v1.62

Apr 12, 2023

Now Generally Available

Quickly construct, save, tag, and edit queries to search your data lake with the Query Builder in the Panther Console.
- Use the Query Builder, catered to users without extensive SQL knowledge, to easily search your security data.
- Query Builder is an effective alternative to using Data Explorer to perform common searches.
Expanded editing capabilities for custom schemas and added the ability to archive unused schemas in the Panther Console. Use the archive feature to reduce schema clutter and prevent unintentionally selecting unused schemas.
Onboard SentinelOne Cloud Funnel 2.0 logs with the SentinelOne log puller. Use this integration to monitor XDR and EDR data.

In Open Beta

Added support for GitHub Enterprise Cloud audit log streaming.
Onboard Bitwarden logs with the Bitwarden log puller. Use this integration to monitor events that occur in Bitwarden Teams or Enterprise organizations.
Onboard SentinelOne API activity logs with the SentinelOne log puller. Use this integration to monitor SentinelOne activities.

Schema Changes

A new indicator field, p_any_actor_ids, is now available for all schemas. It provides a Panther-managed field containing actor identifiers.

Enhancements

In the Panther Console, the following enhancements have been made to Alert Details:
- Custom enrichment is now aligned vertically for better readability.
- Improved the handling of nested enrichment data.
Bulk and individual downloads now wrap name and ID YAML fields in double quotes to better accommodate special characters in those fields.
- panther-analysis YAML files have been updated to match this new format.
The schema inference process now infers emails and MD5, SHA-1, and SHA-256 hashes.

Panther Developer Workflows

Version 0.20.0 of panther_analysis_tool has been released, featuring the following updates:
- Added a test to validate whether table names in queries match the pattern <string>.public.<string> or snowflake.account_usage.<string>. This validation can be disabled by supplying the --ignore-table-names argument.
- Added a warning message that alerts when the running version of PAT is out of date and an update is available.

Bug Fixes

Added validations for fields stored in p_any_domains to avoid storing ”.” values.
Fixed a bug that caused the s3sns tool to block indefinitely in case of an error.
Resolved various issues with Data Replay on the Edit Detections page.

Previous Releases

View All

v1.61 Apr 5, 2023

Tune rules directly from alerts in the Panther Console. This allows you to more easily address false positives by quickly adding filters, streamlining your detection management workflow.

v1.60 Mar 29, 2023

You can now save, open, update, and add tags to queries that you create in Query Builder, enabling you to easily reference and work more quickly with frequently-used queries.

v1.59 Mar 22, 2023

You can now rotate your Panther API token via the Panther Console or the Panther API, enabling you to more easily enhance your security practices.