Dec 13, 2022

New and Noteworthy

  • Panther’s Slack Bot, an alert destination that allows you to interact with alerts directly in Slack, is now available in open beta to all customers.
    • View additional alert details, assign alerts, and set an alert’s status from Slack, where it will sync back to the Panther Console.
    • For additional information and setup instructions, please see our Slack Bot documentation.


  • Added a navigation and documentation search bar to the Panther Console.
    • From the upper-left corner of the Console or by pressing ⌘ (command) + K, you can now search and jump to pages in the Console or see Panther’s documentation.

Schema Changes

  • Added two new schemas for Lacework logs:
    • Lacework.Applications
    • Lacework.CloudConfiguration


  • Added stream types for Google Cloud Storage (GCS) log source onboarding. Select the format of the logs your source will receive:
    • Lines for line-delimited events. The default option.
    • JSON Array for events in JSON Array format.
  • Improved the performance of the GCS log puller.
  • Updated Panther’s CloudFormation deployment parameters.

Panther Developer Workflows

Closed Betas

  • Add new or edit existing fields in Custom Schemas.
    • From the Panther Console or the Panther Analysis Tool (PAT), you can now add new fields or edit existing fields in your Custom Schemas. 
    • To edit a Custom Schema in the Console:
      1. Navigate to your Custom Schema’s details page.
      2. Click Edit in the details page.
      3. Make your edits.
      4. Click Update to submit your change.
    • If you are interested in participating in this closed beta, please contact your Panther representative.
  • Pull SentinelOne API Activity logs with Panther’s new SentinelOne API log puller.
    • With the addition of this log puller, you can now monitor SentinelOne activities as well as XDR and EDR data, already available through the SentinelOne Cloud Funnel log puller.
  • Updated the Log Source details page UI, which includes the following enhancements:
    • A new Configuration tab with source and AWS account information.
    • Additional overview stats for total data ingested and the percent of total data ingested compared to all log sources.

Bug Fixes

  • Fixed a bug that incorrectly labeled newly-deployed Detection Packs as Unmanaged.
  • Fixed a bug that caused navigation breadcrumbs to appear out of order when editing schemas from the Log Sources page.