New and Noteworthy

• Panther’s Slack Bot, an alert destination that allows you to interact with alerts directly in Slack, is now available in open beta to all customers.

  • View additional alert details, assign alerts, and set an alert's status from Slack, where it will sync back to the Panther Console.

  • 
    

  • For additional information and setup instructions, please see our Slack Bot documentation.

Features

• Added a navigation and documentation search bar to the Panther Console.

  • From the upper-left corner of the Console or by pressing ⌘ (command) + K, you can now search and jump to pages in the Console or see Panther’s documentation.

Schema Changes

• Added two new schemas for Lacework logs:

  • Lacework.Applications

  • Lacework.CloudConfiguration

Enhancements

• Added stream types for Google Cloud Storage (GCS) log source onboarding. Select the format of the logs your source will receive:

  • Lines for line-delimited events. The default option.

  • JSON Array for events in JSON Array format.

• Improved the performance of the GCS log puller.

• Updated Panther’s CloudFormation deployment parameters.

Panther Developer Workflows

• Versions 1.43, 1.44, 1.45, and 1.46 of panther-analysis have been released, including the following changes:

  • Added EKS audit log and MITRE ATT&CK detections.

  • Added AWS and GitHub rules.

  • Read more about the new releases here.

Closed Betas

• Add new or edit existing fields in Custom Schemas.

  • From the Panther Console or the Panther Analysis Tool (PAT), you can now add new fields or edit existing fields in your Custom Schemas. 

  • To edit a Custom Schema in the Console:

    1. Navigate to your Custom Schema’s details page.

    2. Click Edit in the details page.

    3. Make your edits.

    4. Click Update to submit your change.

  • If you are interested in participating in this closed beta, please contact your Panther representative.

• Pull SentinelOne API Activity logs with Panther’s new SentinelOne API log puller.

  • With the addition of this log puller, you can now monitor SentinelOne activities as well as XDR and EDR data, already available through the SentinelOne Cloud Funnel log puller.

• Updated the Log Source details page UI, which includes the following enhancements:

  • A new Configuration tab with source and AWS account information.

  • Additional overview stats for total data ingested and the percent of total data ingested compared to all log sources.

Bug Fixes

• Fixed a bug that incorrectly labeled newly-deployed Detection Packs as Unmanaged.

• Fixed a bug that caused navigation breadcrumbs to appear out of order when editing schemas from the Log Sources page.