v3.5.0

What's Changed

🕵️ New Detections

• feat: More Snyk Detections by @edyesed in #741
• gcp detections by @calkim-panther in #727
• Crowdstrike embargoed by @jzandona in #743
• crowdstrike pt 1 by @calkim-panther in #742
• crowdstrike detections pt2 by @calkim-panther in #744
• Salesforce loginas detection: Alerts when an admin logs in as another user by @andrea-youwakim in #747

🐛 Bug Fixes and Tunes

• missing event in deep_get by @calkim-panther in #746

New Contributors

• @jzandona made their first contribution in #743

Full Changelog: v3.4.0...v3.5.0

v3.4.0

What's Changed

🕵️ New Detections

• Slack: User's role changed to User by @miotke in #693

🏡 Miscellaneous

• Calkim dropbox by @calkim-panther in #736
• Snowflake Scheduled Queries by @andrea-youwakim in #737
• pat version update by @nhakmiller in #738
• chore: update github asana action by @LucySuddenly in #740
• fix: add Zeek IP addresses to Enrichment LUTs by @le4ker in #739

New Contributors

• @LucySuddenly made their first contribution in #740
• @le4ker made their first contribution in #739

Full Changelog: v3.3.0...v3.4.0

v3.3.0

What's Changed

🕵️ New Detections

• Feat/edyesed/snyk roles and svcaccts by @edyesed in #731
• New Snowflake Queries by @andrea-youwakim in #733

🐛 Bug Fixes and Tunes

• Adding Panther.Audit to the Greynoise LUTs by @nkulig in #732
• fix: AWS ELBs now have TLS 1.3 SSL Policies by @edyesed in #734

Full Changelog: v3.2.2...v3.3.0

v3.2.2

What's Changed

🕵️ New Detections

• feat: Snyk detections for OU changes and external access changes by @edyesed in #729

🏡 Miscellaneous

• Double quote names and IDs the way that bulk download does by @dekatzenel in #724
• Added force ttl check option to kv-table functions by @nhakmiller in #725
• Snowflake queries minor fixes by @andrea-youwakim in #728
• Atlassian impersonation detection display name by @mbellifa in #730

New Contributors

• @dekatzenel made their first contribution in #724

Full Changelog: v3.2.1...v3.2.2

v3.2.1

New Detections

🔍 Snowflake Account Admin Assigned Query
🔍 Snowflake Brute Force IP Query
🔍 Snowflake Brute Force Username Query
🔍 Snowflake Login Without MFA Query
🕵️‍♂️ GCP BigQuery Large Scan Detection
🕵️‍♂️ GCP Cloud Storage Bucket Modified or Deleted Detection
🕵️‍♂️ GCP Destructive Queries Detection
🕵️‍♂️ GCP Logging Settings Modified Detection
🕵️‍♂️ Snyk System Policy Change Detection
🕵️‍♂️ Snyk SSO Modified Detection

Full Changelog: v3.2.0...v3.2.1

v3.2.0

What's Changed

🕵️ New Detections

• new detection: alert when an asana user starts an export for an organization by @andrea-youwakim in #702
• new detection: alert when a zoom user changes an organization's sign in requirements by @andrea-youwakim in #692

🐛 Bug Fixes and Tunes

• adding additional logic to drop alert severity to low if outcome is DENY by @andrea-youwakim in #709

🏡 Miscellaneous

• feat: vscode one click debugging by @edyesed in #706
• GCP VPC Flow Logs Disabled and Request Violating VPC Service Controls by @calkim-panther in #707
• Fix/edyesed/ignore aws distributed policies by @edyesed in #710

Full Changelog: v3.1.0...v3.2.0

v3.1.0

What's Changed

🕵️ New Detections

• new detection: alerts when an asana user changes an organization's password requirements to 'simple' by @andrea-youwakim in #701
• New detection: alert when an asana user makes saml optional for an organization by @andrea-youwakim in #696
• New detection: alerts when asana user disables app approval requirements for an organization by @andrea-youwakim in #697
• Feat: global filter for github log sources by @edyesed in #705

🌯 Packs changes

• Asana pack -> New detections
• GitHub pack -> global filter added to pack and detections

🐛 Bug Fixes and Tunes

• cloudtrail enabled bugfix by @calkim-panther in #703

🏡 Miscellaneous

• chore: let automagic release note generation do more for us by @edyesed in #698

Full Changelog: v3.0.1...v3.1.0

v3.0.1

Miscellaneous

🏠 chore: make fmt wanted to reorder a few imports based on panther being renamed panther_default by @edyesed in #700

Full Changelog: v3.0.0...v3.0.1

v3.0.0

Why a major version change

We've updated the name of the global helper previously known as panther to panther_default.

This change aligns the python module name of the global helper to be the same as the file name which provides the module. With the two names in sync, your IDE's code completion features should be working. If you have already informed your IDE to use global_helpers as an autocomplete and/or analysis path, no action is needed. If you haven't set that up already, there are some vscode specific examples on #691

New Detections

🕵️‍♂️ new asana service account is created by @andrea-youwakim in #695

Bug Fixes

🐛 new format for AWS resource tags by @calkim-panther in #664

Miscellaneous

🏠 fix: update panther_default global helper use its file name for IDE happiness by @edyesed in #691
🏠 feat: logtype global filter for cloudflare events by @edyesed in #690
🏠 fix: sync policyuniverse version to backend by @edyesed in #699

Full Changelog: v2.2.0...v3.0.0

v2.2.0

New Detections

🕵️‍♂️ Add Dropbox Team Member Linked App Rule by @egibs in #687

Bug Fixes

🐛 Refactor: slack_user_privilege_escalation by @miotke in #686
🐛 Snowflake Query DisplayName Updates by @mbellifa in #682
🐛 tuning: high vol events blocked greynoise by @andrea-youwakim in #688

Miscellaneous

🏠 Bump PAT version to 0.19.6 by @egibs in #684 & #685

New Contributors

• @egibs made their first contribution in #684
• @mbellifa made their first contribution in #682

Full Changelog: v2.1.0...v2.2.0