Oct 4, 2022


  • Pull Sysdig audit logs for infrastructure monitoring with Panther’s new Sysdig log puller.

Now Generally Available

  • The Panther API is now generally available and no longer in beta.

Schema Changes

  • The following fields are no longer required in Amazon.EKS.Audit:
    • annotations
    • requestURI
    • responseStatus
    • userAgent
  • The following field is no longer required in Gravitational.TeleportAudit:
    • uid
  • The field p_any_usernames has been added to the CloudTrail schema.


  • The speed of inferring and testing schemas from raw data has been improved.
  • In the Panther Console, on the Add New Source page, you can now use the search bar to filter for built-in log types.
  • In the Panther Console, in a log source’s health tab, classification failure events are now only displayed if the log source becomes unhealthy. 
  • A new parameter has been added to Panther’s CloudFormation deployment parameters:
    • Created

Panther Developer Workflows

  • panther-analysis has been updated to version 1.36, which includes the following changes:
    • Added detections for Sigma AWS and Okta password access. 
    • Deprecated the unusual logins detection.
    • Various other enhancements and bug fixes.

Previous Releases

v1.43 Sep 20, 2022
The Intercom Messenger, Panther’s in-app service for customer support, is now available through the Panther Console.
v1.42 Sep 6, 2022
The Panther Console navigation has been redesigned to improve the user experience and streamline workflows.
v1.41 Aug 23, 2022
In closed beta: assign role-based access control (RBAC) per log type in the Data Explorer.