v1.38

12 Jul, 2022

Features

  • The generate schemas from S3 buckets feature is now available to all customers.
    • In previous versions of Panther, before onboarding logs from S3 buckets, you first needed to create schemas with the pantherlog CLI tool. This update allows you to onboard logs from S3 buckets and generate schemas from that data within the Panther Console.
    • This feature was previously in an invite-only beta.
  • You can now quickly summarize individual columns in the Data Explorer, which allows you to sift through data without needing to write SQL.
    • In the Data Explorer, after running a query, click the dropdown menu from a column header and select Summarize, or select the Summarize tab to choose a column.
    • Note: This feature is only available to customers with a Snowflake backend.

Enhancements

  • The following enhancements have been made to the MITRE ATT&CK® Matrix:
    • The user who last updated a Tactic and Technique is now displayed when clicking into a Technique.
    • When creating a new Detection from a Tactic and Technique, the ID field is now pre-filled.
    • You can now review and map log sources against a Tactic and Technique.
      • Note: The Matrix only supports CrowdStrike at this time.
  • The roleName attribute has been added to audit logs.
  • When sending alerts to Jira destinations, the formatting of the alert_context field has been improved for readability.
  • The Osquery log puller can now handle empty strings in the snapshot field.
  • The following parameters have been added to Panther’s CloudFormation deployment parameters:
    • DatadogAWSEnabled
    • EnableNewNavigation

Panther Developer Workflows

  • The Panther Analysis Tool (PAT) has been updated to v0.14.2, which includes the following enhancement:
    • PAT now automatically retries an upload when it detects a concurrent upload in progress.
  • panther-analysis has been updated to v1.32.0, which includes the following enhancements:
    • Added new CloudFlare detections.
    • Added Confluence zero-day indicators of compromise (IOCs).
    • Removed workaround for Global Helper importing order.
    • Updated GreyNoise reference links.
    • Updated MITRE ATT&CK mappings to align with the MITRE ATT&CK Matrix.

Bug Fixes

  • Fixed a bug that returned incomplete results when clicking the “View in Data Explorer” button in the Alerts & Errors details page for alert thresholds greater than one.
  • Fixed a bug that caused certain elements in the UI to incorrectly overlap on the Overview page in the Panther Console.
  • Fixed a bug that caused the Zendesk integration to become unauthorized during an update.
  • Fixed a bug that failed to register SSO sign-ins for audit logs.
  • Fixed a bug to prevent sensitive data from being returned from raw GraphQL queries. There are no known cases of sensitive data being exposed due to this bug.