Note and Noteworthy

• Added support for GCP, Google Workspace, Azure, and Microsoft 365 audit logs to the Panther Core Fields (UDM).

• panther-analysis versions 3.20.0 and 3.21.0 were released, featuring new detections for Tines and Okta and various improvements and fixes.

• Added the following fields to the GitHub Audit schema:

  • token_scopes

  • after

  • before

  • pull_request_url

  • pull_request_title

  • pull_request_id

  • reasons

  • overridden_codes

  • authorized_actors

  • authorized_actor_names

  • actions_cache_id

  • actions_cache_key

  • actions_cache_scope

  • actions_cache_version

  • alert_number

  • allow_deletions_enforcement_level

  • allow_force_pushes_enforcement_level

  • enforcement_level

  • email

  • ghsa_id

  • lock_allows_fetch_and_merge

  • lock_branch_enforcement_level

  • required_deployments_enforcement_level

  • required_review_thread_resolution_enforcement_level

  • merge_method

  • merge_queue_enforcement_level

  • new_repo_base_role

  • new_repo_permission

  • oauth_application

  • oauth_application_id

  • old_permission

  • old_permissions

  • old_repo_base_role

  • old_repo_permission

  • role_permissions

  • ruleset_bypass_actors

  • ruleset_bypass_actors_added

  • ruleset_bypass_actors_deleted

  • ruleset_bypass_actors_updated

  • ruleset_conditions

  • ruleset_conditions_added

  • ruleset_conditions_deleted

  • ruleset_conditions_updated

  • ruleset_enforcement

  • ruleset_id

  • ruleset_name

  • ruleset_old_enforcement

  • ruleset_old_name

  • ruleset_rules

  • ruleset_rules_updated

  • ruleset_source_type

  • source_version

  • strict_required_status_checks_policy

  • target_version

  • check_run_id