darwayne made their first contribution in #756

Full Changelog: v3.6.0...v3.7.0

v3.6.0

What's Changed

🕵️ New Detections

• Crowdstrike FDR by @jzandona in #745

🐛 Bug Fixes and Tunes

• Safely handle Zoom user group context by @allanbreyes in #749

New Contributors

• @allanbreyes made their first contribution in #749

Full Changelog: v3.5.0...v3.6.0

v3.5.0

What's Changed

🕵️ New Detections

• feat: More Snyk Detections by @edyesed in #741
• gcp detections by @calkim-panther in #727
• Crowdstrike embargoed by @jzandona in #743
• crowdstrike pt 1 by @calkim-panther in #742
• crowdstrike detections pt2 by @calkim-panther in #744
• Salesforce loginas detection: Alerts when an admin logs in as another user by @andrea-youwakim in #747

🐛 Bug Fixes and Tunes

• missing event in deep_get by @calkim-panther in #746

New Contributors

• @jzandona made their first contribution in #743

Full Changelog: v3.4.0...v3.5.0

v3.4.0

What's Changed

🕵️ New Detections

• Slack: User's role changed to User by @miotke in #693

🏡 Miscellaneous

• Calkim dropbox by @calkim-panther in #736
• Snowflake Scheduled Queries by @andrea-youwakim in #737
• pat version update by @nhakmiller in #738
• chore: update github asana action by @LucySuddenly in #740
• fix: add Zeek IP addresses to Enrichment LUTs by @le4ker in #739

New Contributors

• @LucySuddenly made their first contribution in #740
• @le4ker made their first contribution in #739

Full Changelog: v3.3.0...v3.4.0

v3.3.0

What's Changed

🕵️ New Detections

• Feat/edyesed/snyk roles and svcaccts by @edyesed in #731
• New Snowflake Queries by @andrea-youwakim in #733

🐛 Bug Fixes and Tunes

• Adding Panther.Audit to the Greynoise LUTs by @nkulig in #732
• fix: AWS ELBs now have TLS 1.3 SSL Policies by @edyesed in #734

Full Changelog: v3.2.2...v3.3.0