Product Updates

Enrich incoming logs with data already in your data lake by creating custom enrichment sources with the output of a Scheduled Search.

Infer schemas from sample data of any format, not just JSON, with AI-assisted schema inference.

Ingest OpenAI audit logs with Panther's new log source integration.

The Enrichment details page includes enrichment data under the new “Lookup Table” tab. The updated page makes it easier to validate your data and edit your schemas.

Ingest Wiz events via Webhook with Panther's new log source integration, now supporting Wiz Defend and additional event types.

Enrich incoming logs with additional context with Open Threat Exchange (OTX) enrichment.

Search now features two-way synchronization between PantherFlow query text and filter values.

In the Panther Console, custom enrichments (formerly called Lookup Tables) and Panther-managed enrichments have been consolidated into a single Enrichments page.

• Improved filtering and table columns have been added to the Enrichments page.

Configure whether you’d like to receive alert assignment emails, as well as your individual timezone setting, in the Profile Settings page in the Panther Console.

Populate data in your custom Lookup Tables from a Google Cloud Storage (GCS) bucket.

Ingest data through the new Panther-managed log source integrations: Microsoft Intune, Microsoft Defender XDR, Docusign, and Axonius.

Configure your Scheduled Searches to send an email report each time they run, optionally including a CSV with the search results.

Use the p_any_cves and p_any_mitre_attack_techniques indicator fields, which enable faster searching across log types.

Enrich incoming logs with additional context through the MISP Warning Lists Enrichment Provider.

Open support tickets and browse the Knowledge Base directly in the Panther Console with the Pylon messenger.

Manage your Panther alerts in Slack more effectively with improved Slack Bot functionality:

• You can now configure your Slack Bot destination to receive Panther AI alert triage summaries.

• You can now enable two-way sync for alert status and assignee, meaning changes made in the Panther Console (or via API) will be reflected in the Slack Bot representation of the alert.

• When resolving an alert from the Slack Bot, you can now assign it to yourself.

Easily re-ingest events that initially failed to classify in Panther with event reprocessing.

Ingest XML logs in Panther (such as Windows logs) without custom conversion tools, using the XML stream type functionality.

Set up an Azure Event Hub Data Transport Source to streamline ingestion of Azure data in Panther.

Add Snowflake context to incoming logs in Panther with the Snowflake Enrichment Provider.

Use the PantherFlow visualize table type to generate tables, then add them as widgets in your custom dashboards.