From 154c1402404e07e43836158fe16fa084dfcaf2d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ed=E2=81=A6?= Date: Thu, 15 Sep 2022 17:35:11 -0700 Subject: [PATCH] fix: Packs based on scheduled queries also need the scheduled queries to be defined in the pack. Also, added a name for onepassword pack (#499) --- packs/onepassword.yml | 2 ++ packs/snowflake.yml | 12 ++++++++++++ 2 files changed, 14 insertions(+) diff --git a/packs/onepassword.yml b/packs/onepassword.yml index c4b8b175f..57170504e 100644 --- a/packs/onepassword.yml +++ b/packs/onepassword.yml @@ -1,5 +1,7 @@ AnalysisType: pack PackID: PantherManaged.OnePassword +Description: Group of all OnePassword Detections +DisplayName: Panther OnePassword Pack PackDefinition: IDs: # Data Models diff --git a/packs/snowflake.yml b/packs/snowflake.yml index 8febaa748..549dbef46 100644 --- a/packs/snowflake.yml +++ b/packs/snowflake.yml @@ -3,6 +3,18 @@ PackID: PantherManaged.Snowflake Description: Group of all Snowflake detections PackDefinition: IDs: + - Query.Snowflake.AccountAdminGranted + - Query.Snowflake.BruteForceByIp + - Query.Snowflake.BruteForceByUsername + - Query.Snowflake.KeyUserPasswordLogin + - Query.Snowflake.MFALogin + - Query.Snowflake.NetworkPolicyModified + - Query.Snowflake.PrivilegedObjectUpdate + - Query.Snowflake.PublicRoleGrant + - Query.Snowflake.SCIMTokenCreated + - Query.Snowflake.UnusualLoginVolume + - Query.Snowflake.UserCreated + - Query.Snowflake.UserEnabled - Snowflake.AccountAdminGranted - Snowflake.BruteForceByIp - Snowflake.BruteForceByUsername