Skip to content

Commit

Permalink
Issue Templates for New Analysis and Tuning (#1464)
Browse files Browse the repository at this point in the history
  • Loading branch information
@arielkr256
arielkr256 authored Jan 14, 2025
1 parent 5dff7ad commit 54c78ba
Show file tree
Hide file tree
Showing 2 changed files with 127 additions and 0 deletions.
41 changes: 41 additions & 0 deletions .github/ISSUE_TEMPLATE/new_analysis.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: "New Analysis Request"
description: "Request a new rule, policy, or helper to be added to the Panther platform."
title: "[New] Name of Rule, Policy, or Helper"
labels: ["enhancement"]

body:
- type: textarea
attributes:
label: "Description"
description: "Provide a detailed description of the rule, policy, or helper."
placeholder: "Detailed description..."

- type: dropdown
attributes:
label: "Analysis Type"
description: "Select the type of analysis."
options:
- rule
- policy
- global_helper
- data_model
- scheduled_query
- correlation_rule

- type: input
attributes:
label: "Log Source"
description: "Provide the relevant log source (optional)."
placeholder: "AWS.CloudTrail"

- type: textarea
attributes:
label: "References"
description: "Provide any reference links (optional)."
placeholder: "References..."

- type: textarea
attributes:
label: "Example Log Data (redacted)."
description: "Provide an example log that would trigger this rule. Please make sure to redact any sensitive information."
placeholder: "Example JSON data..."
86 changes: 86 additions & 0 deletions .github/ISSUE_TEMPLATE/tuning.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
name: "Tuning Request"
description: "Report false positives or bugs with existing detections."
title: "[Tuning] Rule ID"
labels: [tuning]
body:
- type: input
attributes:
label: "Rule ID"
placeholder: "AWS.CloudTrail.Stopped"
description: |
"RuleID of the rule that you are reporting a false positive for"
validations:
required: true

- type: textarea
attributes:
label: "Description"
placeholder: |
"This rule is triggering on the `StartLogging` event, which is not expected behavior."
description: |
"Describe why you believe this is a false positive or bug."
validations:
required: true

- type: textarea
attributes:
label: "Example Log (redacted)"
description: |
"Provide an example log that triggered the rule. Please make sure to redact any sensitive information."
placeholder: |
{
"eventVersion": "1.05",
"userIdentity":
{
"type": "AssumedRole",
"principalId": "111:panther-snapshot-scheduler",
"arn": "arn:aws:sts::123456789012:assumed-role/tester",
"accountId": "123456789012",
"accessKeyId": "1",
"sessionContext":
{
"attributes":
{
"mfaAuthenticated": "false",
"creationDate": "2019-01-01T00:00:00Z",
},
"sessionIssuer":
{
"type": "Role",
"principalId": "1111",
"arn": "arn:aws:iam::123456789012:role/tester",
"accountId": "123456789012",
"userName": "tester",
},
},
},
"eventTime": "2019-01-01T00:00:00Z",
"eventSource": "cloudtrail.amazonaws.com",
"eventName": "StartLogging",
"awsRegion": "us-west-2",
"sourceIPAddress": "111.111.111.111",
"userAgent": "Mozilla",
"requestParameters":
{
"encryptionContext":
{
"aws:lambda:FunctionArn": "arn:aws:lambda:us-west-2:123456789012:function:test-function",
},
},
"responseElements": null,
"requestID": "1",
"eventID": "1",
"readOnly": true,
"resources":
[
{
"ARN": "arn:aws:kms:us-west-2:123456789012:key/1",
"accountId": "123456789012",
"type": "AWS::KMS::Key",
},
],
"eventType": "AwsApiCall",
"recipientAccountId": "123456789012",
}
validations:
required: true

0 comments on commit 54c78ba

Please sign in to comment.