Smarter AI Workflows, Broader Coverage: What’s New in Panther v1.115

Security teams don’t need more dashboards or more noise — they need tools that reduce toil and make daily work easier. Panther’s v1.115 release features were built with that in mind. From new integrations that broaden visibility to lightweight reporting and AI enhancements that save hours of manual effort, this release is designed to eliminate the friction points that practitioners encounter most frequently.

AI That Understands Your Environment

Panther AI is evolving from a generic assistant into an AI SOC analyst that understands your environment and automates triage. In this release, you can add organization-specific context to guide AI outputs, choose which alerts to summarize directly from the alert list, and gain deeper visibility into the health of your data pipelines. Together, these enhancements significantly improve the accuracy of Panther AI, reduce manual steps, and give analysts more control.

Expanding Coverage Where It Counts

The more telemetry you centralize, the faster you find answers. With v1.115, Panther adds native integrations for Microsoft Intune, Microsoft Defender XDR, DocuSign, and Axonius. These sources represent a mix of endpoint, SaaS, and identity data that many teams have struggled to integrate into their SIEM. Now, those streams flow directly into Panther, normalized and ready for detection with zero engineering overhead.

Turning Queries Into Insight, Not Noise

Not every scheduled query result is worth an alert — sometimes it just needs to land in someone’s inbox. That’s why we introduced email reporting for Scheduled Searches. Analysts can configure queries to deliver results on a schedule, complete with optional CSV attachments, providing stakeholders with visibility without generating additional noise. It’s a small change that offers customers more flexibility for sharing Panther insights.

Adding Context to Speed Investigations

We’ve doubled down on enrichment and searchability. Two new standard fields — p_any_cves and p_any_mitre_attack_techniques — simplify the process of hunting for vulnerabilities and ATT&CK techniques across all log types. Meanwhile, support for enriching alerts with MISP Warning Lists helps teams automatically flag or filter noisy indicators that don’t deserve analyst time. These improvements work together to make investigations shorter, sharper, and less repetitive.

Better Everyday Experience

Sometimes, the most noticeable improvements are those that enhance the small, daily interactions. The new Profile Settings page enables each user to set their own time zone and opt to receive alert assignments via email — eliminating one-size-fits-all defaults. We’ve also upgraded our in-app support experience, so customers can open support tickets and search our Knowledge Base directly in the Panther Console. For teams collaborating in Slack, two-way comment sync ensures that alert discussions stay consistent across workspaces.

Stronger Foundations

Under the hood, v1.115 enhances Panther's integration with Snowflake by enabling RSA key rotation without downtime and implementing tighter access controls through custom databases and schemas. Developer workflows also receive a boost with the Script Parser, which simplifies log transformation without requiring external tooling, and Avro ingestion, which introduces support for a widely used and efficient format. Expanded field discovery for high-volume log types, such as GitHub, CrowdStrike, GCP, and Lacework, helps ensure pipelines remain resilient even as schemas change.

These enhancements build on our broader commitment to enterprise data platforms — including our recent announcement of Panther x Databricks — giving customers more choice and confidence in how they unify security data.

Why It Matters

Panther’s latest release is all about removing roadblocks. Whether that’s reducing alert noise, expanding visibility into SaaS and endpoint systems, or powering up analyst workflows with smarter AI, this update is designed to make Panther feel less like infrastructure and more like a partner.

Explore the full release notes or request a demo.