Aug 9, 2022

New and Noteworthy

  • We are excited to announce the public launch of Panther’s Knowledge Base (KB)! Panther’s KB, available at help.panther.com, is a searchable collection of articles that answer your most common questions and help you troubleshoot unexpected issues.
    • Some of the key features of the KB include:
      • Faster support. Offering self-service content allows us to help you at scale, as you have access to KB content 24/7. 
      • Powerful search. You can enter terms into the search field at the top of every page to find relevant articles.
      • Frequent content updates. The collection of articles grows daily as we interact with customers and learn about commonly asked questions. 
    • The launch of the KB, as well as the recent launch of the Panther Community, reinforce our commitment to supporting our customers and building a strong community.

New Schemas

  • New schemas have been added for the following logs:


  • You can now set up the Panther Analysis Tool (PAT) via the Panther API.
    • This change is made possible by an update to PAT that enables it to work using an API token that can be generated from the Console. This allows you to onboard to PAT without an AWS account and manage your permissions without the token expiring.


  • When editing S3 or CloudWatch log sources, you are now prompted to set up your IAM role and update the CloudFormation or Terraform template before saving your changes. This streamlines the editing process for a better user experience.
  • The schema inference feature now continues to run in the background when you navigate away from the schema inference page.
  • Panther’s CloudFormation deployment parameters have been updated.

Panther Developer Workflows

  • The Panther Analysis Tool (PAT) has been updated to v0.15.0, which includes the following enhancements:
    • PAT now works using an API token that can be generated from the Panther Console.
    • Added support for the Panther API which extends bulk upload capabilities to saved queries and custom schemas, and also allows PAT users to delete detections and saved queries.
  • panther-analysis has been updated to v1.33.0, which includes the following enhancements:
    • Added new Slack detections and data models.
    • Added workaround for Identity Providers AWS Console Login without MFA.
    • Added exclusion for Panther IAM roles in the AWS S3 Activity – GreyNoise detection.
    • Added new detection for AWS IAM Role – External Permission.
    • Added template for CIDR lookup.
    • Improved alert titles for GSuite Rule Triggers.
    • Fixed GSuite summary attributes.

Bug Fixes

  • Fixed a bug that caused an error to appear when writing a new detection rule.

Previous Releases

v1.39 Jul 27, 2022
Pull Dropbox Event Logs with Panther’s new Dropbox log puller. Monitor Dropbox team events like user login to Dropbox (including device info), creating and sharing links with your team, and more.
v1.38 Jul 12, 2022
You can now quickly summarize individual columns in the Data Explorer, which allows you to sift through data without needing to write SQL.
v1.37 Jun 28, 2022
Panther’s new MITRE ATT&CK® Matrix, which allows you to easily map and compare detections, is now available for use with Panther’s built-in detections and custom detections.