Apr 26, 2022

New and Noteworthy

  • Panther now generates audit logs for Panther administrator activity.
    • Panther audit logs provide a read-only history of activity within your Panther deployment. With Panther audit logs as a log source enabled, you can write detections or query the data lake for audit logs the same way you would with any other security events ingested by Panther.
    • Audit logs are automatically generated, but must be enabled by your Panther support team to use them as a log source. Please contact your Panther representative to discuss turning the feature on for your account.


  • Panther will now surface Access Denied errors for AWS Cloud Accounts that you have onboarded.
    • Previously, these errors were handled internally and through Panther support. Now, the errors will be surfaced via a system error to increase visibility into the health of cloud scanning services.
  • The Data Replay feature has received the following enhancements:
    • The end time and duration of a Data Replay are now displayed in the Panther Console after executing a replay.
    • Reduced the amount of time it takes to load events on Data Replay results.
    • An accurate date range of available data for Data Replay is now displayed, instead of an estimate of 30 days.
  • The user that created a log source will now be displayed on the log source’s details page in the Panther Console.
  • Added the ability to manually refresh Lookup Tables with S3 sync in the Panther Console. Perform a manual refresh by clicking the “Sync” button next to a Lookup Table’s card on the Lookup Tables page in the Console.
  • Lookup Tables that fail to update will now produce System Error notifications in the Panther Console.
  • When creating a new Detection in the Panther Console, the unique Role ID will now be automatically generated based on what has been written in the Display Name field.
  • Panther’s CloudFormation deployment parameters have been updated.

Bug Fixes

  • Fixed a bug that prevented “Access Denied” errors from Cloud Accounts connected with Panther from appearing as System Errors.
  • Fixed a bug that occasionally caused the “Download CSV” button in the Data Explorer in the Panther Console to not work properly.
  • Fixed a bug that unintentionally created duplicate alerts when using the Data Replay feature.