Jun 28, 2022


  • Panther’s new MITRE ATT&CK® Matrix, which allows you to easily map and compare detections, is now available for use with Panther’s built-in detections and custom detections.
    • The MITRE ATT&CK Matrix integration Panther enables you to compare your detection coverage against this framework, helping you identify areas of opportunity.
    • A visualization of the Matrix is available in the Panther Console in Detections > MITRE ATT&CK®.
  • Pull Snyk Audit Logs with Panther’s new Snyk log puller.


  • Panther audit logs now show Panther Console login events.
  • In the Panther Console, column filters you set in the Data Explorer now persist throughout your user session.
  • GraphQL permissions have been made public; when using the Roles API in GraphQL, any permission may now be selected. 
  • The following fields have been added to the CloudTrail schema:
    • eventCategory
    • tlsVersion
    • addendum
    • sessionCredentialFromConsole
    • edgeDeviceDetails
  • The pipe character (|), also known as a vertical bar, is now supported as a delimiter character for custom schema files..
  • When adding an AWS log source in the Panther Console, clicking the Launch AWS Console button now redirects you to your current AWS region instead of Panther’s region.
  • Panther’s CloudFormation deployment parameters have been updated.

Bug Fixes

  • Fixed a bug that could cause log onboarding through AWS.AuroraMySQLAudit to fail when double quotation marks were present in the log.
  • Fixed a bug that did not display newly-invited users in the user list until after refreshing the page. New users now appear without needing to refresh.