Mar 6, 2024

New and Noteworthy

  • In Panther version 1.103, targeted for release beginning March 12, 2024, we will introduce a change to our beta REST API endpoints and parameters that will cause pre-existing implementations to no longer function as anticipated.
    • All endpoints and query parameters that previously contained _ will be updated to use - instead. The impacted endpoints are as follows:
      • data models: data_models will become data-models
      • simple rules: simple_rules will become simple-rules
      • scheduled rules: scheduled_rules will become scheduled-rules
    • If you utilize these endpoints, to ensure that your implementations of the Panther API continue working after next week, please update your configurations after your instance is upgraded to version 1.103.
    • This change will take effect with the release of Panther version 1.103 beginning on March 12, 2024.
    • We do not intend to make any breaking changes to our API endpoints after they are out of their beta phase.
  • panther-analysis versions 3.43.0 and 3.44.0 were released, featuring the following changes among other additions and improvements:
    • Converted several rules to Python from SDYAML.
    • Added data models for AWS EKS and GCP GKE logs to map to normalized Kubernetes log fields. 


  • Renamed “Rule Matches” to “Alerts” on the rule details page.
  • Added a “Copy ID” button to the rule details page in the Panther Console.
  • Added a clearer error message when users attempt to run data replay on data from within the last 24 hours.
  • When exporting search results from the Panther Console as a CSV, the columns users select to show in their results as well as their order will persist into the exported CSV.
  • Added the ability to use nested fields with JSON path notation in the Simple Detection builder in the Panther Console.

Panther Developer Workflows

Bug Fixes

  • Fixed an issue with an indicator search pivot button in alerts.
  • Fixed an issue with breakpoints in detection code that would cause the detections engine to hang.
  • The “download all entities” button no longer retrieves cached results, enabling users to obtain a more up-to-date export.
  • Fixed an issue that caused scheduled queries above 128KB to fail.
  • Fixed an issue that caused the detection page to crash when attempting to create a detection with an existing ID.
  • The ingestion dashboard in the Panther Console now displays the number of bytes filtered over the past month.

Previous Releases

v1.101 Feb 29, 2024
Use normalized event filtering to filter out events after they have been parsed by a log schema
v1.100 Feb 21, 2024
Our built-in Carbon Black, Netskope, and Tenable log sources are out of their open beta phase and are now generally available.
v1.99 Feb 14, 2024
Added the ability to configure dynamic severity, alert context, and groupby functions for Simple Detections in the Panther Console.