Exciting new features are now available to help you protect your organization and improve your security operations pipeline.
We’ve got some major updates ready for you today in Panther v1.6!
We’re improving usability with a major overhaul to our UI. The first of many updates to come is our brand new dark theme, which is easier on your eyes and will save you some battery life. Here are a couple of screenshots of the updated UI waiting for you in Panther v1.6:
Log Analysis Overview
A Log Analysis dashboard overview is now available to help you quickly understand high-level analytics on alerts, rules, and events. These graphs add a visualization layer to help you understand data scale and alert frequency, and quickly identify high priority alerts.
Better Alert Triage
Ready to hide an alert that’s been reviewed? No problem! Now you can use a status field to mark alerts as:
- Open (default)
- Triaged (investigating)
- Closed (false positive)
- Resolved (remediated)
Updating alert statuses will help you reduce clutter in the UI and better organize active investigations across your team.
Improved Unit Testing for Detections
High-fidelity alerts start with test-driven detections. That’s why we include Unit Tests for Rules and Policies in our UI. Previously, however, it was possible to save an update to a detection that resulted in a unit test breaking. Now, if you make an edit to a detection that results in a failed unit test, the save operation will fail. This will help you ensure your detections keep doing what you intend for them to do–identifying high-signal activity!
Faster and cheaper historical queries (Enterprise)
In Panther Enterprise, your log data is converted from JSON to Parquet which results in significantly faster queries against your security data lake. With Parquet, you’ll see more efficient read operations and ~60% smaller file sizes. Best of all, there’s nothing to tune or configure to take advantage of these optimizations–simply upgrade to Enterprise and watch your queries fly.
CloudWatch Event Logs Support
Analyzing data sent via AWS CloudWatch Events are now natively supported. CloudWatch Events deliver a near real-time stream of events that describe activity in your AWS accounts. Review the log format for CloudWatch Events in our docs.
Lacework Events Support
Lacework is a Cloud Security Platform for DevOps, Workloads, and Cloud Containers, and includes an agent for collecting important host-based data. Panther v1.6 now supports ingestion, detection, and storage of this data. Review the log format for Lacework Events in our docs.
Collect and Analyze G Suite and Box audit logs (Enterprise)
Our ecosystem of SaaS log integrations is growing! In addition to Okta, you can now poll G Suite and Box audit logs, detect suspicious behaviors, and store logs for investigations.
SIEM for G Suite Logs
There are many great security use cases for analyzing your G Suite logs. For example, you can monitor data sharing to make sure employees aren’t mismanaging sensitive information, or you can track and monitor third-party app authorizations to more tightly enforce data access policies. You can read the docs here.
SIEM for Box Logs
Similar to G Suite, your organization may store valuable and / or sensitive data in Box. By polling and analyzing your Box logs with Panther, you can gain real-time visibility into user activity to ensure data is not being improperly shared or accessed. Read the docs.
Click to Search Alert Events (Enterprise)
When you receive notifications about a potential security issue, the first place you’ll look for context is the Alert Overview. But to dive deeper, you’ll want to navigate to Panther’s Data Explorer to correlate activity across data sources.
Previously, to view pertinent historical information related to an alert you needed to manually formulate SQL queries in the Data Explorer. Now, you can simply click a button in the Alerts UI to pivot into Data Analytics with the proper SQL query pre-filled.
Time is precious during an incident investigation. With this handy new feature, you can answer your key questions faster and with more accuracy.
SAML SSO (Enterprise)
Panther Enterprise now supports SAML single sign-on (SSO)! Configure OneLogin, Okta, or any other standard SAML IdP for user registration and sign in to Panther. Learn more about our SAML SSO support in the docs.
All Enterprise Policies and Rules are now open source
We want all our users, open source and enterprise, to obtain value from Panther. By providing a wider array of policies and rules our users can detect more security issues, and also have more examples from which to craft their own custom detections.
The open source detections apply to a range of security topics such as PCI compliance, identity and access management, operations, and more. Where relevant, we’ve also mapped to the MITRE ATT&CK framework.
Panther v1.6 is now available with a dark theme, improved usability and overviews, more natively supported logs, and new powerful enterprise features.