v1.6.0: Additional gsuite rules (#78)
With this release of panther-analysis (in tandem with Panther v1.6.0) we're excited to announce the open sourcing of our enterprise policies and rules!
These detections apply to a range of security topics such as PCI compliance, identity and access management, operations, and more. Where relevant, we’ve also mapped to the MITRE ATT&CK framework.
Here’s why we decided to open source ALL of our detections:
- Community empowerment. We want all our users, open source and enterprise, to obtain value from Panther. By providing a wider array of policies and rules our users will not only detect more security issues, but also have more examples from which to craft their own custom detections.
- Simplification of updates. Previously, managing the open and closed source detection packs added ongoing management and update overhead for our enterprise customers. By moving everything into one repo, we've majorly simplified this process. Now, you just fork this repo and you're good to go!
- Code consolidation. With the introduction of the
global
analysis type, we often found ourselves needing to duplicate helper logic between the open source and enterprise repos. This change introduces more shared patterns for teams to utilize!
We look forward to your feedback on these new open source detections, so as always feel free to open issues and merge requests on this repo whenever you find room for improvement!