v1.32

5 Apr, 2022

New and Noteworthy

  • GreyNoise is now available as an enrichment source in Panther.
    • Use Panther detection capabilities with GreyNoise threat intelligence data to reduce false-positive alerts by:
      • Ruling out internet background noise from external event sources to ensure you’re focused on the most critical events first.
      • Identifying potential opportunistic attacks that may have been allowed into your perimeter.
      • Identifying emerging threats based on GreyNoise context data and tagging.
    • To enable Analyst roles to view and manage GreyNoise packages in the Panther Console, they will need to be assigned the View Lookups and Manage Lookups permissions.
    • The Basic GreyNoise package is included for all Panther customers at no additional cost. The Advanced package, which includes expanded intelligence from GreyNoise for advanced filtering and threat hunting, requires a paid subscription to be activated. Learn more in our documentation or by watching the demo video below.

Features

  • Added the ability to use Terraform templates when setting up Google Cloud Storage (GCS) data transport and AWS cloud accounts in the Panther Console.

Enhancements

  • When updating the S3 configuration on a Lookup Table in the Panther Console, an informational warning is now displayed indicating that users must also update IAM permissions and provide a new role ARN.
  • Alert severities for Alert Destinations in the Panther Console are now visually distinct and incorporate iconography rather than just color.
  • The CloudSecurityScanSegments and ReplayAPIReservedConcurrency fields have been added to Panther’s CloudFormation deployment parameters.

Bug Fixes

  • Fixed a bug that reported an incorrect number of “modified” queries when uploading a zip containing queries in the Bulk Uploader in the Panther Console.