v1.68
May 24, 2023
Now Generally Available
- Onboard Tines audit logs with the Tines log puller. Use this integration to monitor changes made by users to data in your Tines tenant.
In Open Beta
- Added a histogram to the Query Builder that provides a visualization of results by time. This helps you quickly identify abnormal activity, gain insights into trends, prioritize investigations, and hone your searches.
- Added a new transformation for custom logs,
concat, which allows you to combine multiple fields’ values into the value for a new field.- For example, combined fields can be used as a key for enrichment.
In Closed Beta
- Onboard Auth0 tenant logs with the new Auth0 log puller and Panther-managed detections. Use this integration to monitor event logs from the Auth0 log stream.
- If you would like to participate in this closed beta, contact your Panther representative.
Schema Changes
- Added new Azure Active Directory activities schemas to capture audit and sign-in events:
- Azure.Audit
- Azure.SignIn
- The following updates have been made to Zeek schemas:
- Added a new schema, Zeek.SSL.
- Added new fields to Zeek.HTTP.
Panther Developer Workflows
- You can now add comments to existing alerts via the Panther API.
- Version 0.22.1 of panther_analysis_tool has been released, featuring the following update:
- Added support for the Auth0.Events log type.
- Versions 3.7.0 and 3.7.1 of panther-analysis have been released, featuring the following updates:
- Added Auth0 detections and Pack.
- Added Tines detections.
- Added link to Snyk alert context to identify users.
Bug Fixes
- Fixed a bug that caused classification errors when parsing CloudTrail Insights data received through SQS.
- Resolved a replay result processing issue that could cause replays to fail.
- Lacework alert management schema classification errors no longer appear when the IP_ADDR field is missing.