v.113
LATEST RELEASE
calendar
May 12, 2025
New and Noteworthy
Panther AI capabilities have expanded to include:
New entry points: In addition to alert triage, you can now use alert list summarization and Search results set summarization.
Freeform prompting: Ask Panther AI follow-up questions to aid in your investigations.
Response history preservation and management: View, rename, pin, and delete previous AI responses.
AI prompt settings: Set the response length setting to determine how much time Panther AI spends investigating and the length of its output.
Now in open beta, receive alerts through the Google Pub/Sub Destination.
panther-analysis versions 3.76.0, 3.76.1, and 3.77.0 are now available, containing:
New Orca Security alert passthrough rule
New AWS VPC endpoint rules
A dynamically generated backlink for the Wiz alert passthrough rule
Various bug fixes and tunes
Enhancements
When downloading a CSV of Search results after running a PantherFlow query with the
summarize
operator, the file will preserve the columns visible in the Console results tableAbility to render bar charts with time-based axes using the PantherFlow
visualize
operator (previously limited to line charts)Improved error messaging for SentinelOne health check failures
Updates to the AWS.CloudTrail schema
Ability to run a Data Replay for a detection without needing to deploy it to production first
Bug Fixes
Improved accuracy of output during panther-analysis bulk upload: unchanged items are no longer included in the modified count (but are still in the total count)
Correlation rule query schedules are not reset unless the rule transitions from a disabled to an enabled state, meaning the schedule typically remains consistent through modifications, preventing apparent skipped executions
In the Tines Logs puller, lengthy fields that previously broke ingestion were truncated
Fixed issue where the Crowdstrike Event Streams log source would stop fetching events, caused by incoming events whose IncidentType field had unsupported values
Fixed issue where Panther would fail to process Network Activity CloudTrail S3 objects with an uncompressed size greater than 15MB
Fixed classification failures for some Asana.Audit logs
Fixed issue with Search filter chips sending times in local time instead of UTC
Fixed inability to command + click "Go to PantherFlow query" from dashboard visualization widget