AI in the SOC – Only as Good as the Data You Give It!

Security teams are under pressure to move quickly and implement AI, but without comprehensive and accurate data and telemetry, those efforts are almost guaranteed to deliver disappointing results. 

Panther has always focused on delivering complete visibility to your security environment. Our latest release, v.1.117 (now live in all customer environments), strengthens Panther’s AI triage further by capturing analyst decisions, keeping enrichment continuously fresh, and auto-magically updating schemas as log formats evolve. This release enhances the infrastructure that makes AI dependable and accurate for production SOC workflows.

Accurate Enrichment for High-Confidence AI and Detections

Enrichment data provides critical context to your detections, alerts, and AI-assisted triage and investigations. Keeping enrichment data up-to-date, though, hasn’t always been seamless. Static CSVs drift as people change roles or leave the organization, and configuring data from an external source, such as S3, provides more frequent updates but also requires managing additional data storage infrastructure. 

Panther’s new SQL Enrichments capabilities avoid this by pulling context directly from your Panther data lake on a schedule you define. Daily updates to employee information from Okta, hourly refreshes of VIP accounts, and other routine context stay accurate without manual effort.

Accurate enrichment improves both analyst efficiency and AI reliability. Alerts tied to former employees no longer trigger unnecessary investigations, and AI triage evaluates activity in the context of current data.

Keeping Your Data Structured and Complete

Clean, consistent data is essential for reliable detections and AI triage, but log formats frequently evolve. Without safeguards in place, schema drift can lead to missed fields, broken detections, and unpredictable alert quality.

v1.117 strengthens this foundation on multiple fronts. AI Schema Inference, accelerated by our acquisition of Datable, now supports any log format, including JSON, CSV, XML, and even plain text. Paste a sample, generate a schema, and start building detections with fewer surprises.
Field Discovery has also been expanded to 120+ Panther-managed schemas, ensuring that new vendor-added fields are captured automatically rather than silently discarded. 

This release also includes updates that keep Panther aligned with rapidly changing ecosystems: the latest Orca event schema, a new Gmail audit log integration, updates to our Salesforce integration to capture even more data, and a new integration with OpenAI to capture audit logs for monitoring AI activity and infrastructure. 

Additionally, we introduced new AI triage features that accelerate investigations. Suggested Prompts help analysts move faster through everyday tasks, and saved AI queries make it easy to reuse effective investigative patterns. Together, these updates make AI faster and more aligned with how SOC teams work.

Capturing Why Analysts Make Decisions

Alert Quality and Context Tags–now available in Closed Beta–introduces a simple yet essential workflow improvement for practitioners responding to alerts. During routine triage, analysts can mark whether an alert was useful or noise and select a tag to explain their decision. It only takes a few clicks and creates valuable metadata for further improving alert quality.

This feedback immediately highlights which detections are delivering signal versus noise. If a high volume of alerts from the same rule are consistently tagged as expected behavior or test activity, you have concrete evidence that the detection needs refinement. If another rule is repeatedly tagged as a genuine threat, you can be sure it’s delivering value. 

This data also strengthens Panther’s AI triage. The model learns directly from your team’s decision-making patterns in your environment and aligns with how your team evaluates alerts.

By capturing these decisions over time, Panther creates a self-healing feedback loop that improves both detection quality and AI accuracy over time.

Future-Proofing the SOC

The features in v1.117 improve enrichment accuracy, capture analyst reasoning, and protect detections from schema drift. These capabilities deepen the foundation Panther has invested in from the beginning: bringing all your security data into one place and ensuring it stays structured, current, and meaningful.

As AI becomes increasingly central to SOC workflows, having a strong data foundation isn’t optional. It is what ensures reliability, reduces noise, and accelerates response. Panther will continue investing in the core infrastructure that makes AI an effective tool for your team.

For our complete list of updates, read the Release Notes here.