Dec 13, 2022

New and Noteworthy

  • Panther’s Slack Bot, an alert destination that allows you to interact with alerts directly in Slack, is now available in open beta to all customers.
    • View additional alert details, assign alerts, and set an alert’s status from Slack, where it will sync back to the Panther Console.
    • For additional information and setup instructions, please see our Slack Bot documentation.


  • Added a navigation and documentation search bar to the Panther Console.
    • From the upper-left corner of the Console or by pressing ⌘ (command) + K, you can now search and jump to pages in the Console or see Panther’s documentation.

Schema Changes

  • Added two new schemas for Lacework logs:
    • Lacework.Applications
    • Lacework.CloudConfiguration


  • Added stream types for Google Cloud Storage (GCS) log source onboarding. Select the format of the logs your source will receive:
    • Lines for line-delimited events. The default option.
    • JSON Array for events in JSON Array format.
  • Improved the performance of the GCS log puller.
  • Updated Panther’s CloudFormation deployment parameters.

Panther Developer Workflows

Closed Betas

  • Add new or edit existing fields in Custom Schemas.
    • From the Panther Console or the Panther Analysis Tool (PAT), you can now add new fields or edit existing fields in your Custom Schemas. 
    • To edit a Custom Schema in the Console:
      1. Navigate to your Custom Schema’s details page.
      2. Click Edit in the details page.
      3. Make your edits.
      4. Click Update to submit your change.
    • If you are interested in participating in this closed beta, please contact your Panther representative.
  • Pull SentinelOne API Activity logs with Panther’s new SentinelOne API log puller.
    • With the addition of this log puller, you can now monitor SentinelOne activities as well as XDR and EDR data, already available through the SentinelOne Cloud Funnel log puller.
  • Updated the Log Source details page UI, which includes the following enhancements:
    • A new Configuration tab with source and AWS account information.
    • Additional overview stats for total data ingested and the percent of total data ingested compared to all log sources.

Bug Fixes

  • Fixed a bug that incorrectly labeled newly-deployed Detection Packs as Unmanaged.
  • Fixed a bug that caused navigation breadcrumbs to appear out of order when editing schemas from the Log Sources page.

Previous Releases

v1.48 Nov 29, 2022
Updated the Panther Console UI with improved contextual information to help users understand where they are at a glance.
v1.47 Nov 15, 2022
Alert Management in the Panther Console is now available to all customers.
v1.46 Nov 1, 2022
Pull SentinelOne Deep Visibility logs with Panther's new SentinelOne Cloud Funnel log puller.