LATEST RELEASE
v1.119
Feb 27, 2026
Panther AI can now access web pages for richer alert analysis, and the Panther console supports light mode.
New and Noteworthy
Panther AI can access web pages for additional context during analysis. Configure approved and forbidden domain lists and optionally require user approval before the AI accesses domains outside the approved list.
Set a delay tag to postpone AI alert auto-run triage, giving additional alert context time to accumulate before analysis begins.
Ingest Iru (formerly Kandji) audit logs with Panther's new log source integration.
Ingest Upwind logs with Panther's new log source integration.
The Panther console supports light mode. Switch between light and dark mode in Profile Settings.
Set a unique value threshold for detections to control alert generation based on distinct field values observed over a time window.
Now Generally Available
Enrich alerts with threat intelligence using MISP Warning Lists.
Deliver Panther alerts to Jira Data Center with the Jira Data Center destination.
Deliver Panther alerts to Google Pub/Sub with the Google Pub/Sub destination.
Ingest DocuSign logs into Panther.
Ingest data into Panther using Azure Event Hub as a data transport.
Enhancements
PantherFlow query generation is available across all AI contexts, extending beyond the Search page.
Authenticate your Google Workspace integration with Workload Identity Federation.
Ingest Gemini, Classroom, and Vault application logs with the Google Workspace integration.
Additional AWS.EC2.Volume and AWS.EC2.VPC fields added to Cloud Security Scanning.
Panther AI settings have moved to a dedicated settings page.
Panther documentation and Knowledge Base are available in Korean.
New REST API endpoints for Alert Context Tags and Correlation Rules.
Use the PantherFlow
visualizeoperator to generate pie charts.
Schema Changes
SentinelOne.ActivityschemaactivityTypefield type changed frominttostring.The Open Threat Exchange (OTX) enrichment schema has been updated. Data is flattened per indicator received.
Bug Fixes
Fixed Google Workspace application list display to reflect all supported apps across the log source list, Overview tab, Configuration tab, and setup.
Fixed a bug where a source's "last event received" timestamp was incorrectly updated when only internal audit events (not actual log data) were processed.
Updated
AWS.ALBschema to support IPv6 client IP addresses.Fixed IP indicator extraction for the
ClientIPAddressandClientIPfields of theMicrosoft365.Audit.Exchangelog type.Fixed a bug where large GCS Enrichments (several GBs) were failing to be processed.
Bulk detections download now support ZIP files larger than 6 MB.
Deprecations
Cross-account
AWS.EC2.AMIresources will no longer be scanned.
LATEST RELEASE
v1.119
Feb 20, 2026
Feb 27, 2026
Panther AI can now access web pages for richer alert analysis, and the Panther console supports light mode.
New and Noteworthy
Panther AI can access web pages for additional context during analysis. Configure approved and forbidden domain lists and optionally require user approval before the AI accesses domains outside the approved list.
Set a delay tag to postpone AI alert auto-run triage, giving additional alert context time to accumulate before analysis begins.
Ingest Iru (formerly Kandji) audit logs with Panther's new log source integration.
Ingest Upwind logs with Panther's new log source integration.
The Panther console supports light mode. Switch between light and dark mode in Profile Settings.
Set a unique value threshold for detections to control alert generation based on distinct field values observed over a time window.
Now Generally Available
Enrich alerts with threat intelligence using MISP Warning Lists.
Deliver Panther alerts to Jira Data Center with the Jira Data Center destination.
Deliver Panther alerts to Google Pub/Sub with the Google Pub/Sub destination.
Ingest DocuSign logs into Panther.
Ingest data into Panther using Azure Event Hub as a data transport.
Enhancements
PantherFlow query generation is available across all AI contexts, extending beyond the Search page.
Authenticate your Google Workspace integration with Workload Identity Federation.
Ingest Gemini, Classroom, and Vault application logs with the Google Workspace integration.
Additional AWS.EC2.Volume and AWS.EC2.VPC fields added to Cloud Security Scanning.
Panther AI settings have moved to a dedicated settings page.
Panther documentation and Knowledge Base are available in Korean.
New REST API endpoints for Alert Context Tags and Correlation Rules.
Use the PantherFlow
visualizeoperator to generate pie charts.
Schema Changes
SentinelOne.ActivityschemaactivityTypefield type changed frominttostring.The Open Threat Exchange (OTX) enrichment schema has been updated. Data is flattened per indicator received.
Bug Fixes
Fixed Google Workspace application list display to reflect all supported apps across the log source list, Overview tab, Configuration tab, and setup.
Fixed a bug where a source's "last event received" timestamp was incorrectly updated when only internal audit events (not actual log data) were processed.
Updated
AWS.ALBschema to support IPv6 client IP addresses.Fixed IP indicator extraction for the
ClientIPAddressandClientIPfields of theMicrosoft365.Audit.Exchangelog type.Fixed a bug where large GCS Enrichments (several GBs) were failing to be processed.
Bulk detections download now support ZIP files larger than 6 MB.
Deprecations
Cross-account
AWS.EC2.AMIresources will no longer be scanned.
Ready for less noise
and more control?
See Panther in action. Book a demo today.
Get product updates, webinars, and news
By submitting this form, you acknowledge and agree that Panther will process your personal information in accordance with the Privacy Policy.
Get product updates, webinars, and news
By submitting this form, you acknowledge and agree that Panther will process your personal information in accordance with the Privacy Policy.
Product
Resources
Support
Company
Get product updates, webinars, and news
By submitting this form, you acknowledge and agree that Panther will process your personal information in accordance with the Privacy Policy.