v1.108

Latest Release
Jun 28, 2024

New and Noteworthy

Now Generally Available

In Open Beta

  • Create correlation rules to track complex threat behavior across multiple detections.
  • Signals are now generated when there is a match on a rule, and enable you to disable alerting for a detection.
  • Manage Panther alerts in these new alert destinations:
  • Use the new script log parser to perform transformations on incoming logs using the Starlark configuration language.
  • The Panther-managed Proofpoint log source lets you ingest Proofpoint Event logs.
  • The user interface for managing log source schemas in the Panther Console has been updated.

Enhancements

  • A new p_current_timestamp macro is available in Data Explorer.
  • In custom log schemas, the timeFormat field can now accept a unix_auto value, which automatically determines the time format.
  • For Cloud Connected AWS deployments, Panther has defined resource tags and made it possible to add your own custom tags.
  • The Bitwarden log source has been extended to support EU servers.
  • If you are a GreyNoise customer, use the new Panther-managed GreyNoise.API.Noise schema along with additional resources in panther-auxiliary to set up a GreyNoise Lookup Table. Following the discontinuation of native GreyNoise support in Panther on June 17, this will allow you to continue leveraging GreyNoise data in Panther. 
  • In Search:

Bug Fixes

  • Fixed an issue causing the Open Unassigned Alerts by Severity dashboard modal to include alerts that were not Open.
  • Fixed an issue with normalized ingestion filters causing the IN operator to fail for certain values.
  • Fixed classification failures for the Crowdstrike.UserInfo schema.
  • For the Jira alert destination:
    • Fixed an issue with two-way sync causing the Panther Instance URL to be displayed incorrectly.
    • Fixed an issue with two-way sync causing the Panther API Token to not be displayed.
    • Fixed an issue with two-way sync causing status update comments posted to a Jira issue by Panther to then be synced back to Panther. These comments were redundant in Panther due to the Activity History log.
    • Fixed an issue with sending the label attribute to Jira instances that may not support labels.
    • Fixed an issue causing a status update comment to be posted to a Jira issue even if the actual status update failed.
`

Previous Releases

Week of 4/29/24 May 1, 2024
The Torq alert destination is in open beta, and available to all customers.
 
v1.107 Apr 17, 2024
Added new detections for MongoDB Atlas. The detections are available in the Panther Console and the panther-analysis GitHub repository.
 
v1.106 Apr 3, 2024
Added two new detections for CVE-2024-3094.