Tags: DonMagee/panther-analysis
Tags
Reduce duplication in display names (panther-labs#189) * reduce duplication in data model display names; add standard ruleset pack * remove pack from this pr
Global IOC Helpers (panther-labs#159) * Initial commit of IOC Helpers * Removed AWS.VPCFlow and CiscoUmbrella.DNS from the SHA-256 IOC log types * Support for finding IOC matches for use in the title function. Added dynamic titles that include the matches for the Sunburst IOCs. * Added more details to the runbook for the Sunburst IOCs * Fixed linting issue (line too long) * refactored to minimize repeated code * broke out title function into two pieces * Modified Description and added Reference for sunburst indicators Co-authored-by: Nicholas Hakmiller <[email protected]>
Don't alert if access is denied to S3 putbucket. (panther-labs#153) * Don't alert if access is denied to S3 putbucket. * Added test for failed S3 bucket * Updated with comments as suggested in PR
Added example of regex checking for IAM arns (panther-labs#144) * Added example of regex checking for IAM arns * Fixed line formatting * Fixed lint issues * Bugfix: role patterns * Fix: Removed 2 lines - unnecessary return * Added test case for role pattern * Changed test case so it reaches the intended condition * Fixed tests
box initial ruleset (panther-labs#127) * initial set of box rules * update a few metadata fields * format updates * cleaning up test cases * format yet again... * remove bad fields from tests; split a rule; added additional rules * fixing last line
Additional gsuite rules (panther-labs#78) * additional gsuite rules * fixed formatting * more rules * final rules for now * fixed formatting * removed invalid characters * addressed pr comments * re-formatted example
ignore service linked role creation (panther-labs#70) * ignore service linked role creation * upgrade requirements.txt * add test case
PreviousNext