v1.101

New and Noteworthy

The following features are in open beta and are available to all Panther customers.

• Use normalized event filtering to filter out events after they have been parsed by a log schema.
• Use our two new REST API endpoints for data models and queries to programmatically manage more of your detection content.

Now Generally Available

• Our Simple Detections feature is now out of its open beta phase and is generally available.

Enhancements

• Data replay now supports inline filters.
• Our existing Lacework log source integration has been split into two options in the log source setup page in the Panther Console: Lacework Export and Lacework Alert Channel Webhook.
  • These options more clearly represent previously-existing configuration options when setting up a Lacework log source.

Bug Fixes

• Fixed a bug with re-delivering alerts where only rule alerts would get re-delivered (and not, for example, system health alerts) when a user manually clicked the “re-deliver alert” button.
• Fixed an issue with detection rule match list filters in the Console that prevented them from functioning as intended.
• Alert IDs will now be deduplicated when a user requests the same alert ID multiple times in a public API request, instead of returning an error.
• The Simple Detection Console builder now supports boolean False and empty string comparisons.
• Fixed a bug with Simple Detection KeyPaths where uppercase keys after an array index were impossible to match against.
• Fixed a bug that treated rule errors as rule matches when attempting to re-deliver alerts.