Product Updates

Ingest Wiz events via Webhook with Panther's new log source integration, now supporting Wiz Defend and additional event types.

Enrich incoming logs with additional context with Open Threat Exchange (OTX) enrichment.

Search now features two-way synchronization between PantherFlow query text and filter values.

In the Panther Console, custom enrichments (formerly called Lookup Tables) and Panther-managed enrichments have been consolidated into a single Enrichments page.

• Improved filtering and table columns have been added to the Enrichments page.

Configure whether you’d like to receive alert assignment emails, as well as your individual timezone setting, in the Profile Settings page in the Panther Console.

Populate data in your custom Lookup Tables from a Google Cloud Storage (GCS) bucket.

Ingest data through the new Panther-managed log source integrations: Microsoft Intune, Microsoft Defender XDR, Docusign, and Axonius.

Configure your Scheduled Searches to send an email report each time they run, optionally including a CSV with the search results.

Use the p_any_cves and p_any_mitre_attack_techniques indicator fields, which enable faster searching across log types.

Enrich incoming logs with additional context through the MISP Warning Lists Enrichment Provider.

Open support tickets and browse the Knowledge Base directly in the Panther Console with the Pylon messenger.

Manage your Panther alerts in Slack more effectively with improved Slack Bot functionality:

• You can now configure your Slack Bot destination to receive Panther AI alert triage summaries.

• You can now enable two-way sync for alert status and assignee, meaning changes made in the Panther Console (or via API) will be reflected in the Slack Bot representation of the alert.

• When resolving an alert from the Slack Bot, you can now assign it to yourself.

Easily re-ingest events that initially failed to classify in Panther with event reprocessing.

Ingest XML logs in Panther (such as Windows logs) without custom conversion tools, using the XML stream type functionality.

Set up an Azure Event Hub Data Transport Source to streamline ingestion of Azure data in Panther.

Add Snowflake context to incoming logs in Panther with the Snowflake Enrichment Provider.

Use the PantherFlow visualize table type to generate tables, then add them as widgets in your custom dashboards.

Panther AI capabilities have expanded to include:

• New entry points: In addition to alert triage, you can now use alert list summarization and Search results set summarization.

• Freeform prompting: Ask Panther AI follow-up questions to aid in your investigations.

• Response history preservation and management: View, rename, pin, and delete previous AI responses.

• AI prompt settings: Set the response length setting to determine how much time Panther AI spends investigating and the length of its output.

Now in open beta, receive alerts through the Google Pub/Sub Destination.

panther-analysis versions 3.76.0, 3.76.1, and 3.77.0 are now available, containing:

• The introduction of the concept of “beta” rules

• New Orca Security alert passthrough rule

• New AWS VPC endpoint rules

• A dynamically generated backlink for the Wiz alert passthrough rule

• Various bug fixes and tunes