v1.100

Now Generally Available

• Our built-in Carbon Black, Netskope, and Tenable log sources are out of their open beta phase and are now generally available.

Enhancements

• Panther’s schema inference tool will now only switch from an object to a json property if the incoming json has 200 or more fields. 
  • Learn more about this change in this Panther Knowledge Base article.
• Field Discovery is now available for all parser types including fastmatch and regex.
• Added support for Azure Government Cloud.

Panther Developer Workflows

• panther-analysis version 3.42.0 was released, containing the following notable changes:
  • Separated Simple Detections into a new simple_rules directory in the top-level rules directory.
  • All Simple Detections now have a _simple suffix.

Bug Fixes

• Slack bot now maintains special characters “<”, “>”, and “&” in message fields after update, notably in alert title and runbook.
• Added support for long alert indicators.
• Fixed an issue that caused endless get events pagination.
• Newlines in Simple Detection tests no longer cause the test to fail.
• Fixed a bug where users were unable to remove all log types from a destination once a single log type had been set.
• Cloned rules with duplicate IDs of an existing rule no longer crash on save.
• Fixed a bug in the clone and inherit rule forms that caused your cursor to move to the end of the text box after every button press.
• Fixed an issue with Panther users displaying as Panther (Deactivated) in the Panther Console.
• Fixed an issue that prevented long alert activity history text from wrapping correctly.