Releases: panther-labs/panther-analysis
Releases · panther-labs/panther-analysis
v3.50.0
What's Changed
🏡 Miscellaneous
- Deprecate GreyNoise detections by @melenevskyi in #1205
- fix - Notion Login From New Location - NoneType error by @akozlovets098 in #1206
- Remove codeowners by @le4ker in #1208
- fix - GCP rules - AttributeError by @akozlovets098 in #1210
- MITRE ATT&CK Mappings for MS Rules by @ben-githubs in #1209
- traildiscover enrichment with managed schema by @arielkr256 in #1177
- Update PAT to 0.46.0 by @egibs in #1216
Full Changelog: v3.49.0...v3.50.0
Contributors
melenevskyi, le4ker, and 4 other contributors
Assets 4
v3.49.0
What's Changed
🏡 Miscellaneous
- bump black by @le4ker in #1184
- disable dependabot by @le4ker in #1185
- remove failing test case by @arielkr256 in #1189
- apply make fmt using upgraded black version by @arielkr256 in #1196
- Add mongodb_alert_context by @melenevskyi and @arielkr256 in #1178
- Update linting Makefile targets to run isort and prettier --check by @egibs in #1194
- Format code before committing it by @le4ker in #1193
- fix - Okta Password Accessed False positive by @akozlovets098 in #1198
- Add MongoDB.2FA.Disabled rule by @melenevskyi in #1190
- Add MongoDB.User.Created.Or.Deleted and Add MongoDB.User.Roles.Changed rules by @melenevskyi in #1192
- MongoDB - alerting disabled (rule) by @akozlovets098, @egibs, and @arielkr256 in #1197
- MongoDB - Allow access from anywhere (rule) by @akozlovets098 and @arielkr256 in #1199
- MongoDB - org membership restriction disabled (rule) by @akozlovets098 and @arielkr256 in #1200
- Add MongoDB.External.UserInvited.NoConfig fule by @melenevskyi and @arielkr256 in #1191
- Add MongoDB.Identity.Provider.Activity rule by @melenevskyi and @arielkr256 in #1202
- Add MongoDB.Logging.Toggled rule by @melenevskyi in #1203
- Use make venv rather than make install by @egibs in #1186
- Fix Dockerfile; add Workflow to test image by @egibs in #1187
Full Changelog: v3.48.0...v3.49.0
Contributors
melenevskyi, le4ker, and 3 other contributors
Assets 4
v3.48.0
What's Changed
🏡 Miscellaneous
- Update github_advanced_security_change.py by @JPhenglavong in #1173
- Format YAML and Markdown files by @le4ker in #1174
- osquery detection for CVE-2024-3094 by @arielkr256 in #1181
- Add CloudTrail Rule to detect vulnerable EC2 AMIs re: CVE-2024-3094 by @egibs in #1182
Full Changelog: v3.47.1...v3.48.0
Contributors
le4ker, egibs, and 2 other contributors
Assets 4
v3.47.1
What's Changed
🏡 Miscellaneous
Remove CLA reference from contribution guidelines (#1169) by @egibs
Revert "custom enrichment LUT for TrailDiscover" (#1170) by @arielkr256
Full Changelog: 3.46.0...3.47.1
Contributors
egibs and arielkr256
Assets 4
v3.46.0
What's Changed
🏡 Miscellaneous
- Rework base64 recognition to use python functions rather than regex (#1146) by @arielkr256
- Lolbas tuning (#1147) by @arielkr256
- Add GCP.IAM.serviceAccounts.getAccessToken.Privilege.Escalation rule (#1149) by @melenevskyi
- converted is_private to not is_global (#1150) by @arielkr256
- Renames .yaml files to .yml (#1151) by @le4ker
- fix - GCP compute.instance.create AttributeError (#1152) by @akozlovets098
- Update PAT to 0.43.0 (#1154) by @egibs
- fix - Several GCP rules with NoneType errors (#1155) by @akozlovets098
Full Changelog: v3.45.0...v3.46.0
Contributors
melenevskyi, le4ker, and 3 other contributors
Assets 4
v3.45.0
What's Changed
🏡 Miscellaneous
- Fixed IndexOutOfRange error in get_zoom_usergroup_context by @melenevskyi in #1141
- Use correct key when retrieving string_set in Okta Stolen Session Rule by @egibs in #1142
- rolling back changes related to simple_rules dir by @arielkr256 in #1143
- typo fix: gcp_privilege_escalation_by_deploymants by @kjihso in #1140
- Update PAT to 0.42.0 by @darwayne in #1145
New Contributors
Full Changelog: v3.44.0...v3.45.0
Contributors
melenevskyi, darwayne, and 3 other contributors
Assets 4
v3.44.0
What's Changed
🏡 Miscellaneous
- Prepare for
3.43.0by @egibs in #1130 - Convert Netskope rules from SDYAML to python by @akozlovets098 in #1124
- GCP rule consistency check by @akozlovets098 in #1133
- Convert k8s rules from SDYAML to python by @akozlovets098 in #1135
- aws_console_login_without_mfa: Include role name in title by @risto-liftoff in #1131
- build(deps): bump peterjgrainger/action-create-branch from 2.4.0 to 3.0.0 by @dependabot in #1132
- Prepare for 3.44.0 by @egibs in #1137
New Contributors
- @risto-liftoff made their first contribution in #1131
Full Changelog: v3.43.0...v3.44.0
Contributors
egibs, dependabot, and 2 other contributors
Assets 4
v3.43.0
What's Changed
🏡 Miscellaneous
- Add .Simple suffix to Simple Rule IDs by @egibs in #1112
- [sync] Add GCP GKE Kubernetes Cron Job Created Or Modified rule (#68) by @egibs in #1113
- [sync] Add GCP.K8s.Pod.Using.Host.PID.Namespace rule (#84) by @egibs in #1114
- [sync] GCP K8S Pod Create Or Modify Host Path Volume Mount - rule (#85) by @egibs in #1115
- [sync] GCP K8S Service Type NodePort Deployed - rule (#86) by @egibs in #1116
- Add GCP.K8s.Pod.Attached.To.Node.Host.Network.Simple rule by @melenevskyi in #1121
- build(deps-dev): bump cryptography from 42.0.2 to 42.0.4 by @dependabot in #1118
- Convert GCP privilege escalation rules from SDYAML to Python by @akozlovets098 in #1122
- Convert GCP k8s rules from SDYAML to python by @akozlovets098 in #1123
- Kubernetes data models by @arielkr256 in #1120
- GCP iam.serviceAccounts.signJwt Privilege Escalation - rule by @akozlovets098 in #1126
- Fix GCP.K8S.Pot.Create.Or.Modify.Host.Path.Volume.Mount detection by @melenevskyi in #1128
- Update PAT to 0.41.0 by @egibs in #1129
- updates source_ip in crowdstrike datamodel to aip by @arielkr256 in #1127
Full Changelog: v3.42.0...v3.43.0
Contributors
melenevskyi, egibs, and 3 other contributors
Assets 4
v3.42.0
v3.41.0
Contributors
nskobov