New and Noteworthy

• Panther AI capabilities have expanded to include:

  • New entry points: In addition to alert triage, you can now use alert list summarization and Search results set summarization.

  • Freeform prompting: Ask Panther AI follow-up questions to aid in your investigations.

  • Response history preservation and management: View, rename, pin, and delete previous AI responses.

  • AI prompt settings: Set the response length setting to determine how much time Panther AI spends investigating and the length of its output.

• Now in open beta, receive alerts through the Google Pub/Sub Destination.

• panther-analysis versions 3.76.0, 3.76.1, and 3.77.0 are now available, containing:

  • The introduction of the concept of “beta” rules

  • New Orca Security alert passthrough rule

  • New AWS VPC endpoint rules

  • A dynamically generated backlink for the Wiz alert passthrough rule

  • Various bug fixes and tunes

Enhancements

• When downloading a CSV of Search results after running a PantherFlow query with the summarize operator, the file will preserve the columns visible in the Console results table

• Ability to render bar charts with time-based axes using the PantherFlow visualize operator (previously limited to line charts)

• Improved error messaging for SentinelOne health check failures

• Updates to the AWS.CloudTrail schema

• Ability to run a Data Replay for a detection without needing to deploy it to production first

Bug Fixes

• Improved accuracy of output during panther-analysis bulk upload: unchanged items are no longer included in the modified count (but are still in the total count)

• Correlation rule query schedules are not reset unless the rule transitions from a disabled to an enabled state, meaning the schedule typically remains consistent through modifications, preventing apparent skipped executions

• In the Tines Logs puller, lengthy fields that previously broke ingestion were truncated

• Fixed issue where the Crowdstrike Event Streams log source would stop fetching events, caused by incoming events whose IncidentType field had unsupported values

• Fixed issue where Panther would fail to process Network Activity CloudTrail S3 objects with an uncompressed size greater than 15MB

• Fixed classification failures for some Asana.Audit logs

• Fixed issue with Search filter chips sending times in local time instead of UTC

• Fixed inability to command + click "Go to PantherFlow query" from dashboard visualization widget