Jan 10, 2023

New and Noteworthy

  • Added AWS Transit Gateway Flow as an S3 Source.
    • Capture information about the IP traffic going to and from your transit gateways.
  • The Boomerang feature has been added to Panther’s Slack Bot, available in open beta.
    • With Boomerangs, you can send questions to and receive responses from other users in your Slack instance, streamlining your alert triage workflows.
  • IPInfo enrichment is now generally available and no longer in closed beta.
    • IPInfo provides integrated IP related enrichment, such as adding geolocation and ASN data to alert events.
    • To enable IPInfo data sets, see our documentation on how to enable the pack.
    • Please note that IPInfo data access in the data lake is not available at this time.

Panther Developer Workflows

  • Versions 1.47, 1.48, and 1.49 of panther-analysis have been released, including the following changes:
    • Added CrowdStrike queries for large zip creation and macOS browser credential access.
    • Added new detections for Atlassian, AWS, CrowdStrike, Duo, GitHub, G Suite, Microsoft 365, and Okta.
    • Added new Detection Packs for Atlassian, CrowdStrike, Duo, GitHub, and G Suite.
    • Read more about the new releases here.

Closed Beta

  • Pull SentinelOne Cloud Funnel 2.0 logs with Panther’s new Cloud Funnel 2.0 log puller.
    • In addition to Panther’s beta support for SentinelOne Cloud Funnel 1.0, this closed beta provides additional support for Cloud Funnel 2.0, which SentinelOne launched in November 2022.
  • An additional feature has been added to the improved Log Source Overview feature.
    • In the Log Source details page, added the S3 Bucket Details field under an S3 bucket’s Configuration tab, which includes a list of prefixes and excluded prefixes.

Bug Fixes

  • Fixed a bug that caused refresh issues when choosing filters on the Packs page in the Panther Console.
  • Fixed a bug that caused search results to appear out of order in the Log Source onboarding page in the Panther Console.