Oct 4, 2022


  • Pull Sysdig audit logs for infrastructure monitoring with Panther’s new Sysdig log puller.

Now Generally Available

  • The Panther API is now generally available and no longer in beta.

Schema Changes

  • The following fields are no longer required in Amazon.EKS.Audit:
    • annotations
    • requestURI
    • responseStatus
    • userAgent
  • The following field is no longer required in Gravitational.TeleportAudit:
    • uid
  • The field p_any_usernames has been added to the CloudTrail schema.


  • The speed of inferring and testing schemas from raw data has been improved.
  • In the Panther Console, on the Add New Source page, you can now use the search bar to filter for built-in log types.
  • In the Panther Console, in a log source’s health tab, classification failure events are now only displayed if the log source becomes unhealthy. 
  • A new parameter has been added to Panther’s CloudFormation deployment parameters:
    • Created

Panther Developer Workflows

  • panther-analysis has been updated to version 1.36, which includes the following changes:
    • Added detections for Sigma AWS and Okta password access. 
    • Deprecated the unusual logins detection.
    • Various other enhancements and bug fixes.