Skip to content

v3.0.4
Compare
Choose a tag to compare
@josehelps josehelps released this 15 Jul 21:14
v3.0.4
a079a09
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New Detections

  • Added new detection for kubernetes_gcp_detect_most_active_service_accounts_by_pod.yml
  • Added new detection for kubernetes_gcp_detect_RBAC_authorizations_by_account.yml
  • Added new detection for kubernetes_gcp_detect_sensitive_object_access.yml
  • Added new detection for kubernetes_gcp_detect_sensitive_role_access.yml
  • Added new detection for kubernetes_gcp_detect_service_accounts_forbidden_failure_access.yml
  • Added new detection for kubernetes_gcp_detect_suspicious_kubectl_calls.yml

Updates

  • Updated the search processes_created_by_netsh.yml to exclude a process known to create false positives. Thank you Murali from Xilinx.

Fixed Issues

  • Fixed bug with detection Previously Seen Running Windows Services.
  • Fixed bug with API for upper case detections. Thank you Nick Roy for reporting.
  • Fixed bug with spectre_and_meltdown_vulnerable_systems.yml detection data model.
  • Fixed bug with processes_launching_netsh.yml detection. Thank you Josef Kuepker.

Other

  • Added automated testing capabilities via CI under the tests folder.
  • Added MITRE tagging for cloud detections.
Assets 3
Loading