Apr 26, 2022

New and Noteworthy

  • Panther now generates audit logs for Panther administrator activity.
    • Panther audit logs provide a read-only history of activity within your Panther deployment. With Panther audit logs as a log source enabled, you can write detections or query the data lake for audit logs the same way you would with any other security events ingested by Panther.
    • Audit logs are automatically generated, but must be enabled by your Panther support team to use them as a log source. Please contact your Panther representative to discuss turning the feature on for your account.


  • Panther will now surface Access Denied errors for AWS Cloud Accounts that you have onboarded.
    • Previously, these errors were handled internally and through Panther support. Now, the errors will be surfaced via a system error to increase visibility into the health of cloud scanning services.
  • The Data Replay feature has received the following enhancements:
    • The end time and duration of a Data Replay are now displayed in the Panther Console after executing a replay.
    • Reduced the amount of time it takes to load events on Data Replay results.
    • An accurate date range of available data for Data Replay is now displayed, instead of an estimate of 30 days.
  • The user that created a log source will now be displayed on the log source’s details page in the Panther Console.
  • Added the ability to manually refresh Lookup Tables with S3 sync in the Panther Console. Perform a manual refresh by clicking the “Sync” button next to a Lookup Table’s card on the Lookup Tables page in the Console.
  • Lookup Tables that fail to update will now produce System Error notifications in the Panther Console.
  • When creating a new Detection in the Panther Console, the unique Role ID will now be automatically generated based on what has been written in the Display Name field.
  • Panther’s CloudFormation deployment parameters have been updated.

Bug Fixes

  • Fixed a bug that prevented “Access Denied” errors from Cloud Accounts connected with Panther from appearing as System Errors.
  • Fixed a bug that occasionally caused the “Download CSV” button in the Data Explorer in the Panther Console to not work properly.
  • Fixed a bug that unintentionally created duplicate alerts when using the Data Replay feature.

Previous Releases

v1.33 Apr 19, 2022
Data Replay is now available on Detection pages in the Panther Console. When writing or updating a detection, you can use Data Replay to simulate what type of alerts you are likely to receive before deploying the detection.
v1.32 Apr 5, 2022
GreyNoise is now available as an enrichment source in Panther. Use Panther detection capabilities with GreyNoise threat intelligence data to reduce false-positive alerts.
v1.31 Mar 22, 2022