New Panther Features Solving Real-World Problems in v1.114

At Panther, we build with our customers, not just for them. Our v1.114 release reflects that philosophy, delivering highly requested capabilities that simplify workflows, remove friction, and make Panther more powerful across the board. From better log ingestion to smoother alert triage and expanded integrations, these updates are designed to solve challenges our users face every day.

Here’s a look at what’s new and why it matters.

Slack Bot Enhancements for Faster, Cleaner Alert Triage
Panther’s Slack integration is probably the most widely used integration and has been upgraded to work more like an extension of your SIEM, not just a notification channel. The latest updates include two-way sync for alert assignments and status, inline AI triage context, optional resolution justification, cleaner messages, and automatic alert assignment based on who resolves it. These changes eliminate back-and-forth between tools and allow analysts to triage alerts directly in Slack accurately, quickly, and with complete visibility.

XML Log Ingestion: Native Support for a Common Legacy Format
Security teams working in many environments often rely on XML-formatted logs. Until now, ingesting these required workarounds like converting formats manually or using external ETL tools. With this release, Panther natively supports XML log ingestion and automatically infers schemas. That means teams can integrate XML-based log sources directly into their pipelines with no additional tooling, gaining full search and detection support without extra overhead.

Reclassify Failed Logs Without Custom Workflows
Logs that fail initial classification, often due to upstream schema changes in the logs, used to require manual re-ingestion through complex workflows. Now, teams can reprocess those failed events directly within Panther. This significantly reduces operational burden and ensures valuable security data doesn’t remain stuck or overlooked. It’s a critical but straightforward improvement that closes a long-standing gap in log management.

Full Search Result Export: Go Beyond 1,000 Rows
Previously, exporting search results from Panther was limited to 1,000 rows, making deeper analysis and reporting difficult. With this update, users can now generate and download full CSV exports of their search results, with no specified row count, only a file size limit of 1 gigabyte. This enables broader data access for investigations, compliance reviews, and integration with downstream systems, without needing to rerun or segment queries.

CreatedBy Field in Detection YAMLs for Better Ownership Tracking
In detection engineering workflows, especially CI/CD environments, it's common for multiple engineers to contribute to rules, but challenging to trace authorship once detections are uploaded to Panther. The new optional CreatedBy field in detection YAMLs solves this by exposing author metadata in the UI and API. This small addition improves collaboration, auditing, and transparency across detection teams managing shared rule sets.

Custom Lookup Tables with Google Cloud Storage - Closed Beta but coming soon
For teams operating in Google Cloud environments, Panther now supports building custom lookup tables from GCS buckets, matching the experience previously only available with AWS S3. This limits your need to move data around paying cloud egress fees. Users are guided through setup with detailed documentation, and can even generate a Terraform template to integrate with their infrastructure-as-code. This makes enriching detections with proprietary datasets far easier for GCP-native teams and enhances Panther’s appeal in multi-cloud ecosystems.

We Hear You
These features weren’t invented in a vacuum. They came straight from customer feedback, feature requests, and real operational pain points. By delivering solutions to common friction areas, Panther continues to invest in building a SIEM that is both powerful and user-focused.

Want to see these updates in action? Request a demo or check out the full release notes here.