v1.49

New and Noteworthy

• Panther’s Slack Bot, an alert destination that allows you to interact with alerts directly in Slack, is now available in open beta to all customers.
  • View additional alert details, assign alerts, and set an alert’s status from Slack, where it will sync back to the Panther Console.
  • For additional information and setup instructions, please see our Slack Bot documentation.

Features

• Added a navigation and documentation search bar to the Panther Console.
  • From the upper-left corner of the Console or by pressing ⌘ (command) + K, you can now search and jump to pages in the Console or see Panther’s documentation.

Schema Changes

• Added two new schemas for Lacework logs:
  • Lacework.Applications
  • Lacework.CloudConfiguration

Enhancements

• Added stream types for Google Cloud Storage (GCS) log source onboarding. Select the format of the logs your source will receive:
  • Lines for line-delimited events. The default option.
  • JSON Array for events in JSON Array format.
• Improved the performance of the GCS log puller.
• Updated Panther’s CloudFormation deployment parameters.

Panther Developer Workflows

• Versions 1.43, 1.44, 1.45, and 1.46 of panther-analysis have been released, including the following changes:
  • Added EKS audit log and MITRE ATT&CK detections.
  • Added AWS and GitHub rules.
  • Read more about the new releases here.

Closed Betas

• Add new or edit existing fields in Custom Schemas.
  • From the Panther Console or the Panther Analysis Tool (PAT), you can now add new fields or edit existing fields in your Custom Schemas. 
  • To edit a Custom Schema in the Console:
    1. Navigate to your Custom Schema’s details page.
    2. Click Edit in the details page.
    3. Make your edits.
    4. Click Update to submit your change.
  • If you are interested in participating in this closed beta, please contact your Panther representative.
• Pull SentinelOne API Activity logs with Panther’s new SentinelOne API log puller.
  • With the addition of this log puller, you can now monitor SentinelOne activities as well as XDR and EDR data, already available through the SentinelOne Cloud Funnel log puller.
• Updated the Log Source details page UI, which includes the following enhancements:
  • A new Configuration tab with source and AWS account information.
  • Additional overview stats for total data ingested and the percent of total data ingested compared to all log sources.

Bug Fixes

• Fixed a bug that incorrectly labeled newly-deployed Detection Packs as Unmanaged.
• Fixed a bug that caused navigation breadcrumbs to appear out of order when editing schemas from the Log Sources page.