Nov 1, 2022
- Pull SentinelOne Deep Visibility logs with Panther’s new SentinelOne Cloud Funnel log puller.
- Custom schemas can now support multiple timestamp formats, including custom formats.
- Added two new schemas for Lacework logs:
- The groupId field is no longer required and is now optional in the following schemas:
- In the Panther Console, under Settings > General > Developer Workflow, added a new option to disallow enabling Detection Packs from the Console.
- This helps prevent update conflicts between the Console and CI/CD for customers who use the Panther Analysis Tool (PAT). The option is off by default.
- Added a new SQL macro, p_occurs_around, to facilitate querying around a certain time.
- Added a link to the Scheduled Rule details page which opens that Scheduled Query in the Data Explorer.
- Updated the UI of the Log Sources onboarding page to improve its usability, which includes separating the former AWS tile into 10 individual AWS services.
- Panther’s CloudFormation deployment parameters have been updated.
Panther Developer Workflows
- Updated panther-analysis to version 1.38.1, which includes the following changes:
- Additional AWS and Microsoft Graph detections.
- Crowdstrike detections are now bundled in a Pack.
- Read more about the new release here.
- Panther SDK, a new way to create, manage, and reuse Python across your detections, is now available in open beta.
- Unlike the typical detections workflow provided through panther-analysis, your content will be managed separately from Panther’s. This allows you to stay up-to-date without running into future merge conflicts.
- Fixed a bug that caused an excessive number of loading transitions on the Data Replay page.
- Fixed a bug that caused the UI to display incorrectly on the Data Replay page.
- Fixed a bug that caused the UI to display incorrectly on the Log Sources onboarding success page.