v3.68.0

What's Changed

🕵️ New Detections

• THREAT-403 Create rules for User, Administrator, and Role Management based on test cases by @akozlovets098 in #1415
• s3 bucket confused deputy attack by @bcpenta in #1416
• THREAT-318: Standard.SignInFromRogueState by @ben-githubs in #1426
• THREAT-411 ZIA AdminAuditRules - Password, Log, Backup by @akozlovets098 in #1425

🔍️️ New Queries

• Adding Some Snowflake Behavioral/Anomaly Scheduled Queries by @ben-githubs in #1408
• Okta AD/LDAP Delegated Authentication - Username Above 52 Characters Security Advisory by @arielkr256 in #1428

🐛 Bug Fixes and Tunes

• fixing ruleID typo on gcp_k8s_pod_create_or_modify_host_path_vol_mount.yml by @jzandona in #1418
• ASK-928 tuning Zendesk.UserRoleChanged by @akozlovets098 in #1421
• Refactor panther_azuresignin_helpers.actor_user to use imported deep_get by @ben-githubs in #1422
• Fix Standard.SignInFromRogueState for Unenriched Events by @ben-githubs in #1431
• THREAT-408 Notion.Many.Pages.Deleted -> Scheduled Rule by @ben-githubs in #1423

🏡 Miscellaneous

• Release v3.67 by @le4ker in #1398
• Prep for v3.68 by @arielkr256 in #1412
• Update CONTRIBUTING.md by @le4ker in #1420
• Update TrailDiscover data by @akozlovets098 in #1424
• Make check-packs action work by @ben-githubs in #1427

Full Changelog: v3.67.0...v3.68.0