Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sync this fork to panther-labs/panther-analysis v3.42.0 #2

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open

sync this fork to panther-labs/panther-analysis v3.42.0 #2

wants to merge 14 commits into from

Commits on Feb 13, 2024

  1. updated broken link (panther-labs#78) (panther-labs#1103) 

    Co-authored-by: Ariel Ropek <79653153+arielkr256@users.noreply.github.com>
    @arielkr256
    Evan Gibler and arielkr256 authored Feb 13, 2024
    Configuration menu
    Copy the full SHA
    60aaeb7 View commit details
    Browse the repository at this point in the history

  2. [sync] GCP compute.instances.create Privilege Escalation - rule (pant… 

    …her-labs#63) (panther-labs#1100)

* GCP compute.instances.create Privilege Escalation - rule

* GCP compute.instances.create Privilege Escalation - check KeyPath existence

* GCP compute.instances.create Privilege Escalation - python rule

* GCP compute.instances.create Privilege Escalation - linter fix

Co-authored-by: akozlovets098 <95437895+akozlovets098@users.noreply.github.com>
    @akozlovets098
    Evan Gibler and akozlovets098 authored Feb 13, 2024
    Configuration menu
    Copy the full SHA
    9b31818 View commit details
    Browse the repository at this point in the history

  3. [sync] Add GCP.Storage.Hmac.Keys.Create detection rule (panther-labs#64 

    …) (panther-labs#1101)

Co-authored-by: Oleh Melenevskyi <767472+melenevskyi@users.noreply.github.com>
    @melenevskyi
    Evan Gibler and melenevskyi authored Feb 13, 2024
    Configuration menu
    Copy the full SHA
    5b622ef View commit details
    Browse the repository at this point in the history

  4. [sync] Add GCP.Kubernetes.New.Daemonset.Deployed rule (panther-labs#76)… 

    … (panther-labs#1102)

Co-authored-by: Oleh Melenevskyi <767472+melenevskyi@users.noreply.github.com>
    @melenevskyi
    Evan Gibler and melenevskyi authored Feb 13, 2024
    Configuration menu
    Copy the full SHA
    56df42b View commit details
    Browse the repository at this point in the history

  5. [sync] GitHub Data Model Admin Actions update (panther-labs#79) (pant… 

    …her-labs#1104)

* action = 'team.add_repository' and perm = 'admin'

* fmt

---------

Co-authored-by: Ariel Ropek <79653153+arielkr256@users.noreply.github.com>
    @arielkr256
    Evan Gibler and arielkr256 authored Feb 13, 2024
    Configuration menu
    Copy the full SHA
    e60b7c7 View commit details
    Browse the repository at this point in the history

  6. [sync] Add GCP.K8s.IOC.Activity rule (panther-labs#80) (panther-labs#… 

    …1105)

* Add GCP.K8s.IOC.Activity rule

* Update rules/gcp_k8s_rules/gcp_k8s_ioc_activity.yml



---------

Co-authored-by: Oleh Melenevskyi <767472+melenevskyi@users.noreply.github.com>
    @melenevskyi
    Evan Gibler and melenevskyi authored Feb 13, 2024
    Configuration menu
    Copy the full SHA
    c28793b View commit details
    Browse the repository at this point in the history

  7. [sync] GCP K8S Privileged Pod Created - rule (panther-labs#81) (panth… 

    …er-labs#1106)

Co-authored-by: akozlovets098 <95437895+akozlovets098@users.noreply.github.com>
    @akozlovets098
    Evan Gibler and akozlovets098 authored Feb 13, 2024
    Configuration menu
    Copy the full SHA
    3f5e90d View commit details
    Browse the repository at this point in the history

  8. build(deps): bump aws-actions/configure-aws-credentials from 4.0.1 to… 

    … 4.0.2 (panther-labs#1099)

Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](aws-actions/configure-aws-credentials@010d0da...e3dd6a4)

---
updated-dependencies:
- dependency-name: aws-actions/configure-aws-credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Evan Gibler <evan.gibler@panther.com>
    @dependabot
    dependabot[bot] and Evan Gibler authored Feb 13, 2024
    Configuration menu
    Copy the full SHA
    38b4707 View commit details
    Browse the repository at this point in the history

  9. standard_rules/impossible_travel_login: set IS_PRIVATE_RELAY to true … 

    …only when private relay is in use (panther-labs#1098)

Co-authored-by: Evan Gibler <evan.gibler@panther.com>
    Sam Kottler and Evan Gibler authored Feb 13, 2024
    Configuration menu
    Copy the full SHA
    bdc9e86 View commit details
    Browse the repository at this point in the history

  10. [sync] added config tags and enabled rules w/o config (panther-labs#75)… 

    … (panther-labs#1107)

Co-authored-by: Ariel Ropek <79653153+arielkr256@users.noreply.github.com>
    @arielkr256
    Evan Gibler and arielkr256 authored Feb 13, 2024
    Configuration menu
    Copy the full SHA
    ae19c50 View commit details
    Browse the repository at this point in the history

  11. Update panther_analysis_tool version (panther-labs#1108) 

    * Update panther_analysis_tool version

* make deps-update
    @nskobov
    nskobov authored Feb 13, 2024
    Configuration menu
    Copy the full SHA
    50fd32b View commit details
    Browse the repository at this point in the history

Commits on Feb 20, 2024

  1. Add SDYAML directories for Rules (panther-labs#1110) 

    * Add SDYAML directories for Rules

* Make simple_rules a top-level directory
    Evan Gibler authored Feb 20, 2024
    Configuration menu
    Copy the full SHA
    49db59c View commit details
    Browse the repository at this point in the history

  2. Add _simple suffix to SDYAML Rules (panther-labs#1111)

    Evan Gibler authored Feb 20, 2024
    Configuration menu
    Copy the full SHA
    0ea1223 View commit details
    Browse the repository at this point in the history

Commits on Feb 21, 2024

  1. Prepare for 3.42.0 (panther-labs#1117) 

    * Add .Simple suffix to Simple Rule IDs (panther-labs#1112)

* Add .Simple suffix to Simple Rule IDs

* Update Rule IDs in Packs

* [sync] Add GCP GKE Kubernetes Cron Job Created Or Modified rule (panther-labs#68) (panther-labs#1113)

* Add GCP GKE Kubernetes Cron Job Created Or Modified rule (panther-labs#68)

Co-authored-by: Evan Gibler <evan.gibler@panther.com>

* Move to simple_rules

---------

Co-authored-by: Oleh Melenevskyi <767472+melenevskyi@users.noreply.github.com>

* [sync] Add GCP.K8s.Pod.Using.Host.PID.Namespace rule (panther-labs#84) (panther-labs#1114)

* Add GCP.K8s.Pod.Using.Host.PID.Namespace rule

* Update filename

* Add .Simple suffix to Rule ID

---------

Co-authored-by: Oleh Melenevskyi <767472+melenevskyi@users.noreply.github.com>
Co-authored-by: akozlovets098 <95437895+akozlovets098@users.noreply.github.com>

* [sync] GCP K8S Pod Create Or Modify Host Path Volume Mount - rule (panther-labs#85) (panther-labs#1115)

Co-authored-by: akozlovets098 <95437895+akozlovets098@users.noreply.github.com>

* [sync] GCP K8S Service Type NodePort Deployed - rule (panther-labs#86) (panther-labs#1116)

* GCP K8S Service Type NodePort Deployed - rule

* GCP K8S Service Type NodePort Deployed - moved to simple rules folder

* Update filename

* Add .Simple suffix to Rule ID

---------

Co-authored-by: akozlovets098 <95437895+akozlovets098@users.noreply.github.com>

---------

Co-authored-by: Oleh Melenevskyi <767472+melenevskyi@users.noreply.github.com>
Co-authored-by: akozlovets098 <95437895+akozlovets098@users.noreply.github.com>
    @melenevskyi @akozlovets098
    3 people authored Feb 21, 2024
    Configuration menu
    Copy the full SHA
    f03e975 View commit details
    Browse the repository at this point in the history