v1.32
Apr 5, 2022
New and Noteworthy
- GreyNoise is now available as an enrichment source in Panther.
- Use Panther detection capabilities with GreyNoise threat intelligence data to reduce false-positive alerts by:
- Ruling out internet background noise from external event sources to ensure you’re focused on the most critical events first.
- Identifying potential opportunistic attacks that may have been allowed into your perimeter.
- Identifying emerging threats based on GreyNoise context data and tagging.
- To enable Analyst roles to view and manage GreyNoise packages in the Panther Console, they will need to be assigned the View Lookups and Manage Lookups permissions.
- The Basic GreyNoise package is included for all Panther customers at no additional cost. The Advanced package, which includes expanded intelligence from GreyNoise for advanced filtering and threat hunting, requires a paid subscription to be activated. Learn more in our documentation or by watching the demo video below.
- Use Panther detection capabilities with GreyNoise threat intelligence data to reduce false-positive alerts by:
Features
- Added the ability to use Terraform templates when setting up Google Cloud Storage (GCS) data transport and AWS cloud accounts in the Panther Console.
Enhancements
- When updating the S3 configuration on a Lookup Table in the Panther Console, an informational warning is now displayed indicating that users must also update IAM permissions and provide a new role ARN.
- Alert severities for Alert Destinations in the Panther Console are now visually distinct and incorporate iconography rather than just color.
- Panther’s CloudFormation deployment parameters have been updated.
Bug Fixes
- Fixed a bug that reported an incorrect number of “modified” queries when uploading a zip containing queries in the Bulk Uploader in the Panther Console.