Jul 27, 2022


  • Pull Dropbox Event Logs with Panther’s new Dropbox log puller. With this puller, you can monitor the following Dropbox team events:
    • User logging into or out of Dropbox (including device information)
    • Changing a user’s role in Dropbox
    • Adding, editing, viewing, and sharing files and folders and by whom
    • Creating and sharing links within your team
  • The alarm logic behind classification errors has been improved to reduce alert fatigue. 
    • In previous versions of Panther, every misclassification triggered a classification error, creating a new alert. With this update, log sources will now fire a single classification alert, which you can mark as resolved to dismiss. New classification errors will re-trigger the same alert.
    • A visualization of misclassifications has also been added to the Panther Console’s Log Sources details page under the Health tab.
    • Note: After updating to Panther version 1.39, the classification error alarm for all log sources will restart, which may cause classification error alerts to re-trigger.
  • You can now stream Jamf Pro Access Logs via S3 to Panther without creating a custom schema.

Schema Changes

  • Additional Lacework schemas have been added to better support Lacework log ingestion.
  • Added the JA3Hash field to Cloudflare’s Cloudflare.HttpRequest log type.



Previous Releases

v1.38 Jul 12, 2022
You can now quickly summarize individual columns in the Data Explorer, which allows you to sift through data without needing to write SQL.
v1.37 Jun 28, 2022
Panther’s new MITRE ATT&CK® Matrix, which allows you to easily map and compare detections, is now available for use with Panther’s built-in detections and custom detections.
v1.36 Jun 14, 2022
In beta: you can now generate schemas from AWS S3 buckets within the Panther Console.