Product Updates

Panther AI (including the navigation bar entry point, alert triage, AI risk scoring, and Search summarization) is now generally available, with the following feature enhancements in open beta:

• Describe a search in natural language and Panther AI will generate a PantherFlow query.

• Use the AI Detection Builder to create and modify detection rules using natural language prompts.

• When Panther AI wants to perform a sensitive action, it now requires human approval before execution.

Create GitHub pull requests directly from the Panther Console when editing or creating detections.

Add filters to custom dashboards to drill down on certain fields across all visualizations.

Manually dispatch alerts to configured destinations from an alert's details page.

Set alert quality and add context tags to track resolution reasons and improve detection tuning.

Ingest AWS NLB logs with Panther's new log source integration.

Enrich incoming logs with data already in your data lake by creating custom enrichment sources with the output of a Scheduled Search.

Infer schemas from sample data of any format, not just JSON, with AI-assisted schema inference.

Ingest OpenAI audit logs with Panther's new log source integration.

The Enrichment details page includes enrichment data under the new “Lookup Table” tab. The updated page makes it easier to validate your data and edit your schemas.

Enrich incoming logs with additional context with Open Threat Exchange (OTX) enrichment.

Search now features two-way synchronization between PantherFlow query text and filter values.

In the Panther Console, custom enrichments (formerly called Lookup Tables) and Panther-managed enrichments have been consolidated into a single Enrichments page.

• Improved filtering and table columns have been added to the Enrichments page.

Configure whether you’d like to receive alert assignment emails, as well as your individual timezone setting, in the Profile Settings page in the Panther Console.

Populate data in your custom Lookup Tables from a Google Cloud Storage (GCS) bucket.

Ingest data through the new Panther-managed log source integrations: Microsoft Intune, Microsoft Defender XDR, Docusign, and Axonius.

Configure your Scheduled Searches to send an email report each time they run, optionally including a CSV with the search results.

Use the p_any_cves and p_any_mitre_attack_techniques indicator fields, which enable faster searching across log types.

Enrich incoming logs with additional context through the MISP Warning Lists Enrichment Provider.

Open support tickets and browse the Knowledge Base directly in the Panther Console with the Pylon messenger.