Jun 14, 2022

New and Noteworthy

  • In beta: you can now generate schemas from AWS S3 buckets
    • In previous versions of Panther, before onboarding logs from S3 buckets, you first needed to create schemas with the pantherlog CLI tool. This update allows you to onboard logs from S3 buckets and generate schemas from that data within the Panther Console.
    • This feature is available as an invite-only beta at this time. If you would like to participate, please contact your Panther representative. Availability to all customers is planned for a future release. 


  • The number of calls Panther performs against the Okta API when pulling logs has been reduced to prevent hitting rate limits and timeouts.
  • The Data Replay feature has received the following enhancements:
    • The estimated max run time calculation for running a replay has been adjusted to generate less conservative estimates.
    • After running a replay, its end time and duration are now displayed in addition to the start time.
  • The Panther API has received the following enhancements:
    • The UserModify permission is now an admin-level permission, which allows inviting new users and updating roles on existing users. Tokens can now also take the UserModify permission.
    • User and role management operations have been exposed.
  • Log source errors now produce more descriptive error messages to help diagnose issues.
  • Users can now specify custom role names for Cloud Account scanning.
  • In the Panther Console, the role Amazon Resources Name (ARN) of S3 log sources has been added to the Basic Info section of the Log Source operations page.
  • Zoom healthcheck failures now return a more descriptive error message to help diagnose the issue.
  • In the Panther Console, in the Overview page’s Data tab, a tooltip has been added to the data latency chart. This tooltip explains how the delay between when an event happened and when Panther processed it is calculated.
  • You can now set alarms for when a Lookup Table upload fails. System errors will be created when an upload fails.
  • Filters are now applied automatically when clicking outside of the filter box in the Panther Console.
  • In the Panther Console, the icon for audit logs in Log Sources has changed from a bucket to the Panther logo.
  • Panther’s CloudFormation deployment parameters have been updated.

Bug Fixes

  • Fixed a bug that did not produce a system error when failing to perform GetBucketLocation due to permission issues.
  • Fixed a bug that caused previously run queries to briefly appear in the Data Explorer.
  • Fixed a bug that created cells with excessive height due to nested cell contents in the Data Explorer.
  • Fixed a bug that cut off the navigation bar when it did not match the page height.
  • Fixed a bug that prevented schemas from sorting by Most Recent or Oldest.
  • Fixed a bug that could result in an error when cloning a rule in the Panther Console.
  • Fixed a bug that could cause the “npm audit” CI check to fail.
  • Fixed a bug that allowed users without UserRead permission to view user data.
  • Fixed a bug that did not require schemas to have a date range, which could cause timeouts on the alerts page.
  • Fixed a bug that redirected users to the Roles page after unsuccessfully creating a new or updating an existing role.

Previous Releases

v1.35 May 31, 2022
You can now filter by column without writing SQL when working within the Results table located in the Data Explorer in the Panther Console.
v1.34 Apr 26, 2022
Panther now generates audit logs for Panther administrator activity. Panther audit logs provide a read-only history of activity within your Panther deployment.
v1.33 Apr 19, 2022
Data Replay is now available on Detection pages in the Panther Console. When writing or updating a detection, you can use Data Replay to simulate what type of alerts you are likely to receive before deploying the detection.