v1.39
27 Jul, 2022
Features
- Pull Dropbox Event Logs with Panther’s new Dropbox log puller. With this puller, you can monitor the following Dropbox team events:
- User logging into or out of Dropbox (including device information)
- Changing a user’s role in Dropbox
- Adding, editing, viewing, and sharing files and folders and by whom
- Creating and sharing links within your team
- The alarm logic behind classification errors has been improved to reduce alert fatigue.
- In previous versions of Panther, every misclassification triggered a classification error, creating a new alert. With this update, log sources will now fire a single classification alert, which you can mark as resolved to dismiss. New classification errors will re-trigger the same alert.
- A visualization of misclassifications has also been added to the Panther Console’s Log Sources details page under the Health tab.
- Note: After updating to Panther version 1.39, the classification error alarm for all log sources will restart, which may cause classification error alerts to re-trigger.
- You can now stream Jamf Pro Access Logs via S3 to Panther without creating a custom schema.
Schema Changes
- Additional Lacework schemas have been added to better support Lacework log ingestion.
- Added the JA3Hash field to Cloudflare’s Cloudflare.HttpRequest log type.
Enhancements
- Your Panther ingestion usage metrics are now accessible in the Panther API. You can now query your own metrics, enabling you to have greater visibility on your data ingestion rates.
- When using Jira as an alert destination, the AlertID field is now included in the Jira description.
- Log processors now support compressed .zst files.
- Parameters in Panther’s CloudFormation deployment parameters have been updated:
- The SlowRuleMaxDuration parameter has been removed.
- The default value of the FeatureSandboxedExecFlows parameter has been changed to test-rule.
- The following parameters have been added:
- DatadogAPIKeySecretArn
- DatadogAppKeySecretArn
- DynamoDBCloudtrailEnabled
- SegmentEnvironment
- SlowRuleMaxUtilization
- EnableAlertAssignees
- EnableMicrosoftGraphPuller
- Segment