v1.119

Feb 27, 2026

Panther AI can now access web pages for richer alert analysis, and the Panther console supports light mode.

arrow-left

All

Panther AI can access web pages for additional context during analysis. Configure approved and forbidden domain lists and optionally require user approval before the AI accesses domains outside the approved list.
Set a delay tag to postpone AI alert auto-run triage, giving additional alert context time to accumulate before analysis begins.
Ingest Iru (formerly Kandji) audit logs with Panther's new log source integration.
Ingest Upwind logs with Panther's new log source integration.
The Panther console supports light mode. Switch between light and dark mode in Profile Settings.
Set a unique value threshold for detections to control alert generation based on distinct field values observed over a time window.

Enrich alerts with threat intelligence using MISP Warning Lists.
Deliver Panther alerts to Jira Data Center with the Jira Data Center destination.
Deliver Panther alerts to Google Pub/Sub with the Google Pub/Sub destination.
Ingest DocuSign logs into Panther.
Ingest data into Panther using Azure Event Hub as a data transport.

PantherFlow query generation is available across all AI contexts, extending beyond the Search page.
Authenticate your Google Workspace integration with Workload Identity Federation.
Ingest Gemini, Classroom, and Vault application logs with the Google Workspace integration.
Additional AWS.EC2.Volume and AWS.EC2.VPC fields added to Cloud Security Scanning.
Panther AI settings have moved to a dedicated settings page.
Panther documentation and Knowledge Base are available in Korean.
New REST API endpoints for Alert Context Tags and Correlation Rules.
Use the PantherFlow visualize operator to generate pie charts.

SentinelOne.Activity schema activityType field type changed from int to string.
The Open Threat Exchange (OTX) enrichment schema has been updated. Data is flattened per indicator received.

Fixed Google Workspace application list display to reflect all supported apps across the log source list, Overview tab, Configuration tab, and setup.
Fixed a bug where a source's "last event received" timestamp was incorrectly updated when only internal audit events (not actual log data) were processed.
Updated AWS.ALB schema to support IPv6 client IP addresses.
Fixed IP indicator extraction for the ClientIPAddress and ClientIP fields of the Microsoft365.Audit.Exchange log type.
Fixed a bug where large GCS Enrichments (several GBs) were failing to be processed.
Bulk detections download now support ZIP files larger than 6 MB.

arrow-left

All

LATEST RELEASE

Feb 20, 2026

Feb 27, 2026

Panther AI can now access web pages for richer alert analysis, and the Panther console supports light mode.

Panther AI can access web pages for additional context during analysis. Configure approved and forbidden domain lists and optionally require user approval before the AI accesses domains outside the approved list.
Set a delay tag to postpone AI alert auto-run triage, giving additional alert context time to accumulate before analysis begins.
Ingest Iru (formerly Kandji) audit logs with Panther's new log source integration.
Ingest Upwind logs with Panther's new log source integration.
The Panther console supports light mode. Switch between light and dark mode in Profile Settings.
Set a unique value threshold for detections to control alert generation based on distinct field values observed over a time window.

Enrich alerts with threat intelligence using MISP Warning Lists.
Deliver Panther alerts to Jira Data Center with the Jira Data Center destination.
Deliver Panther alerts to Google Pub/Sub with the Google Pub/Sub destination.
Ingest DocuSign logs into Panther.
Ingest data into Panther using Azure Event Hub as a data transport.

PantherFlow query generation is available across all AI contexts, extending beyond the Search page.
Authenticate your Google Workspace integration with Workload Identity Federation.
Ingest Gemini, Classroom, and Vault application logs with the Google Workspace integration.
Additional AWS.EC2.Volume and AWS.EC2.VPC fields added to Cloud Security Scanning.
Panther AI settings have moved to a dedicated settings page.
Panther documentation and Knowledge Base are available in Korean.
New REST API endpoints for Alert Context Tags and Correlation Rules.
Use the PantherFlow visualize operator to generate pie charts.

SentinelOne.Activity schema activityType field type changed from int to string.
The Open Threat Exchange (OTX) enrichment schema has been updated. Data is flattened per indicator received.

Fixed Google Workspace application list display to reflect all supported apps across the log source list, Overview tab, Configuration tab, and setup.
Fixed a bug where a source's "last event received" timestamp was incorrectly updated when only internal audit events (not actual log data) were processed.
Updated AWS.ALB schema to support IPv6 client IP addresses.
Fixed IP indicator extraction for the ClientIPAddress and ClientIP fields of the Microsoft365.Audit.Exchange log type.
Fixed a bug where large GCS Enrichments (several GBs) were failing to be processed.
Bulk detections download now support ZIP files larger than 6 MB.