Release Notes

Manage your HTTP Sources in Panther with new REST API operations.

Explore and analyze your data with PantherFlow, Panther’s new pipelined query language.

Use the CrowdStrike Event Streams log source to ingest logs from the Event Streams API.

Create correlation rules to track complex threat behavior across multiple detections.

The Torq alert destination is in open beta, and available to all customers.

Added new detections for MongoDB Atlas. The detections are available in the Panther Console and the panther-analysis GitHub repository.

Added two new detections for CVE-2024-3094.

Use our new two-way sync functionality with Jira alert destinations to easily track alert status, assignee, and comments between Panther and Jira.

Added support for Policy Denied audit logs to the GCP.AuditLog log type.

Send alerts to Discord using our new built-in alert destination integration.

Added data models for AWS EKS and GCP GKE logs to map to normalized Kubernetes log fields.

Use normalized event filtering to filter out events after they have been parsed by a log schema

Our built-in Carbon Black, Netskope, and Tenable log sources are out of their open beta phase and are now generally available.

Added the ability to configure dynamic severity, alert context, and groupby functions for Simple Detections in the Panther Console.

Added the ability to use prefix exclusion filters with GCS sources.

Use the new Summary tab on search results to quickly understand what is and is not important when triaging an alert, investigating a potential breach, or threat hunting.

Use our new Splunk alert destination to send Panther alerts to Splunk.

Added detection inheritance for Python detections and Simple Detections.