v1.46

Nov 1, 2022

Features

Pull SentinelOne Deep Visibility logs with Panther’s new SentinelOne Cloud Funnel log puller.

Custom schemas can now support multiple timestamp formats, including custom formats.
Added two new schemas for Lacework logs:
- Lacework.AlertDetails
- Lacework.CloudCompliance
The groupId field is no longer required and is now optional in the following schemas:
- Snyk.GroupAudit
- Snyk.OrgAudit

In the Panther Console, under Settings > General > Developer Workflow, added a new option to disallow enabling Detection Packs from the Console.
- This helps prevent update conflicts between the Console and CI/CD for customers who use the Panther Analysis Tool (PAT). The option is off by default.
Added a new SQL macro, p_occurs_around, to facilitate querying around a certain time.
Added a link to the Scheduled Rule details page which opens that Scheduled Query in the Data Explorer.
Updated the UI of the Log Sources onboarding page to improve its usability, which includes separating the former AWS tile into 10 individual AWS services.
Panther’s CloudFormation deployment parameters have been updated.

Updated panther-analysis to version 1.38.1, which includes the following changes:
- Additional AWS and Microsoft Graph detections.
- Crowdstrike detections are now bundled in a Pack.
- Read more about the new release here.

Panther SDK, a new way to create, manage, and reuse Python across your detections, is now available in open beta.
- Unlike the typical detections workflow provided through panther-analysis, your content will be managed separately from Panther’s. This allows you to stay up-to-date without running into future merge conflicts.

Fixed a bug that caused an excessive number of loading transitions on the Data Replay page.
Fixed a bug that caused the UI to display incorrectly on the Data Replay page.
Fixed a bug that caused the UI to display incorrectly on the Log Sources onboarding success page.