Product Updates

Manage S3 log sources programmatically through the Panther REST API.

Connect a GitHub repository to Panther so that edits to rules, scheduled rules, and simple detections made in the Panther Console open a pull request in the configured repository.

• If you would like to participate in this closed beta, please contact Panther support.

Download CSV data from the Visualizations tab and Custom Dashboards.

Panther AI can post messages directly to a Slack channel from within an investigation via the Panther Slackbot integration, with a link back to the originating conversation.

Describe a query in natural language and Panther AI will generate a SQL query in the Data Explorer.

Panther AI scheduled prompts and auto-triage actions can now run as a specific user or API token.

Use Panther AI to help build your organization profile, which provides organization-specific context to enhance AI-powered threat analysis.

Forwarding logs from on-premises infrastructure into Panther with the Panther Log Forwarder.

Ingest Databricks audit logs with Panther's new log source integration.

Ingest Island logs with Panther's new log source integration.

Manage Google Pub/Sub log sources programmatically through the Panther REST API and Terraform.

Manage Google Cloud Storage (GCS) log sources programmatically through the Panther REST API and Terraform.

Panther AI has been enhanced with the following new features:

• Scheduled AI prompts let you automate recurring Panther AI queries on a schedule.

• AI tools for cloud resources and cloud security scanning.

• Provide personal context to Panther AI with personal AI preferences.

• Support for file attachments to provide additional context.

• MCP Integrations allow you to connect remote MCP servers to Panther AI, enabling it to invoke tools from third-party services—such as creating Jira issues, querying PagerDuty incidents, or searching Notion pages—directly from the Panther AI chat experience.

  • This feature is in closed beta. To request access to this feature, please contact your Panther support team.

Ingest SOCRadar incidents with Panther's new log source integration.

CloudWatch log sources now support retaining top-level envelope fields in a p_header field on each event.

SQL custom enrichment tables can be defined as YAML and deployed via the Panther Analysis Tool (PAT).

Panther AI can access web pages for additional context during analysis. Configure approved and forbidden domain lists and optionally require user approval before the AI accesses domains outside the approved list.

Set a delay tag to postpone AI alert auto-run triage, giving additional alert context time to accumulate before analysis begins.

Use the new panther_analysis_tool merge workflow to manage your detections content repository.

Ingest Iru (formerly Kandji) audit logs with Panther's new log source integration.

Ingest Upwind logs with Panther's new log source integration.

The Panther console supports light mode. Switch between light and dark mode in Profile Settings.

Set a unique value threshold for detections to control alert generation based on distinct field values observed over a time window.