Apr 19, 2022

New and Noteworthy

  • Data Replay is now available on Detection pages in the Panther Console.
    • Use Data Replay to test your detections with historical data. When writing or updating a detection, you can simulate what type of alerts you are likely to receive before deploying the detection. Use this feature to fine-tune your detections and reduce alert fatigue.
    • Data Replay is located on Detection pages under the Functions & Tests tab.
  • You can now query your Panther data lake via the Panther API. Available operations include:
  • Added Log Source Operations pages for individual log source pages in the Panther Console. Use these pages to monitor log source ingestion and health.



  • Added a “View data” button next to schemas in the Schemas section of the Panther Console to enable users to quickly pivot to Data Explorer with a contextual query.
  • Log source cards in the Panther Console will now display a red status health error when a classification error occurs.
    • Log sources that were previously shown as healthy may now appear unhealthy based on ongoing schema classification failures. Previously this was handled via a system health notification rather than a persistent status indicating an unhealthy log source. These sources did not become unhealthy because of this new release; this status indicator is just now visible because of this new functionality.
  • The Detections page in the Panther Console now shows enabled and disabled detections by default. 
  • Optimized Panther View Creation to only use active, non-empty views in Snowflake, preventing potential issues with reaching maximum view size limits.
  • Panther’s CloudFormation deployment parameters have been updated.

Bug Fixes

  • Fixed a bug in the Lookup Table creation process that showed options that should be unavailable based on the setup method.

Previous Releases

v1.32 Apr 5, 2022
GreyNoise is now available as an enrichment source in Panther. Use Panther detection capabilities with GreyNoise threat intelligence data to reduce false-positive alerts.
v1.31 Mar 22, 2022
v1.30 Mar 7, 2022
Added the ability to use Terraform templates when setting up Amazon S3 and CloudWatch Logs in the Panther Console.