Apr 19, 2022

New and Noteworthy

  • Data Replay is now available on Detection pages in the Panther Console.
    • Use Data Replay to test your detections with historical data. When writing or updating a detection, you can simulate what type of alerts you are likely to receive before deploying the detection. Use this feature to fine-tune your detections and reduce alert fatigue.
    • Data Replay is located on Detection pages under the Functions & Tests tab.
  • You can now query your Panther data lake via the Panther API. Available operations include:
  • Added Log Source Operations pages for individual log source pages in the Panther Console. Use these pages to monitor log source ingestion and health.



  • Added a “View data” button next to schemas in the Schemas section of the Panther Console to enable users to quickly pivot to Data Explorer with a contextual query.
  • Log source cards in the Panther Console will now display a red status health error when a classification error occurs.
    • Log sources that were previously shown as healthy may now appear unhealthy based on ongoing schema classification failures. Previously this was handled via a system health notification rather than a persistent status indicating an unhealthy log source. These sources did not become unhealthy because of this new release; this status indicator is just now visible because of this new functionality.
  • The Detections page in the Panther Console now shows enabled and disabled detections by default. 
  • Optimized Panther View Creation to only use active, non-empty views in Snowflake, preventing potential issues with reaching maximum view size limits.
  • Panther’s CloudFormation deployment parameters have been updated.

Bug Fixes

  • Fixed a bug in the Lookup Table creation process that showed options that should be unavailable based on the setup method.