v1.114
LATEST RELEASE
calendar
Jul 11, 2025
New and Noteworthy
Manage your Panther alerts in Slack more effectively with improved Slack Bot functionality:
You can now configure your Slack Bot destination to receive Panther AI alert triage summaries.
You can now enable two-way sync for alert status and assignee, meaning changes made in the Panther Console (or via API) will be reflected in the Slack Bot representation of the alert.
When resolving an alert from the Slack Bot, you can now assign it to yourself.
Easily re-ingest events that initially failed to classify in Panther with event reprocessing.
Ingest XML logs in Panther (such as Windows logs) without custom conversion tools, using the XML stream type functionality.
Set up an Azure Event Hub Data Transport Source to streamline ingestion of Azure data in Panther.
Add Snowflake context to incoming logs in Panther with the Snowflake Enrichment Provider.
Use the PantherFlow visualize
table
type to generate tables, then add them as widgets in your custom dashboards.
Panther Developer Workflows
Detections uploaded in the CLI workflow can now use a
CreatedBy
field to specify authorship.Since the last Panther release, the panther-analysis repository has published versions 3.78-3.81, which include a number of changes, such as:
Adding a pre-commit hook that runs
make lint
andmake test
.Restricting internal Panther GitHub workflows to the upstream repository—learn about the workflows available to you here.
A CLAUDE.md file to provide guidance to Claude Code.
Various new detections and much detection tuning.
The Panther Analysis Tool (PAT) has released version 1.0.0, which:
Updates the license from AGPL-3.0 to Apache-2.0.
Updates schemas with new (optional)
CreatedBy
field.Switches dependency management to poetry.
Enhancements
Has been upgraded to use Claude Sonnet 4.
Allows you to explicitly save an AI response.
Has documentation additions: comprehensive workflow examples, a tool list, and AI system architecture explanations.
Take advantage of your screen’s full width when searching data in Panther, with wide screen support for Data Explorer.
Search now allows CSV generation when there are more than 1000 rows.
The Search page now respects your Panther global time setting, i.e., it can display time in your local timezone instead of UTC only.
When classifying logs using the script parser, use the base64.decode and base64.encode functions.
The MITRE ATT&CK dashboard in the Panther Console has been updated to version 16.1 (from 11.1), which introduces a number of new attack techniques.
The Crowdstrike.FDREvent log schema has improved indicator field extraction.
Leverage the following enhancements to the Panther REST API:
Adds filtering options for list detection endpoints.
Adds new
createdBy
field to detection endpoints.Adds
XML
as a possible value forlogStreamType
in HTTP Source endpoints.Adds `outputIds` (alert destination overrides) field to detection endpoints
Adds pagination support to list users endpoint.
Infrastructure Changes
If you are a Cloud Connected Panther customer:
You can now use the PantherDeploymentUpdaterRole to keep your PantherDeploymentRole updated automatically.
Panther now publishes a Terraform version of the PantherDeploymentRole (previously available only in CloudFormation).
Panther has implemented dedicated Snowflake warehouses for public API requests. This architectural improvement provides better cost attribution and resource management for API-driven workloads by isolating them from other Snowflake operations. (This does not apply to legacy Snowflake configurations.)
Bug Fixes
In PantherFlow, added support for signed variables and functions (previously, only numbers could be signed).
Fixed issue where Okta Logs sources would intermittently report being unhealthy.
In the script parser, fixed logic that resulted in memory issues.
Fixed Cloud Security Scanning bug causing CloudFormation stacks to not be displayed on the Cloud Resources page.
In the Microsoft Graph Logs integration, fixed a bug that could, under specific circumstances, result in event duplication and partial data loss.
Fixed a bug in Search preventing drilldown capabilities in the results histogram when “All time” is selected in the date range filter.
In the Panther REST API:
Fixed alert comments pagination bug.
The get alerts endpoint now returns a 404 if the alert isn’t found (instead of a 500).
When assigning an alert to an invalid user, a 400 is now returned (instead of a 500).
Ready for less noise
and more control?
See Panther in action. Book a demo today.