Now Generally Available

• Our built-in Carbon Black, Netskope, and Tenable log sources are out of their open beta phase and are now generally available.

Enhancements

• Panther’s schema inference tool will now only switch from an object to a json property if the incoming json has 200 or more fields. 

  • Learn more about this change in this Panther Knowledge Base article.

• Field Discovery is now available for all parser types including fastmatch and regex.

• Added support for Azure Government Cloud.

Panther Developer Workflows

• panther-analysis version 3.42.0 was released, containing the following notable changes:

  • Separated Simple Detections into a new simple_rules directory in the top-level rules directory.

  • All Simple Detections now have a _simple suffix.

Bug Fixes

• Slack bot now maintains special characters “<”, “>”, and “&” in message fields after update, notably in alert title and runbook.

• Added support for long alert indicators.

• Fixed an issue that caused endless get events pagination.

• Newlines in Simple Detection tests no longer cause the test to fail.

• Fixed a bug where users were unable to remove all log types from a destination once a single log type had been set.

• Cloned rules with duplicate IDs of an existing rule no longer crash on save.

• Fixed a bug in the clone and inherit rule forms that caused your cursor to move to the end of the text box after every button press.

• Fixed an issue with Panther users displaying as Panther (Deactivated) in the Panther Console.

• Fixed an issue that prevented long alert activity history text from wrapping correctly.