v1.15

1 Mar, 2021

New and Noteworthy

  • Health monitoring for Snowflake to validate your logs are flowing as expected
  • Pull your Duo logs with our new SaaS log puller.
  • Cloud Security scan history is now stored in your data lake

Features

  • Create and maintain universal data models in the UI that can be referenced when writing new rules and policies in the Python editor
  • Manage, update, and delete custom log schemas in Panther
  • Autodetect in Indicator Search: A new field option in Indicator Search called “Autodetect Type” that automatically detects the type of field entered into the Indicator Search
  • Policy-based alerts: See alerts generated by failed cloud security policies
  • Dynamic alert fields: Dynamically set the severity of an alarm to route alarms on critical and production resources to monitored Slack channels or kick off related workflows
  • Added support for new log types: AWS VPC DNS

Enhancements

  • Improved S3 onboarding: specify multiple prefix log types mapping per onboarded s3 source
  • Custom log schema generation script: analyzes custom schema logs and produces a suggested YML structure that can be reviewed, edited, and saved

Bug Fixes

  • VPC Flow logs parser outputs invalid data: this fixes reports of seeing invalid accountIDs in VPC Flow Logs data
  • Cloud Security scanner only handles some rate limit errors: the Cloud Security scanner now has the logic needed to handle more rate-limiting errors
  • Panther fails for 0 size files: Panther log processor will no longer fail if it encounters a 0-size file in S3