Nov 1, 2022


Schema Changes

  • Custom schemas can now support multiple timestamp formats, including custom formats.
  • Added two new schemas for Lacework logs:
    • Lacework.AlertDetails
    • Lacework.CloudCompliance
  • The groupId field is no longer required and is now optional in the following schemas:
    • Snyk.GroupAudit
    • Snyk.OrgAudit


  • In the Panther Console, under Settings > General > Developer Workflow, added a new option to disallow enabling Detection Packs from the Console.
    • This helps prevent update conflicts between the Console and CI/CD for customers who use the Panther Analysis Tool (PAT). The option is off by default.
  • Added a new SQL macro, p_occurs_around, to facilitate querying around a certain time.
  • Added a link to the Scheduled Rule details page which opens that Scheduled Query in the Data Explorer.
  • Updated the UI of the Log Sources onboarding page to improve its usability, which includes separating the former AWS tile into 10 individual AWS services.
  • Panther’s CloudFormation deployment parameters have been updated.

Panther Developer Workflows

Open Betas

  • Panther SDK, a new way to create, manage, and reuse Python across your detections, is now available in open beta.
    • Unlike the typical detections workflow provided through panther-analysis, your content will be managed separately from Panther’s. This allows you to stay up-to-date without running into future merge conflicts.

Bug Fixes

  • Fixed a bug that caused an excessive number of loading transitions on the Data Replay page.
  • Fixed a bug that caused the UI to display incorrectly on the Data Replay page.
  • Fixed a bug that caused the UI to display incorrectly on the Log Sources onboarding success page.