v1.33

Apr 19, 2022

New and Noteworthy

Data Replay is now available on Detection pages in the Panther Console.
- Use Data Replay to test your detections with historical data. When writing or updating a detection, you can simulate what type of alerts you are likely to receive before deploying the detection. Use this feature to fine-tune your detections and reduce alert fatigue.
- Data Replay is located on Detection pages under the Functions & Tests tab.
You can now query your Panther data lake via the Panther API. Available operations include:
- Listing all available databases, tables, and columns within the data lake.
- Executing a Data Explorer query by providing a database and a SQL string.
- Executing an Indicator Search query.
- Reference the documentation for additional information and more operations.
Added Log Source Operations pages for individual log source pages in the Panther Console. Use these pages to monitor log source ingestion and health.

Features

Panther Console users can now view raw data coming into Panther in the schema page.
- Use this feature to inspect raw logs to troubleshoot issues with schemas or sources.

Enhancements

Added a “View data” button next to schemas in the Schemas section of the Panther Console to enable users to quickly pivot to Data Explorer with a contextual query.
Log source cards in the Panther Console will now display a red status health error when a classification error occurs.
- Log sources that were previously shown as healthy may now appear unhealthy based on ongoing schema classification failures. Previously this was handled via a system health notification rather than a persistent status indicating an unhealthy log source. These sources did not become unhealthy because of this new release; this status indicator is just now visible because of this new functionality.
The Detections page in the Panther Console now shows enabled and disabled detections by default.
Optimized Panther View Creation to only use active, non-empty views in Snowflake, preventing potential issues with reaching maximum view size limits.
Panther’s CloudFormation deployment parameters have been updated.

Bug Fixes

Fixed a bug in the Lookup Table creation process that showed options that should be unavailable based on the setup method.

Previous Releases

View All

v1.32 Apr 5, 2022

GreyNoise is now available as an enrichment source in Panther. Use Panther detection capabilities with GreyNoise threat intelligence data to reduce false-positive alerts.

v1.31 Mar 22, 2022

Save time by previewing example table data in the Data Explorer in the Panther Console without writing SQL. To preview table contents, click the eye icon next to the table type.

v1.30 Mar 7, 2022

Added the ability to use Terraform templates when setting up Amazon S3 and CloudWatch Logs in the Panther Console.