├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── bug_report.md │ ├── feature_request.md │ └── story.md ├── actions │ └── changed_files │ │ └── action.yml ├── dependabot.yml ├── pull_request_template.md ├── scripts │ └── lint-invisible-characters │ │ ├── README.md │ │ ├── lint-invisible-characters-test-file.md │ │ └── lint-invisible-characters.py └── workflows │ ├── ci.yml │ ├── fmt.yml │ ├── invisible-characters.yml │ ├── test_release_publish.yml │ ├── update_panther_analysis_dependency.yml │ └── version_bump_pr.yml ├── .gitignore ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE.txt ├── MANIFEST.in ├── Makefile ├── README.md ├── SECURITY.md ├── bin ├── panther_analysis_tool └── pat ├── example_panther_config.yml ├── panther_analysis_tool ├── __init__.py ├── analysis_utils.py ├── backend │ ├── __init__.py │ ├── client.py │ ├── errors.py │ ├── graphql │ │ ├── async_bulk_upload.graphql │ │ ├── async_bulk_upload_status.graphql │ │ ├── bulk_upload.graphql │ │ ├── create_or_update_schema.graphql │ │ ├── create_perf_test.graphql │ │ ├── delete_detections.graphql │ │ ├── delete_saved_queries.graphql │ │ ├── feature_flags.graphql │ │ ├── generate_enriched_event.graphql │ │ ├── get_rule_body.graphql │ │ ├── get_version.graphql │ │ ├── introspection_query.graphql │ │ ├── list_schemas.graphql │ │ ├── metrics.graphql │ │ ├── replay.graphql │ │ ├── stop_replay.graphql │ │ ├── test_correlation_rule.graphql │ │ ├── transpile_filters.graphql │ │ ├── transpile_sdl.graphql │ │ ├── validate_bulk_upload.graphql │ │ └── validate_bulk_upload_status.graphql │ ├── lambda_client.py │ ├── mocks.py │ └── public_api_client.py ├── cli_output.py ├── command │ ├── __init__.py │ ├── benchmark.py │ ├── bulk_delete.py │ ├── check_connection.py │ ├── standard_args.py │ └── validate.py ├── constants.py ├── core │ ├── definitions.py │ └── parse.py ├── destination.py ├── detection_schemas │ ├── __init__.py │ └── analysis_config_schema.json ├── directory.py ├── enriched_event.py ├── enriched_event_generator.py ├── immutable.py ├── log_schemas │ ├── __init__.py │ └── user_defined.py ├── main.py ├── schema_regexs.py ├── schemas.py ├── testing.py ├── util.py ├── validation.py └── zip_chunker.py ├── poetry.lock ├── pyproject.toml ├── requirements.txt └── tests ├── __init__.py ├── fixtures ├── __init__.py ├── check-packs │ ├── missing-dependencies │ │ ├── advanced_rules │ │ │ ├── example_rule_data_model.py │ │ │ └── example_rule_data_model.yml │ │ ├── correlation_rules │ │ │ ├── aws_cloudtrail_iaas.yml │ │ │ ├── discovering_exfiltrated_credentials.yml │ │ │ └── github_cicd.yml │ │ ├── data_models │ │ │ ├── aws_cloudtrail_data_model.py │ │ │ └── aws_cloudtrail_data_model.yml │ │ ├── global_helpers │ │ │ ├── a_helper.py │ │ │ ├── a_helper.yml │ │ │ ├── b_helper.py │ │ │ ├── b_helper.yml │ │ │ ├── helpers.py │ │ │ └── helpers.yml │ │ ├── packs │ │ │ ├── missing_datamodel.yml │ │ │ ├── missing_global.yml │ │ │ ├── missing_query.yml │ │ │ └── missing_subrules.yml │ │ ├── policies │ │ │ ├── example_policy.py │ │ │ ├── example_policy.yml │ │ │ ├── example_policy_beta.py │ │ │ ├── example_policy_beta.yml │ │ │ ├── example_policy_extraneous_fields.py │ │ │ ├── example_policy_extraneous_fields.yml │ │ │ ├── example_policy_generated_functions.py │ │ │ └── example_policy_generated_functions.yml │ │ ├── queries │ │ │ ├── query_one.yml │ │ │ ├── query_three.yml │ │ │ └── query_two.yml │ │ ├── rules │ │ │ ├── example_rule.py │ │ │ ├── example_rule.yml │ │ │ ├── example_rule_extraneous_fields.py │ │ │ ├── example_rule_extraneous_fields.yml │ │ │ ├── example_rule_generated_functions.py │ │ │ ├── example_rule_generated_functions.yml │ │ │ ├── example_rule_global.py │ │ │ ├── example_rule_global.yml │ │ │ ├── example_rule_mocks.py │ │ │ └── example_rule_mocks.yml │ │ └── scheduled_rules │ │ │ ├── example_scheduled_rule.py │ │ │ └── example_scheduled_rule.yml │ └── packless-rule │ │ ├── packs │ │ └── test.yml │ │ └── rules │ │ └── test_rules │ │ ├── test_deprecated.yml │ │ ├── test_included.yml │ │ └── test_missing.yml ├── correlation-unit-tests │ ├── fails │ │ └── fails1.yml │ └── passes │ │ └── pass1.yml ├── custom-schemas │ ├── invalid │ │ ├── schema-1.yml │ │ └── schema-2.yaml │ └── valid │ │ ├── lookup-table-schema-1.yml │ │ ├── schema-1.yml │ │ ├── schema-2.yaml │ │ ├── schema-3.yml │ │ ├── schema_1_tests.yml │ │ └── schema_2_tests.yaml ├── derived_without_base │ └── derived.yml ├── detections │ ├── .panther_settings.yml │ ├── aws_globals.py │ ├── aws_globals.yml │ ├── debug │ │ ├── rule_that_prints.py │ │ ├── rule_that_prints.yml │ │ ├── rule_that_works.py │ │ ├── rule_that_works.yml │ │ ├── rule_with_error.py │ │ └── rule_with_error.yml │ ├── destinations │ │ ├── example_available_destination_name.py │ │ └── example_available_destination_name.yml │ ├── disabled_rule │ │ ├── example_disabled_rule.py │ │ ├── example_disabled_rule.yml │ │ ├── example_rule.py │ │ └── example_rule.yml │ ├── example_data_model_conflict.yml │ ├── example_ignored.yml │ ├── example_ignored_multi.yml │ ├── example_invalid_pack.yml │ ├── example_malformed_policy.yml │ ├── example_malformed_yaml.yml │ ├── example_policy.json │ ├── example_policy.py │ ├── example_policy.yml │ ├── example_policy_bad_resource_type.py │ ├── example_policy_bad_resource_type.yml │ ├── example_policy_import.py │ ├── example_policy_import.yml │ ├── example_policy_invalid_characters.py │ ├── example_policy_invalid_characters.yml │ ├── example_policy_missing_policy_file.yml │ ├── example_policy_required_tests.py │ ├── example_policy_required_tests.yml │ ├── example_policy_set_duplicates.py │ ├── example_policy_set_duplicates.yml │ ├── example_rule.py │ ├── example_rule_bad_log_type.py │ ├── example_rule_bad_log_type.yml │ ├── example_rule_invalid_mocks.py │ ├── example_rule_invalid_mocks.yml │ ├── example_rule_invalid_test.py │ ├── example_rule_invalid_test.yml │ ├── example_rule_missing_field.yml │ ├── example_rule_set_duplicates.py │ ├── example_rule_set_duplicates.yml │ ├── example_strict_invalid_yaml.yml │ ├── example_unhandled_exception.py │ ├── example_unhandled_exception.yml │ ├── example_unhandled_exception_on_import.py │ └── valid_analysis │ │ ├── advanced_rules │ │ ├── example_rule_data_model.py │ │ └── example_rule_data_model.yml │ │ ├── data_models │ │ ├── GSuite.Events.DataModel.py │ │ ├── example_data_model.yml │ │ ├── example_data_model_disabled.yml │ │ └── example_data_model_python.yml │ │ ├── global_helpers │ │ ├── a_helper.py │ │ ├── a_helper.yml │ │ ├── b_helper.py │ │ ├── b_helper.yml │ │ ├── helpers.py │ │ └── helpers.yml │ │ ├── packs │ │ └── sample-pack.yml │ │ ├── policies │ │ ├── example_policy.py │ │ ├── example_policy.yml │ │ ├── example_policy_beta.py │ │ ├── example_policy_beta.yml │ │ ├── example_policy_extraneous_fields.py │ │ ├── example_policy_extraneous_fields.yml │ │ ├── example_policy_generated_functions.py │ │ └── example_policy_generated_functions.yml │ │ ├── queries │ │ ├── query_one.yml │ │ ├── query_three.yml │ │ └── query_two.yml │ │ ├── rules │ │ ├── example_rule.py │ │ ├── example_rule.yml │ │ ├── example_rule_extraneous_fields.py │ │ ├── example_rule_extraneous_fields.yml │ │ ├── example_rule_generated_functions.py │ │ ├── example_rule_generated_functions.yml │ │ ├── example_rule_global.py │ │ ├── example_rule_global.yml │ │ ├── example_rule_mocks.py │ │ └── example_rule_mocks.yml │ │ └── scheduled_rules │ │ ├── example_scheduled_rule.py │ │ └── example_scheduled_rule.yml ├── inline-filters │ ├── basic.python.rule.py │ ├── basic.python.rule.with.filters.py │ ├── basic.python.rule.with.filters.yml │ ├── basic.python.rule.yml │ ├── basic.python.scheduled_rule.py │ ├── basic.python.scheduled_rule.yml │ ├── basic.rule.with.filters.yml │ ├── basic.rule.yml │ └── basic.scheduled_rule.yml ├── lookup-tables │ ├── invalid │ │ └── lookup-table-1.yml │ └── valid │ │ ├── lookup-table-1.yml │ │ ├── lookup-table-2.yml │ │ └── sample_aws_accounts.csv ├── queries │ ├── invalid │ │ ├── example-scheduled-query-invalid-tablename-1.yml │ │ ├── example-scheduled-query-invalid-tablename-2.yml │ │ ├── example-scheduled-query-invalid-tablename-3.yml │ │ └── example-scheduled-query-invalid-tablename-4.yml │ └── valid │ │ ├── example-scheduled-query-cron.yml │ │ └── example-scheduled-query-rateminutes.yml ├── simple-detections │ ├── invalid │ │ ├── invalid_Test.MultiMatch.Key.yml │ │ ├── invalid_asana_team_privacy.yml │ │ └── invalid_gcp_gcs_public.yml │ └── valid │ │ ├── AWS.EC2.Traffic.Mirroring.yml │ │ ├── AWS.IAMUser.ReconAccessDenied.yml │ │ ├── AWS.Modify.Cloud.Compute.Infrastructure.yml │ │ ├── Amazon.EKS.Audit.Multiple403.yml │ │ ├── Amazon.EKS.Audit.SystemNamespaceFromPublicIP.yml │ │ ├── GitHub.Team.Modified.yml │ │ ├── Test.AbsoluteCondition.yml │ │ ├── Test.Combinators.yml │ │ ├── Test.Extra.Top.Level.Keys.yml │ │ ├── Test.ListComprehension.yml │ │ ├── Test.MultiMatch.Key.yml │ │ ├── Test.Numeric.Comparison.yml │ │ ├── asana_service_account_created.yml │ │ ├── asana_team_privacy_public.yml │ │ ├── asana_workspace_new_admin.yml │ │ ├── asana_workspace_saml_optional.yml │ │ ├── auth0_mfa_policy_disabled.yml │ │ ├── auth0_mfa_risk_assessment_disabled.yml │ │ ├── aws_authentication_from_crowdstrike_unmanaged_device.yml │ │ ├── aws_cloudtrail_account_discovery.yml │ │ ├── aws_cloudtrail_created.yml │ │ ├── aws_cloudtrail_unsuccessful_mfa_attempt.yml │ │ ├── aws_console_login_without_saml.yml │ │ ├── aws_ec2_monitoring.yml │ │ ├── aws_ec2_startup_script_change.yml │ │ ├── aws_guardduty_high_sev_findings.yml │ │ ├── aws_guardduty_low_sev_findings.yml │ │ ├── aws_s3_unauthenticated_access.yml │ │ ├── aws_vpc_inbound_traffic_port_allowlist.yml │ │ ├── aws_vpc_unapproved_outbound_dns.yml │ │ ├── box_user_downloads.yml │ │ ├── dropbox_linked_team_application_added.yml │ │ ├── duo_user_endpoint_failure_multi.yml │ │ ├── gcp_access_attempts_violating_vpc_service_controls.yml │ │ ├── gcp_gcs_public.yml │ │ ├── gcp_iam_org_folder_changes.yml │ │ ├── gcp_logging_settings_modified.yml │ │ ├── gcp_vpc_flow_logs_disabled.yml │ │ ├── google_workspace_apps_marketplace_allowlist.yml │ │ ├── gsuite_leaked_password.yml │ │ ├── gsuite_workspace_calendar_external_sharing.yml │ │ ├── okta_group_admin_role_assigned.yml │ │ ├── onelogin_high_risk_failed_login.yml │ │ ├── onelogin_password_accessed.yml │ │ ├── onelogin_user_account_locked.yml │ │ ├── snowflake_login_without_mfa.yml │ │ ├── teleport_scheduled_jobs.yml │ │ ├── test.enrichment.rule.yml │ │ ├── test.rule.with.dynamic.funcs.yml │ │ └── vpc_dns_tunneling.yml ├── status │ ├── all_statuses │ │ ├── no_status.py │ │ ├── no_status.yml │ │ ├── status_deprecated.py │ │ ├── status_deprecated.yml │ │ ├── status_experimental.py │ │ ├── status_experimental.yml │ │ ├── status_stable.py │ │ └── status_stable.yml │ ├── status_deprecated │ │ ├── status_deprecated.py │ │ └── status_deprecated.yml │ ├── status_experimental │ │ ├── status_experimental.py │ │ └── status_experimental.yml │ └── status_stable │ │ ├── status_stable.py │ │ └── status_stable.yml └── tests_can_be_inherited │ ├── base.py │ ├── base.yml │ └── derive.yml ├── unit ├── __init__.py └── panther_analysis_tool │ ├── __init__.py │ ├── backend │ ├── __init__.py │ └── test_lambda_client.py │ ├── command │ ├── __init__.py │ ├── test_benchmark.py │ └── test_bulk_delete.py │ ├── core │ ├── __init__.py │ └── test_parser.py │ ├── log_schemas │ ├── __init__.py │ └── test_user_defined.py │ ├── test_analysis_utils.py │ ├── test_check_packs.py │ ├── test_debug.py │ ├── test_enriched_event.py │ ├── test_enriched_event_generator.py │ ├── test_exceptions.py │ ├── test_immutable.py │ ├── test_lookup_tables.py │ ├── test_main.py │ ├── test_schemas.py │ ├── test_testing.py │ ├── test_util.py │ ├── test_validation.py │ └── test_zip_chunker.py └── utils ├── __init__.py └── get_specs_for_test.py /.github/CODEOWNERS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/CODEOWNERS -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/ISSUE_TEMPLATE/bug_report.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/ISSUE_TEMPLATE/feature_request.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/story.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/ISSUE_TEMPLATE/story.md -------------------------------------------------------------------------------- /.github/actions/changed_files/action.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/actions/changed_files/action.yml -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/pull_request_template.md -------------------------------------------------------------------------------- /.github/scripts/lint-invisible-characters/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/scripts/lint-invisible-characters/README.md -------------------------------------------------------------------------------- /.github/scripts/lint-invisible-characters/lint-invisible-characters-test-file.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/scripts/lint-invisible-characters/lint-invisible-characters-test-file.md -------------------------------------------------------------------------------- /.github/scripts/lint-invisible-characters/lint-invisible-characters.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/scripts/lint-invisible-characters/lint-invisible-characters.py -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/workflows/ci.yml -------------------------------------------------------------------------------- /.github/workflows/fmt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/workflows/fmt.yml -------------------------------------------------------------------------------- /.github/workflows/invisible-characters.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/workflows/invisible-characters.yml -------------------------------------------------------------------------------- /.github/workflows/test_release_publish.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/workflows/test_release_publish.yml -------------------------------------------------------------------------------- /.github/workflows/update_panther_analysis_dependency.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/workflows/update_panther_analysis_dependency.yml -------------------------------------------------------------------------------- /.github/workflows/version_bump_pr.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.github/workflows/version_bump_pr.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/.gitignore -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/LICENSE.txt -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/MANIFEST.in -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/SECURITY.md -------------------------------------------------------------------------------- /bin/panther_analysis_tool: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/bin/panther_analysis_tool -------------------------------------------------------------------------------- /bin/pat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/bin/pat -------------------------------------------------------------------------------- /example_panther_config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/example_panther_config.yml -------------------------------------------------------------------------------- /panther_analysis_tool/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /panther_analysis_tool/analysis_utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/analysis_utils.py -------------------------------------------------------------------------------- /panther_analysis_tool/backend/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /panther_analysis_tool/backend/client.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/client.py -------------------------------------------------------------------------------- /panther_analysis_tool/backend/errors.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/errors.py -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/async_bulk_upload.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/async_bulk_upload.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/async_bulk_upload_status.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/async_bulk_upload_status.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/bulk_upload.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/bulk_upload.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/create_or_update_schema.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/create_or_update_schema.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/create_perf_test.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/create_perf_test.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/delete_detections.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/delete_detections.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/delete_saved_queries.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/delete_saved_queries.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/feature_flags.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/feature_flags.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/generate_enriched_event.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/generate_enriched_event.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/get_rule_body.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/get_rule_body.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/get_version.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/get_version.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/introspection_query.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/introspection_query.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/list_schemas.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/list_schemas.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/metrics.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/metrics.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/replay.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/replay.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/stop_replay.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/stop_replay.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/test_correlation_rule.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/test_correlation_rule.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/transpile_filters.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/transpile_filters.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/transpile_sdl.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/transpile_sdl.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/validate_bulk_upload.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/validate_bulk_upload.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/graphql/validate_bulk_upload_status.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/graphql/validate_bulk_upload_status.graphql -------------------------------------------------------------------------------- /panther_analysis_tool/backend/lambda_client.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/lambda_client.py -------------------------------------------------------------------------------- /panther_analysis_tool/backend/mocks.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/mocks.py -------------------------------------------------------------------------------- /panther_analysis_tool/backend/public_api_client.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/backend/public_api_client.py -------------------------------------------------------------------------------- /panther_analysis_tool/cli_output.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/cli_output.py -------------------------------------------------------------------------------- /panther_analysis_tool/command/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /panther_analysis_tool/command/benchmark.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/command/benchmark.py -------------------------------------------------------------------------------- /panther_analysis_tool/command/bulk_delete.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/command/bulk_delete.py -------------------------------------------------------------------------------- /panther_analysis_tool/command/check_connection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/command/check_connection.py -------------------------------------------------------------------------------- /panther_analysis_tool/command/standard_args.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/command/standard_args.py -------------------------------------------------------------------------------- /panther_analysis_tool/command/validate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/command/validate.py -------------------------------------------------------------------------------- /panther_analysis_tool/constants.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/constants.py -------------------------------------------------------------------------------- /panther_analysis_tool/core/definitions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/core/definitions.py -------------------------------------------------------------------------------- /panther_analysis_tool/core/parse.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/core/parse.py -------------------------------------------------------------------------------- /panther_analysis_tool/destination.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/destination.py -------------------------------------------------------------------------------- /panther_analysis_tool/detection_schemas/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /panther_analysis_tool/detection_schemas/analysis_config_schema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/detection_schemas/analysis_config_schema.json -------------------------------------------------------------------------------- /panther_analysis_tool/directory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/directory.py -------------------------------------------------------------------------------- /panther_analysis_tool/enriched_event.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/enriched_event.py -------------------------------------------------------------------------------- /panther_analysis_tool/enriched_event_generator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/enriched_event_generator.py -------------------------------------------------------------------------------- /panther_analysis_tool/immutable.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/immutable.py -------------------------------------------------------------------------------- /panther_analysis_tool/log_schemas/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /panther_analysis_tool/log_schemas/user_defined.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/log_schemas/user_defined.py -------------------------------------------------------------------------------- /panther_analysis_tool/main.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/main.py -------------------------------------------------------------------------------- /panther_analysis_tool/schema_regexs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/schema_regexs.py -------------------------------------------------------------------------------- /panther_analysis_tool/schemas.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/schemas.py -------------------------------------------------------------------------------- /panther_analysis_tool/testing.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/testing.py -------------------------------------------------------------------------------- /panther_analysis_tool/util.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/util.py -------------------------------------------------------------------------------- /panther_analysis_tool/validation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/validation.py -------------------------------------------------------------------------------- /panther_analysis_tool/zip_chunker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/panther_analysis_tool/zip_chunker.py -------------------------------------------------------------------------------- /poetry.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/poetry.lock -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/pyproject.toml -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/requirements.txt -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/fixtures/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/advanced_rules/example_rule_data_model.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/advanced_rules/example_rule_data_model.py -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/advanced_rules/example_rule_data_model.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/advanced_rules/example_rule_data_model.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/correlation_rules/aws_cloudtrail_iaas.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/correlation_rules/aws_cloudtrail_iaas.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/correlation_rules/discovering_exfiltrated_credentials.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/correlation_rules/discovering_exfiltrated_credentials.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/correlation_rules/github_cicd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/correlation_rules/github_cicd.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/data_models/aws_cloudtrail_data_model.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/data_models/aws_cloudtrail_data_model.py -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/data_models/aws_cloudtrail_data_model.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/data_models/aws_cloudtrail_data_model.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/global_helpers/a_helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/global_helpers/a_helper.py -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/global_helpers/a_helper.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/global_helpers/a_helper.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/global_helpers/b_helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/global_helpers/b_helper.py -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/global_helpers/b_helper.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/global_helpers/b_helper.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/global_helpers/helpers.py: -------------------------------------------------------------------------------- 1 | def test_helper(): 2 | return True 3 | -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/global_helpers/helpers.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/global_helpers/helpers.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/packs/missing_datamodel.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/packs/missing_datamodel.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/packs/missing_global.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/packs/missing_global.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/packs/missing_query.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/packs/missing_query.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/packs/missing_subrules.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/packs/missing_subrules.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/policies/example_policy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/policies/example_policy.py -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/policies/example_policy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/policies/example_policy.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/policies/example_policy_beta.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/policies/example_policy_beta.py -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/policies/example_policy_beta.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/policies/example_policy_beta.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/policies/example_policy_extraneous_fields.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/policies/example_policy_extraneous_fields.py -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/policies/example_policy_extraneous_fields.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/policies/example_policy_extraneous_fields.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/policies/example_policy_generated_functions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/policies/example_policy_generated_functions.py -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/policies/example_policy_generated_functions.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/policies/example_policy_generated_functions.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/queries/query_one.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/queries/query_one.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/queries/query_three.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/queries/query_three.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/queries/query_two.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/queries/query_two.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/rules/example_rule.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/rules/example_rule.py -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/rules/example_rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/rules/example_rule.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/rules/example_rule_extraneous_fields.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/rules/example_rule_extraneous_fields.py -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/rules/example_rule_extraneous_fields.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/rules/example_rule_extraneous_fields.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/rules/example_rule_generated_functions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/rules/example_rule_generated_functions.py -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/rules/example_rule_generated_functions.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/rules/example_rule_generated_functions.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/rules/example_rule_global.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/rules/example_rule_global.py -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/rules/example_rule_global.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/rules/example_rule_global.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/rules/example_rule_mocks.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/rules/example_rule_mocks.py -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/rules/example_rule_mocks.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/rules/example_rule_mocks.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/scheduled_rules/example_scheduled_rule.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/scheduled_rules/example_scheduled_rule.py -------------------------------------------------------------------------------- /tests/fixtures/check-packs/missing-dependencies/scheduled_rules/example_scheduled_rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/missing-dependencies/scheduled_rules/example_scheduled_rule.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/packless-rule/packs/test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/packless-rule/packs/test.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/packless-rule/rules/test_rules/test_deprecated.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/packless-rule/rules/test_rules/test_deprecated.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/packless-rule/rules/test_rules/test_included.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/packless-rule/rules/test_rules/test_included.yml -------------------------------------------------------------------------------- /tests/fixtures/check-packs/packless-rule/rules/test_rules/test_missing.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/check-packs/packless-rule/rules/test_rules/test_missing.yml -------------------------------------------------------------------------------- /tests/fixtures/correlation-unit-tests/fails/fails1.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/correlation-unit-tests/fails/fails1.yml -------------------------------------------------------------------------------- /tests/fixtures/correlation-unit-tests/passes/pass1.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/correlation-unit-tests/passes/pass1.yml -------------------------------------------------------------------------------- /tests/fixtures/custom-schemas/invalid/schema-1.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/custom-schemas/invalid/schema-1.yml -------------------------------------------------------------------------------- /tests/fixtures/custom-schemas/invalid/schema-2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/custom-schemas/invalid/schema-2.yaml -------------------------------------------------------------------------------- /tests/fixtures/custom-schemas/valid/lookup-table-schema-1.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/custom-schemas/valid/lookup-table-schema-1.yml -------------------------------------------------------------------------------- /tests/fixtures/custom-schemas/valid/schema-1.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/custom-schemas/valid/schema-1.yml -------------------------------------------------------------------------------- /tests/fixtures/custom-schemas/valid/schema-2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/custom-schemas/valid/schema-2.yaml -------------------------------------------------------------------------------- /tests/fixtures/custom-schemas/valid/schema-3.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/custom-schemas/valid/schema-3.yml -------------------------------------------------------------------------------- /tests/fixtures/custom-schemas/valid/schema_1_tests.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/custom-schemas/valid/schema_1_tests.yml -------------------------------------------------------------------------------- /tests/fixtures/custom-schemas/valid/schema_2_tests.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/custom-schemas/valid/schema_2_tests.yaml -------------------------------------------------------------------------------- /tests/fixtures/derived_without_base/derived.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/derived_without_base/derived.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/.panther_settings.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/.panther_settings.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/aws_globals.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/aws_globals.py -------------------------------------------------------------------------------- /tests/fixtures/detections/aws_globals.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/aws_globals.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/debug/rule_that_prints.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/debug/rule_that_prints.py -------------------------------------------------------------------------------- /tests/fixtures/detections/debug/rule_that_prints.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/debug/rule_that_prints.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/debug/rule_that_works.py: -------------------------------------------------------------------------------- 1 | def rule(event): 2 | return True 3 | -------------------------------------------------------------------------------- /tests/fixtures/detections/debug/rule_that_works.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/debug/rule_that_works.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/debug/rule_with_error.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/debug/rule_with_error.py -------------------------------------------------------------------------------- /tests/fixtures/detections/debug/rule_with_error.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/debug/rule_with_error.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/destinations/example_available_destination_name.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/destinations/example_available_destination_name.py -------------------------------------------------------------------------------- /tests/fixtures/detections/destinations/example_available_destination_name.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/destinations/example_available_destination_name.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/disabled_rule/example_disabled_rule.py: -------------------------------------------------------------------------------- 1 | def rule(event): 2 | raise 3 | -------------------------------------------------------------------------------- /tests/fixtures/detections/disabled_rule/example_disabled_rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/disabled_rule/example_disabled_rule.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/disabled_rule/example_rule.py: -------------------------------------------------------------------------------- 1 | def rule(event): 2 | return True 3 | -------------------------------------------------------------------------------- /tests/fixtures/detections/disabled_rule/example_rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/disabled_rule/example_rule.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_data_model_conflict.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_data_model_conflict.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_ignored.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_ignored.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_ignored_multi.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_ignored_multi.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_invalid_pack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_invalid_pack.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_malformed_policy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_malformed_policy.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_malformed_yaml.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_malformed_yaml.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_policy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_policy.json -------------------------------------------------------------------------------- /tests/fixtures/detections/example_policy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_policy.py -------------------------------------------------------------------------------- /tests/fixtures/detections/example_policy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_policy.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_policy_bad_resource_type.py: -------------------------------------------------------------------------------- 1 | def policy(resource): 2 | return True 3 | -------------------------------------------------------------------------------- /tests/fixtures/detections/example_policy_bad_resource_type.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_policy_bad_resource_type.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_policy_import.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_policy_import.py -------------------------------------------------------------------------------- /tests/fixtures/detections/example_policy_import.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_policy_import.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_policy_invalid_characters.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_policy_invalid_characters.py -------------------------------------------------------------------------------- /tests/fixtures/detections/example_policy_invalid_characters.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_policy_invalid_characters.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_policy_missing_policy_file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_policy_missing_policy_file.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_policy_required_tests.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_policy_required_tests.py -------------------------------------------------------------------------------- /tests/fixtures/detections/example_policy_required_tests.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_policy_required_tests.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_policy_set_duplicates.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_policy_set_duplicates.py -------------------------------------------------------------------------------- /tests/fixtures/detections/example_policy_set_duplicates.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_policy_set_duplicates.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_rule.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_rule.py -------------------------------------------------------------------------------- /tests/fixtures/detections/example_rule_bad_log_type.py: -------------------------------------------------------------------------------- 1 | def rule(event): 2 | return True 3 | -------------------------------------------------------------------------------- /tests/fixtures/detections/example_rule_bad_log_type.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_rule_bad_log_type.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_rule_invalid_mocks.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_rule_invalid_mocks.py -------------------------------------------------------------------------------- /tests/fixtures/detections/example_rule_invalid_mocks.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_rule_invalid_mocks.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_rule_invalid_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_rule_invalid_test.py -------------------------------------------------------------------------------- /tests/fixtures/detections/example_rule_invalid_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_rule_invalid_test.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_rule_missing_field.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_rule_missing_field.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_rule_set_duplicates.py: -------------------------------------------------------------------------------- 1 | def rule(event): 2 | return True 3 | -------------------------------------------------------------------------------- /tests/fixtures/detections/example_rule_set_duplicates.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_rule_set_duplicates.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_strict_invalid_yaml.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_strict_invalid_yaml.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_unhandled_exception.py: -------------------------------------------------------------------------------- 1 | def rule(event): 2 | raise Exception 3 | -------------------------------------------------------------------------------- /tests/fixtures/detections/example_unhandled_exception.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_unhandled_exception.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/example_unhandled_exception_on_import.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/example_unhandled_exception_on_import.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/advanced_rules/example_rule_data_model.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/advanced_rules/example_rule_data_model.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/advanced_rules/example_rule_data_model.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/advanced_rules/example_rule_data_model.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/data_models/GSuite.Events.DataModel.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/data_models/GSuite.Events.DataModel.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/data_models/example_data_model.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/data_models/example_data_model.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/data_models/example_data_model_disabled.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/data_models/example_data_model_disabled.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/data_models/example_data_model_python.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/data_models/example_data_model_python.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/global_helpers/a_helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/global_helpers/a_helper.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/global_helpers/a_helper.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/global_helpers/a_helper.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/global_helpers/b_helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/global_helpers/b_helper.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/global_helpers/b_helper.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/global_helpers/b_helper.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/global_helpers/helpers.py: -------------------------------------------------------------------------------- 1 | def test_helper(): 2 | return True 3 | -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/global_helpers/helpers.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/global_helpers/helpers.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/packs/sample-pack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/packs/sample-pack.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/policies/example_policy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/policies/example_policy.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/policies/example_policy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/policies/example_policy.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/policies/example_policy_beta.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/policies/example_policy_beta.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/policies/example_policy_beta.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/policies/example_policy_beta.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/policies/example_policy_extraneous_fields.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/policies/example_policy_extraneous_fields.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/policies/example_policy_extraneous_fields.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/policies/example_policy_extraneous_fields.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/policies/example_policy_generated_functions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/policies/example_policy_generated_functions.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/policies/example_policy_generated_functions.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/policies/example_policy_generated_functions.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/queries/query_one.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/queries/query_one.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/queries/query_three.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/queries/query_three.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/queries/query_two.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/queries/query_two.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/rules/example_rule.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/rules/example_rule.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/rules/example_rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/rules/example_rule.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/rules/example_rule_extraneous_fields.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/rules/example_rule_extraneous_fields.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/rules/example_rule_extraneous_fields.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/rules/example_rule_extraneous_fields.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/rules/example_rule_generated_functions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/rules/example_rule_generated_functions.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/rules/example_rule_generated_functions.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/rules/example_rule_generated_functions.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/rules/example_rule_global.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/rules/example_rule_global.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/rules/example_rule_global.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/rules/example_rule_global.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/rules/example_rule_mocks.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/rules/example_rule_mocks.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/rules/example_rule_mocks.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/rules/example_rule_mocks.yml -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/scheduled_rules/example_scheduled_rule.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/scheduled_rules/example_scheduled_rule.py -------------------------------------------------------------------------------- /tests/fixtures/detections/valid_analysis/scheduled_rules/example_scheduled_rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/detections/valid_analysis/scheduled_rules/example_scheduled_rule.yml -------------------------------------------------------------------------------- /tests/fixtures/inline-filters/basic.python.rule.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/inline-filters/basic.python.rule.py -------------------------------------------------------------------------------- /tests/fixtures/inline-filters/basic.python.rule.with.filters.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/inline-filters/basic.python.rule.with.filters.py -------------------------------------------------------------------------------- /tests/fixtures/inline-filters/basic.python.rule.with.filters.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/inline-filters/basic.python.rule.with.filters.yml -------------------------------------------------------------------------------- /tests/fixtures/inline-filters/basic.python.rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/inline-filters/basic.python.rule.yml -------------------------------------------------------------------------------- /tests/fixtures/inline-filters/basic.python.scheduled_rule.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/inline-filters/basic.python.scheduled_rule.py -------------------------------------------------------------------------------- /tests/fixtures/inline-filters/basic.python.scheduled_rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/inline-filters/basic.python.scheduled_rule.yml -------------------------------------------------------------------------------- /tests/fixtures/inline-filters/basic.rule.with.filters.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/inline-filters/basic.rule.with.filters.yml -------------------------------------------------------------------------------- /tests/fixtures/inline-filters/basic.rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/inline-filters/basic.rule.yml -------------------------------------------------------------------------------- /tests/fixtures/inline-filters/basic.scheduled_rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/inline-filters/basic.scheduled_rule.yml -------------------------------------------------------------------------------- /tests/fixtures/lookup-tables/invalid/lookup-table-1.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/lookup-tables/invalid/lookup-table-1.yml -------------------------------------------------------------------------------- /tests/fixtures/lookup-tables/valid/lookup-table-1.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/lookup-tables/valid/lookup-table-1.yml -------------------------------------------------------------------------------- /tests/fixtures/lookup-tables/valid/lookup-table-2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/lookup-tables/valid/lookup-table-2.yml -------------------------------------------------------------------------------- /tests/fixtures/lookup-tables/valid/sample_aws_accounts.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/lookup-tables/valid/sample_aws_accounts.csv -------------------------------------------------------------------------------- /tests/fixtures/queries/invalid/example-scheduled-query-invalid-tablename-1.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/queries/invalid/example-scheduled-query-invalid-tablename-1.yml -------------------------------------------------------------------------------- /tests/fixtures/queries/invalid/example-scheduled-query-invalid-tablename-2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/queries/invalid/example-scheduled-query-invalid-tablename-2.yml -------------------------------------------------------------------------------- /tests/fixtures/queries/invalid/example-scheduled-query-invalid-tablename-3.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/queries/invalid/example-scheduled-query-invalid-tablename-3.yml -------------------------------------------------------------------------------- /tests/fixtures/queries/invalid/example-scheduled-query-invalid-tablename-4.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/queries/invalid/example-scheduled-query-invalid-tablename-4.yml -------------------------------------------------------------------------------- /tests/fixtures/queries/valid/example-scheduled-query-cron.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/queries/valid/example-scheduled-query-cron.yml -------------------------------------------------------------------------------- /tests/fixtures/queries/valid/example-scheduled-query-rateminutes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/queries/valid/example-scheduled-query-rateminutes.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/invalid/invalid_Test.MultiMatch.Key.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/invalid/invalid_Test.MultiMatch.Key.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/invalid/invalid_asana_team_privacy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/invalid/invalid_asana_team_privacy.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/invalid/invalid_gcp_gcs_public.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/invalid/invalid_gcp_gcs_public.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/AWS.EC2.Traffic.Mirroring.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/AWS.EC2.Traffic.Mirroring.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/AWS.IAMUser.ReconAccessDenied.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/AWS.IAMUser.ReconAccessDenied.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/AWS.Modify.Cloud.Compute.Infrastructure.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/AWS.Modify.Cloud.Compute.Infrastructure.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/Amazon.EKS.Audit.Multiple403.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/Amazon.EKS.Audit.Multiple403.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/Amazon.EKS.Audit.SystemNamespaceFromPublicIP.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/Amazon.EKS.Audit.SystemNamespaceFromPublicIP.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/GitHub.Team.Modified.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/GitHub.Team.Modified.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/Test.AbsoluteCondition.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/Test.AbsoluteCondition.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/Test.Combinators.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/Test.Combinators.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/Test.Extra.Top.Level.Keys.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/Test.Extra.Top.Level.Keys.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/Test.ListComprehension.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/Test.ListComprehension.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/Test.MultiMatch.Key.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/Test.MultiMatch.Key.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/Test.Numeric.Comparison.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/Test.Numeric.Comparison.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/asana_service_account_created.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/asana_service_account_created.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/asana_team_privacy_public.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/asana_team_privacy_public.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/asana_workspace_new_admin.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/asana_workspace_new_admin.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/asana_workspace_saml_optional.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/asana_workspace_saml_optional.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/auth0_mfa_policy_disabled.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/auth0_mfa_policy_disabled.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/auth0_mfa_risk_assessment_disabled.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/auth0_mfa_risk_assessment_disabled.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/aws_authentication_from_crowdstrike_unmanaged_device.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/aws_authentication_from_crowdstrike_unmanaged_device.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/aws_cloudtrail_account_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/aws_cloudtrail_account_discovery.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/aws_cloudtrail_created.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/aws_cloudtrail_created.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/aws_cloudtrail_unsuccessful_mfa_attempt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/aws_cloudtrail_unsuccessful_mfa_attempt.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/aws_console_login_without_saml.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/aws_console_login_without_saml.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/aws_ec2_monitoring.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/aws_ec2_monitoring.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/aws_ec2_startup_script_change.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/aws_ec2_startup_script_change.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/aws_guardduty_high_sev_findings.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/aws_guardduty_high_sev_findings.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/aws_guardduty_low_sev_findings.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/aws_guardduty_low_sev_findings.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/aws_s3_unauthenticated_access.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/aws_s3_unauthenticated_access.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/aws_vpc_inbound_traffic_port_allowlist.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/aws_vpc_inbound_traffic_port_allowlist.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/aws_vpc_unapproved_outbound_dns.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/aws_vpc_unapproved_outbound_dns.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/box_user_downloads.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/box_user_downloads.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/dropbox_linked_team_application_added.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/dropbox_linked_team_application_added.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/duo_user_endpoint_failure_multi.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/duo_user_endpoint_failure_multi.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/gcp_access_attempts_violating_vpc_service_controls.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/gcp_access_attempts_violating_vpc_service_controls.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/gcp_gcs_public.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/gcp_gcs_public.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/gcp_iam_org_folder_changes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/gcp_iam_org_folder_changes.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/gcp_logging_settings_modified.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/gcp_logging_settings_modified.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/gcp_vpc_flow_logs_disabled.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/gcp_vpc_flow_logs_disabled.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/google_workspace_apps_marketplace_allowlist.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/google_workspace_apps_marketplace_allowlist.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/gsuite_leaked_password.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/gsuite_leaked_password.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/gsuite_workspace_calendar_external_sharing.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/gsuite_workspace_calendar_external_sharing.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/okta_group_admin_role_assigned.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/okta_group_admin_role_assigned.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/onelogin_high_risk_failed_login.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/onelogin_high_risk_failed_login.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/onelogin_password_accessed.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/onelogin_password_accessed.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/onelogin_user_account_locked.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/onelogin_user_account_locked.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/snowflake_login_without_mfa.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/snowflake_login_without_mfa.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/teleport_scheduled_jobs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/teleport_scheduled_jobs.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/test.enrichment.rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/test.enrichment.rule.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/test.rule.with.dynamic.funcs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/test.rule.with.dynamic.funcs.yml -------------------------------------------------------------------------------- /tests/fixtures/simple-detections/valid/vpc_dns_tunneling.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/simple-detections/valid/vpc_dns_tunneling.yml -------------------------------------------------------------------------------- /tests/fixtures/status/all_statuses/no_status.py: -------------------------------------------------------------------------------- 1 | def rule(event): 2 | return True 3 | -------------------------------------------------------------------------------- /tests/fixtures/status/all_statuses/no_status.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/status/all_statuses/no_status.yml -------------------------------------------------------------------------------- /tests/fixtures/status/all_statuses/status_deprecated.py: -------------------------------------------------------------------------------- 1 | def rule(event): 2 | return True 3 | -------------------------------------------------------------------------------- /tests/fixtures/status/all_statuses/status_deprecated.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/status/all_statuses/status_deprecated.yml -------------------------------------------------------------------------------- /tests/fixtures/status/all_statuses/status_experimental.py: -------------------------------------------------------------------------------- 1 | def rule(event): 2 | return True 3 | -------------------------------------------------------------------------------- /tests/fixtures/status/all_statuses/status_experimental.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/status/all_statuses/status_experimental.yml -------------------------------------------------------------------------------- /tests/fixtures/status/all_statuses/status_stable.py: -------------------------------------------------------------------------------- 1 | def rule(event): 2 | return True 3 | -------------------------------------------------------------------------------- /tests/fixtures/status/all_statuses/status_stable.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/status/all_statuses/status_stable.yml -------------------------------------------------------------------------------- /tests/fixtures/status/status_deprecated/status_deprecated.py: -------------------------------------------------------------------------------- 1 | def rule(event): 2 | return True 3 | -------------------------------------------------------------------------------- /tests/fixtures/status/status_deprecated/status_deprecated.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/status/status_deprecated/status_deprecated.yml -------------------------------------------------------------------------------- /tests/fixtures/status/status_experimental/status_experimental.py: -------------------------------------------------------------------------------- 1 | def rule(event): 2 | return True 3 | -------------------------------------------------------------------------------- /tests/fixtures/status/status_experimental/status_experimental.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/status/status_experimental/status_experimental.yml -------------------------------------------------------------------------------- /tests/fixtures/status/status_stable/status_stable.py: -------------------------------------------------------------------------------- 1 | def rule(event): 2 | return True 3 | -------------------------------------------------------------------------------- /tests/fixtures/status/status_stable/status_stable.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/status/status_stable/status_stable.yml -------------------------------------------------------------------------------- /tests/fixtures/tests_can_be_inherited/base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/tests_can_be_inherited/base.py -------------------------------------------------------------------------------- /tests/fixtures/tests_can_be_inherited/base.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/tests_can_be_inherited/base.yml -------------------------------------------------------------------------------- /tests/fixtures/tests_can_be_inherited/derive.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/fixtures/tests_can_be_inherited/derive.yml -------------------------------------------------------------------------------- /tests/unit/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/backend/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/backend/test_lambda_client.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/backend/test_lambda_client.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/command/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/command/test_benchmark.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/command/test_benchmark.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/command/test_bulk_delete.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/command/test_bulk_delete.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/core/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/core/test_parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/core/test_parser.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/log_schemas/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/log_schemas/test_user_defined.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/log_schemas/test_user_defined.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/test_analysis_utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/test_analysis_utils.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/test_check_packs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/test_check_packs.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/test_debug.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/test_debug.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/test_enriched_event.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/test_enriched_event.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/test_enriched_event_generator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/test_enriched_event_generator.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/test_exceptions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/test_exceptions.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/test_immutable.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/test_immutable.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/test_lookup_tables.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/test_lookup_tables.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/test_main.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/test_main.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/test_schemas.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/test_schemas.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/test_testing.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/test_testing.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/test_util.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/test_util.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/test_validation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/test_validation.py -------------------------------------------------------------------------------- /tests/unit/panther_analysis_tool/test_zip_chunker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/unit/panther_analysis_tool/test_zip_chunker.py -------------------------------------------------------------------------------- /tests/utils/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/utils/get_specs_for_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/panther-labs/panther_analysis_tool/HEAD/tests/utils/get_specs_for_test.py --------------------------------------------------------------------------------