Aug 23, 2022

New and Noteworthy

  • In closed beta: assign role-based access control (RBAC) per log type in the Data Explorer.
    • This allows you to create roles that are only permitted to query specific log types in the Data Explorer. Adjust access to selected log types via the Roles page. This feature only works with querying data through the Data Explorer. Please see the caveats for more details.
    • This feature is available only to select customers with Panther-managed Snowflake backends as a closed beta at this time. Availability to additional customers is planned for a future release.


  • When onboarding an S3 bucket, Panther now supports using an asterisk (*) as a wildcard for exclusion filters to filter groups of prefix file paths.
  • When onboarding Google Cloud Storage (GCS) logs, Panther now supports prefix filtering.
  • In the S3 schema inference process, the “Bytes Scanned” metric has been replaced with an “Events Processed” metric for better insight into how many events have been used to infer a schema. 
  • When using Data Replay, if you set a future date and time as the end date, it is now automatically adjusted to the current date and time.
  • When listing users and roles in the Panther API, the “createdAt” field is now always in the ISO 8601 date and time standard for more consistent usability.
  • When restricting access to Panther by IP address, you can now allow up to three CIDR ranges.
  • Links from the Panther Console to Panther’s Documentation have been updated to match the latest documentation.

Panther Developer Workflows

  • panther-analysis has been updated to v1.33.1, which includes the following enhancements:
    • Slack and Cloudflare detections are now available in packs.
    • Added alert context to AWS detections that did not previously have them.
    • Cloudflare L7 DDoS no longer alerts on blocked events, reducing the number of false positives.

Bug Fixes

  • Fixed a bug that prevented Lookup Tables from being uploaded as .csv files via the Panther Analysis Tool (PAT).
  • Fixed a bug that incorrectly sorted the list of detections on the Detections page. This page now correctly defaults to sort by Most Recently Modified.
  • Fixed a bug that displayed a Policy’s test results even after deleting the associated failing test from the Policy.
  • Fixed a bug that failed to display an error message when attempting to run a Data Replay with no data.
  • Fixed a bug that incorrectly displayed a “Failed to Complete” message instead of a “Pending” message for an in-progress Data Replay.
  • Fixed a bug that could cause a Data Replay to fail under certain circumstances.
  • Fixed a bug in the Panther API that returned an empty Role object for SSO users. The default SAML role is now returned.
  • Fixed a bug that could incorrectly display Admin roles as Admin (SAML) roles in the Users page.

Previous Releases

v1.40 Aug 9, 2022
New schemas added for AWS, GCP, Suricata, and Zeek.
v1.39 Jul 27, 2022
Pull Dropbox Event Logs with Panther’s new Dropbox log puller. Monitor Dropbox team events like user login to Dropbox (including device info), creating and sharing links with your team, and more.
v1.38 Jul 12, 2022
You can now quickly summarize individual columns in the Data Explorer, which allows you to sift through data without needing to write SQL.