New and Noteworthy

• Configure whether you’d like to receive alert assignment emails, as well as your individual timezone setting, in the Profile Settings page in the Panther Console.

• Populate data in your custom Lookup Tables from a Google Cloud Storage (GCS) bucket.

• Ingest data through the new Panther-managed log source integrations: Microsoft Intune, Microsoft Defender XDR, Docusign, and Axonius.

• Configure your Scheduled Searches to send an email report each time they run, optionally including a CSV with the search results.

• Use the p_any_cves and p_any_mitre_attack_techniques indicator fields, which enable faster searching across log types.

• Enrich incoming logs with additional context through the MISP Warning Lists Enrichment Provider.

• Open support tickets and browse the Knowledge Base directly in the Panther Console with the Pylon messenger.

Enhancements

• Enable two-way comment syncing between your Slack Bot alert destination and the alert in the Panther Console. If you’d like to update an existing Slack Bot destination for two-way comment syncing, you must update your Slack app manifest.

• Leverage the following enhancements to Panther AI:

  • Provide organization-specific context and direction to Panther AI with the Customer Profile field.

  • You can now select certain alerts to summarize with Panther AI, as well as manage AI summaries, from the alert list page.

  • The new listLogSourcesTool analyzes Panther's data integrations, providing detailed health monitoring and configuration insights.

• Improve the security posture of your Snowflake Audit Logs integration in Panther with the ability to specify a custom database/schema and seamlessly rotate your RSA key.

• Field discovery is enabled for the following Panther-managed log schemas: GitHub.Webhook, GitHub.Audit, Crowdstrike.EventStreams, GCP.AuditLog, GCP.HttpLoadBalancer, and Lacework.Events. Additional schemas will be enabled on a rolling basis.

• Leverage case-insensitive condition support in filter chips in Inline Filters and Simple Detections.

• Use allowContains and denyContains in your custom schemas to validate that string values contain or do not contain specific substrings.

• Ingest XML-formatted logs enclosed in a root element.

Now Generally Available

• Use the script parser in Panther to transform incoming log events.

• Ingest Avro logs into Panther.

Panther Developer Workflows

• Since the last Panther release, the panther-analysis repository has published versions 3.82.0–3.85.0, which include a number of changes, such as:

  • New rules for Bedrock Model Invocation Logs

  • NX supply chain compromise detections for GitHub Audit and Webhook logs

• The Panther Analysis Tool (PAT) has released version 1.1.0, which includes:

  • Schema updates to support Scheduled Search email reports

  • A debug command to troubleshoot rule tests

Bug Fixes

• Changed type of id field of GitLab.Audit to be string instead of bigint

• Jira comment syncing now functions properly for comments submitted through the Panther API

• Fixed a bug that prevented bulk downloads when users had numerous Lookup Tables or Saved Searches

• Fixed bug that would result in truncation of big numbers in rule matches results

• Fixed an issue that would result in persistent 5xx errors when using the Panther Terraform provider to manage more than 10 HTTP sources

• Fixed issue that would hide the error message for Workday and Anomali health check failures

• Fixed issue that would result in Crowdstrike FDR CSPM policy events generating classification failures

• Fixed issue that would result in several health check failures for Atlassian integrations that were otherwise working normally