Request a Demo

v1.39

27 Jul, 2022

Features

  • Pull Dropbox Event Logs with Panther’s new Dropbox log puller. With this puller, you can monitor the following Dropbox team events:
    • User logging into or out of Dropbox (including device information)
    • Changing a user’s role in Dropbox
    • Adding, editing, viewing, and sharing files and folders and by whom
    • Creating and sharing links within your team
  • The alarm logic behind classification errors has been improved to reduce alert fatigue. 
    • In previous versions of Panther, every misclassification triggered a classification error, creating a new alert. With this update, log sources will now fire a single classification alert, which you can mark as resolved to dismiss. New classification errors will re-trigger the same alert.
    • A visualization of misclassifications has also been added to the Panther Console’s Log Sources details page under the Health tab.
    • Note: After updating to Panther version 1.39, the classification error alarm for all log sources will restart, which may cause classification error alerts to re-trigger.
  • You can now stream Jamf Pro Access Logs via S3 to Panther without creating a custom schema.

Schema Changes

  • Additional Lacework schemas have been added to better support Lacework log ingestion.
  • Added the JA3Hash field to Cloudflare’s Cloudflare.HttpRequest log type.

Enhancements

  • Your Panther ingestion usage metrics are now accessible in the Panther API. You can now query your own metrics, enabling you to have greater visibility on your data ingestion rates. 
  • When using Jira as an alert destination, the AlertID field is now included in the Jira description.
  • Log processors now support compressed .zst files.
  • Parameters in Panther’s CloudFormation deployment parameters have been updated:
    • The SlowRuleMaxDuration parameter has been removed.
    • The default value of the FeatureSandboxedExecFlows parameter has been changed to test-rule.
    • The following parameters have been added:
      • DatadogAPIKeySecretArn
      • DatadogAppKeySecretArn
      • DynamoDBCloudtrailEnabled
      • SegmentEnvironment
      • SlowRuleMaxUtilization
      • EnableAlertAssignees
      • EnableMicrosoftGraphPuller
      • Segment

Previous Releases

View All
v1.38 12 Jul, 2022
You can now quickly summarize individual columns in the Data Explorer, which allows you to sift through data without needing to write SQL.
 
v1.37 28 Jun, 2022
Panther’s new MITRE ATT&CK® Matrix, which allows you to easily map and compare detections, is now available for use with Panther’s built-in detections and custom detections.
 
v1.36 14 Jun, 2022
In beta: you can now generate schemas from AWS S3 buckets within the Panther Console.