Features

• Panther’s new MITRE ATT&CK® Matrix, which allows you to easily map and compare detections, is now available for use with Panther’s built-in detections and custom detections.

  • The MITRE ATT&CK Matrix integration Panther enables you to compare your detection coverage against this framework, helping you identify areas of opportunity.

  • A visualization of the Matrix is available in the Panther Console in Detections > MITRE ATT&CK®.

• Pull Snyk Audit Logs with Panther’s new Snyk log puller.

Enhancements

• Panther audit logs now show Panther Console login events.

• In the Panther Console, column filters you set in the Data Explorer now persist throughout your user session.

• GraphQL permissions have been made public; when using the Roles API in GraphQL, any permission may now be selected. 

• The following fields have been added to the CloudTrail schema:

  • eventCategory

  • tlsVersion

  • addendum

  • sessionCredentialFromConsole

  • edgeDeviceDetails

• The pipe character (|), also known as a vertical bar, is now supported as a delimiter character for custom schema files..

• When adding an AWS log source in the Panther Console, clicking the Launch AWS Console button now redirects you to your current AWS region instead of Panther’s region.

• Panther’s CloudFormation deployment parameters have been updated.

Bug Fixes

• Fixed a bug that could cause log onboarding through AWS.AuroraMySQLAudit to fail when double quotation marks were present in the log.

• Fixed a bug that did not display newly-invited users in the user list until after refreshing the page. New users now appear without needing to refresh.