Panther v1.118 Focuses on Removing Friction from Security Operations

The v1.118 release continues our focus on removing operational barriers that prevent security teams from working efficiently. These new features make investigations and detection engineering more accessible through a full screen natural language interface, smooth UI workflows for teams using detections-as-code, and an expanded approach to validating detection quality.

Natural Language Search

Every query language has a barrier to entry, and when you’re in the middle of an incident remembering syntax is the last thing you need. With Natural Language Search, your team can now run complex investigations without mastering query syntax - just describe what you’re looking for in plain language - "Show failed logins in the last 24h from @Okta System Log". This will unlock log data for everyone, regardless of familiarity with the query syntax.

Build Test-Driven Detections Conversationally

Panther is well-known for its powerful detection engineering capabilities, built leveraging Python and detection-as-code. Now, with our AI-driven detection engineering capabilities, these powerful capabilities are accessible to a wider audience of practitioners, and are also simply easier to use by all. Importantly, these new capabilities build upon a foundation that’s perfect for AI—test-driven, peer reviewed, and highly flexible to meet the needs of your organization's unique security policies. These capabilities enable our customers to rapidly accelerate detection and response across their entire environment. 

Create PR from UI

Detection-as-code workflows frequently force a choice: edit detections fast in the UI and risk having changes overwritten, or edit files “as code” and move slower. Neither works perfectly for all scenarios, or when your team includes a mix of skill and technical expertise. Now when you edit a detection in the UI, you can create a pull request in your GitHub repository automatically. You get the speed of UI editing with the rigor of version control intact. Currently available in SaaS deployments. 

Human-in-the-Loop Tool Approval

When Panther AI wants to take action - update alert status, create detections, or modify security data - it stops and shows what will happen, allowing you to approve or reject the action. All decisions log to audit trails. This provides the context for actions that auditors require, without eliminating AI efficiency gains.

Expanded Integrations and Coverage

New Integrations

• Google Workspace Service Account authentication—eliminating single points of failure when user accounts are disabled and aligning with enterprise policies

• AWS Network Load Balancer log ingestion through standard S3 setup

• Field Discovery expansion across 42 additional schemas, automatically storing fields that previously got dropped when they weren't defined in the existing schema

New Detection Coverage

• Cloud ransomware detections for AWS, GCP, and Azure

• React2Shell zero-day protections for AWS, GCP, and Cloudflare

• OpenAI security monitoring rules

• New Azure.MonitorActivity rules based on Microsoft and Elastic research

The v1.118 release targets operational friction that slows teams down. Your junior analysts investigate alerts the day they join instead of requiring weeks of query language training. Your team expands detection coverage without needing to clone themselves. Your CI/CD workflow doesn't force a choice between speed and discipline.

The pattern across these features: technical barriers shouldn't determine what your team can accomplish. Query syntax and Python knowledge create operational bottlenecks that have nothing to do with actually catching threats. This release removes several of those barriers.

Ready to see the platform? Sign up for our upcoming demo session here.