v1.37

Features

• Panther’s new MITRE ATT&CK® Matrix, which allows you to easily map and compare detections, is now available for use with Panther’s built-in detections and custom detections.
  • The MITRE ATT&CK Matrix integration Panther enables you to compare your detection coverage against this framework, helping you identify areas of opportunity.
  • A visualization of the Matrix is available in the Panther Console in Detections > MITRE ATT&CK®.
• Pull Snyk Audit Logs with Panther’s new Snyk log puller.

Enhancements

• Panther audit logs now show Panther Console login events.
• In the Panther Console, column filters you set in the Data Explorer now persist throughout your user session.
• GraphQL permissions have been made public; when using the Roles API in GraphQL, any permission may now be selected. 
• The following fields have been added to the CloudTrail schema:
  • eventCategory
  • tlsVersion
  • addendum
  • sessionCredentialFromConsole
  • edgeDeviceDetails
• The pipe character (|), also known as a vertical bar, is now supported as a delimiter character for custom schema files..
• When adding an AWS log source in the Panther Console, clicking the Launch AWS Console button now redirects you to your current AWS region instead of Panther’s region.
• Panther’s CloudFormation deployment parameters have been updated.

Bug Fixes

• Fixed a bug that could cause log onboarding through AWS.AuroraMySQLAudit to fail when double quotation marks were present in the log.
• Fixed a bug that did not display newly-invited users in the user list until after refreshing the page. New users now appear without needing to refresh.