Dec 13, 2022
New and Noteworthy
- Panther’s Slack Bot, an alert destination that allows you to interact with alerts directly in Slack, is now available in open beta to all customers.
- View additional alert details, assign alerts, and set an alert’s status from Slack, where it will sync back to the Panther Console.
- For additional information and setup instructions, please see our Slack Bot documentation.
- Added a navigation and documentation search bar to the Panther Console.
- From the upper-left corner of the Console or by pressing ⌘ (command) + K, you can now search and jump to pages in the Console or see Panther’s documentation.
- Added two new schemas for Lacework logs:
- Added stream types for Google Cloud Storage (GCS) log source onboarding. Select the format of the logs your source will receive:
- Lines for line-delimited events. The default option.
- JSON Array for events in JSON Array format.
- Improved the performance of the GCS log puller.
- Updated Panther’s CloudFormation deployment parameters.
Panther Developer Workflows
- Versions 1.43, 1.44, 1.45, and 1.46 of panther-analysis have been released, including the following changes:
- Added EKS audit log and MITRE ATT&CK detections.
- Added AWS and GitHub rules.
- Read more about the new releases here.
- Add new or edit existing fields in Custom Schemas.
- From the Panther Console or the Panther Analysis Tool (PAT), you can now add new fields or edit existing fields in your Custom Schemas.
- To edit a Custom Schema in the Console:
- Navigate to your Custom Schema’s details page.
- Click Edit in the details page.
- Make your edits.
- Click Update to submit your change.
- If you are interested in participating in this closed beta, please contact your Panther representative.
- Pull SentinelOne API Activity logs with Panther’s new SentinelOne API log puller.
- With the addition of this log puller, you can now monitor SentinelOne activities as well as XDR and EDR data, already available through the SentinelOne Cloud Funnel log puller.
- Updated the Log Source details page UI, which includes the following enhancements:
- A new Configuration tab with source and AWS account information.
- Additional overview stats for total data ingested and the percent of total data ingested compared to all log sources.
- Fixed a bug that incorrectly labeled newly-deployed Detection Packs as Unmanaged.
- Fixed a bug that caused navigation breadcrumbs to appear out of order when editing schemas from the Log Sources page.