26 Apr, 2022
New and Noteworthy
- Panther now generates audit logs for Panther administrator activity.
- Panther audit logs provide a read-only history of activity within your Panther deployment. With Panther audit logs as a log source enabled, you can write detections or query the data lake for audit logs the same way you would with any other security events ingested by Panther.
- Audit logs are automatically generated, but must be enabled by your Panther support team to use them as a log source. Please contact your Panther representative to discuss turning the feature on for your account.
- Panther will now surface Access Denied errors for AWS Cloud Accounts that you have onboarded.
- Previously, these errors were handled internally and through Panther support. Now, the errors will be surfaced via a system error to increase visibility into the health of cloud scanning services.
- The Data Replay feature has received the following enhancements:
- The end time and duration of a Data Replay are now displayed in the Panther Console after executing a replay.
- Reduced the amount of time it takes to load events on Data Replay results.
- An accurate date range of available data for Data Replay is now displayed, instead of an estimate of 30 days.
- The user that created a log source will now be displayed on the log source’s details page in the Panther Console.
- Added the ability to manually refresh Lookup Tables with S3 sync in the Panther Console. Perform a manual refresh by clicking the “Sync” button next to a Lookup Table’s card on the Lookup Tables page in the Console.
- Lookup Tables that fail to update will now produce System Error notifications in the Panther Console.
- When creating a new Detection in the Panther Console, the unique Role ID will now be automatically generated based on what has been written in the Display Name field.
- The following parameters have been added to Panther’s CloudFormation deployment parameters:
- Fixed a bug that prevented “Access Denied” errors from Cloud Accounts connected with Panther from appearing as System Errors.
- Fixed a bug that occasionally caused the “Download CSV” button in the Data Explorer in the Panther Console to not work properly.
- Fixed a bug that unintentionally created duplicate alerts when using the Data Replay feature.