v1.33
Apr 19, 2022
New and Noteworthy
- Data Replay is now available on Detection pages in the Panther Console.
- Use Data Replay to test your detections with historical data. When writing or updating a detection, you can simulate what type of alerts you are likely to receive before deploying the detection. Use this feature to fine-tune your detections and reduce alert fatigue.
- Data Replay is located on Detection pages under the Functions & Tests tab.
- You can now query your Panther data lake via the Panther API. Available operations include:
- Listing all available databases, tables, and columns within the data lake.
- Executing a Data Explorer query by providing a database and a SQL string.
- Executing an Indicator Search query.
- Reference the documentation for additional information and more operations.
- Added Log Source Operations pages for individual log source pages in the Panther Console. Use these pages to monitor log source ingestion and health.
Features
- Panther Console users can now view raw data coming into Panther in the schema page.
- Use this feature to inspect raw logs to troubleshoot issues with schemas or sources.
Enhancements
- Added a “View data” button next to schemas in the Schemas section of the Panther Console to enable users to quickly pivot to Data Explorer with a contextual query.
- Log source cards in the Panther Console will now display a red status health error when a classification error occurs.
- Log sources that were previously shown as healthy may now appear unhealthy based on ongoing schema classification failures. Previously this was handled via a system health notification rather than a persistent status indicating an unhealthy log source. These sources did not become unhealthy because of this new release; this status indicator is just now visible because of this new functionality.
- The Detections page in the Panther Console now shows enabled and disabled detections by default.
- Optimized Panther View Creation to only use active, non-empty views in Snowflake, preventing potential issues with reaching maximum view size limits.
- Panther’s CloudFormation deployment parameters have been updated.
Bug Fixes
- Fixed a bug in the Lookup Table creation process that showed options that should be unavailable based on the setup method.