v0.4.2

Adding a few bug fixes, as well as a new --skip-tests flag and a --minimum-tests flag.

The --minimum-tests flag can be used to enforce a minimum number of tests per detection to be considered passing. If a number greater than 2 is specified, we also enforce at least one test expects True and one expects False.

The --skip-tests can be passed to either the panther_analysis_tool zip or update commands. This allows you to skip tests while building/deploying. We only recommend skipping tests while uploading if you're already running the tests in another part of the CI pipeline, such as part of a pre-merge check.

v0.4.1

Minor updates to payload format and spec file loading.

• update to use new analysis-api payload format and spec load bug fix (#58)

v0.4.0

This release adds panther_analysis_tool support for Panther data models!

Release notes:

• Support for Panther data models! (#56)
• Better validation (#37, #48, #51)
• New default behavior for certain arguments (#49, #50)
• Better validation failure output (#53)

v0.3.5: Allowing packaging of just globals (#44)

Adds some better handling of global functions.

Additionally, the PAT will now consider a test failing if a rule's dedup or title function returns None. The panther-analysis repo has been updated accordingly.

v0.3.4: add threshold (#39)

Add support for new fields, such as rule thresholding.

v0.3.3: Fixed up some unexpected behavior (#35)

Added some often requested fixes:

• Fixed issue where a policy/rule would raise an exception when running a test but still return a success code
• Fixed issue where certain types of issues would dump the tool usage message
• Made policy/rule type for unit tests optional in anticipation of removing them from the backend

v0.3.2: 0.3.2 final edits (#28)

Added better attempts at autodetecting relevant policies, rules, and globals.

The panther_analysis_tool will now ONLY recurse into subdirectories that contain the word policies, rules, or are named global_helpers.

v0.3.1: added better exception handling & filtering (#26)

This release adds much better error handling, and better support for filtering on fields that contain lists of values.

If during the course of using the panther_analysis_tool the tool appears to fail and dumps a help message, please report that as an issue on this repo so we can address it.

v0.3.0: Show dedup/title values (#25)

Adds support for multiple globals! Now global analysis types must specify the GlobalID field, which will be used as the name to import the module as. This is a breaking change from prior versions of the tool (hence the minor version bump) so be sure to update your global analysis types before upgrading to this version.

Additionally, this version has rules output their dedup and title strings when the appropriate functions are present, and will now automatically check for analysis types in the global_helpers directory (relative the the current working directory the tool is being run from).

v0.2.2: Add support for generic filtering (#22)

Add support for filtering! This release adds support for the --filter flag for all commands of the panther_analysis_tool. This feature allows you to be more granular in your testing, packaging, and uploading. See the updated README for some example usages.