NEW

Panther joins Databricks to build the future of the security lakehouse. Read more →

Platform

Solutions

Resources

Company

Book a demo

Platform

Solutions

Resources

Company

Book a demo

Panther joins Databricks to build the future of the security lakehouse. Read more →

LATEST RELEASE

v1.127

Jun 30, 2026

New Claude Telemetry log source for ingesting Claude Code and Claude Cowork activity via OpenTelemetry.

arrow-left

All

Ingest Claude Code and Claude Cowork activity through Panther’s new log sources.
Manage Panther AI scheduled prompts as code.
AI auto-triage that can defer alert notifications until triage finishes.

Added support for deleting Data Models, Global Helpers, and Queries via a Github PR.
Forward Palo Alto Next-Generation Firewall logs using the new Log Forwarder transport option.
Updated setup for onboarding cloud accounts.
Sign a user out of all active sessions from the Users Management settings page.
Refreshed the Panther login screen.
Panther AI has been enhanced with the following:
- Render full markdown (including bold, links, tables, and lists) in Slack messages.
- Manage other users' private scheduled prompts as an admin with ManageAIResponses.
  - View-only admins with ViewAIPrivateResponses can see but not modify them.

Tracebit.AlertSummary log type added and Tracebit.Alert extended with Google Cloud principals.
Material.IssueChange and Material.AuditLog log types added.
G Suite Drive document-owner email now normalized into p_any_emails for cross-source correlation.
SOCRadar whois registrar field now accepts both a string and an array.

Reject multi-field correlation rule match values with a clear error instead of failing silently.
Jira alert comments no longer fail with INVALID_INPUT from trailing line breaks or mailto links.
API tokens and webhook URLs are now redacted for Blink Ops, Expel, Incident.io, Mindflow, and Rapid7 destinations.
Opening a Saved Search now loads its SQL into the editor, even after a query has run.
Editing visualization settings no longer crashes when a chart title contains a single quote.
The Enrichments table no longer crashes on duplicate row IDs and fetches rows in one query.
Allow saving a query from the Save/Update modal even when nothing has changed.
Reduced the minimum required fields on the Palo Alto PAN-OS user-id schema so older versions can ingest logs.
Non-array fields no longer break schema parsing.
Column definitions are now optional for CSV schemas when Has Header is enabled.
Fixed AI Usage dashboard queries on the Databricks backend.
Databricks queries no longer crash with a nil-pointer error when prior results are unavailable.

arrow-left

All

LATEST RELEASE

Jun 30, 2026

New Claude Telemetry log source for ingesting Claude Code and Claude Cowork activity via OpenTelemetry.

Ingest Claude Code and Claude Cowork activity through Panther’s new log sources.
Manage Panther AI scheduled prompts as code.
AI auto-triage that can defer alert notifications until triage finishes.

Added support for deleting Data Models, Global Helpers, and Queries via a Github PR.
Forward Palo Alto Next-Generation Firewall logs using the new Log Forwarder transport option.
Updated setup for onboarding cloud accounts.
Sign a user out of all active sessions from the Users Management settings page.
Refreshed the Panther login screen.
Panther AI has been enhanced with the following:
- Render full markdown (including bold, links, tables, and lists) in Slack messages.
- Manage other users' private scheduled prompts as an admin with ManageAIResponses.
  - View-only admins with ViewAIPrivateResponses can see but not modify them.

Tracebit.AlertSummary log type added and Tracebit.Alert extended with Google Cloud principals.
Material.IssueChange and Material.AuditLog log types added.
G Suite Drive document-owner email now normalized into p_any_emails for cross-source correlation.
SOCRadar whois registrar field now accepts both a string and an array.

Reject multi-field correlation rule match values with a clear error instead of failing silently.
Jira alert comments no longer fail with INVALID_INPUT from trailing line breaks or mailto links.
API tokens and webhook URLs are now redacted for Blink Ops, Expel, Incident.io, Mindflow, and Rapid7 destinations.
Opening a Saved Search now loads its SQL into the editor, even after a query has run.
Editing visualization settings no longer crashes when a chart title contains a single quote.
The Enrichments table no longer crashes on duplicate row IDs and fetches rows in one query.
Allow saving a query from the Save/Update modal even when nothing has changed.
Reduced the minimum required fields on the Palo Alto PAN-OS user-id schema so older versions can ingest logs.
Non-array fields no longer break schema parsing.
Column definitions are now optional for CSV schemas when Has Header is enabled.
Fixed AI Usage dashboard queries on the Databricks backend.
Databricks queries no longer crash with a nil-pointer error when prior results are unavailable.