v1.110

New and Noteworthy

• Explore and analyze your data with PantherFlow, Panther’s new pipelined query language.
  • PantherFlow is in open beta, and is available to all customers.
• Ingest Zscaler ZIA and ZPA logs into Panther using the new native Zscaler log integrations.
• Ingest Wiz logs into Panther and use the Panther-managed Wiz detections.
  • The Wiz integration is in open beta, and is available to all customers.
• Ingest Material Security case created logs into Panther.
  • The Material Security integration is in open beta, and is available to all customers.
• Ingest Thinkst Canary alert logs into Panther, and use the Panther-managed Thinkst Canary detections.
  • The Thinkst Canary integration is in open beta, and is available to all customers.
• Follow the Chronosphere Onboarding Guide to route observability data to Panther using the Chronosphere Telemetry Pipeline.

Now Generally Available

• Enable two-way status, assignee, and comment syncing between Panther alerts and Jira issues. The Jira alert destination has also been enhanced to support Jira issue label and priority assignment based on Panther alert severity.
• Manage your Panther users from a single location with Okta SCIM.

In Closed Beta

• Write detections fully in Python (and avoid merge conflicts) using Panther’s new detection format, PyPanther Detections. The pypanther CLI tool now has a convert command, as well as a --dry-run option for upload. The Severity class now has upgrade() and downgrade() functions.
  • If you would like to participate in the PyPanther beta, please reach out to your Support team.

Panther Developer Workflows

• Fetch the events associated with an alert with a new GraphQL API endpoint.
• panther-analysis versions 3.63.0-3.66.0 are available, and include the following highlights:
  • Panther-managed detections for Sublime Security and Wiz
  • Cleanup of deprecated rules
  • MITRE ATT&CK linter
  • Various detection tuning

Bug Fixes

• Fixed a bug that had allowed non-JSON-compliant values (e.g., nan, inf, and -inf) to be present in an alert’s alert context value, which caused downstream issues.
• Resolved an issue in the Panther console that was causing intermittent network problems, often resulting in a “503 Service Unavailable” error page.
• Fixed an extremely rare edge case that could lead to dropped alert events.
• Resolved a bug that had caused large numbers to be truncated in Search and Data Explorer.
• Fixed an edge case where enabling field discovery could have led to increased Snowflake costs when the data format frequently changed.