Jan 10, 2023

New and Noteworthy

  • Added AWS Transit Gateway Flow as an S3 Source.
    • Capture information about the IP traffic going to and from your transit gateways.
  • The Boomerang feature has been added to Panther’s Slack Bot, available in open beta.
    • With Boomerangs, you can send questions to and receive responses from other users in your Slack instance, streamlining your alert triage workflows.
  • IPInfo enrichment is now generally available and no longer in closed beta.
    • IPInfo provides integrated IP related enrichment, such as adding geolocation and ASN data to alert events.
    • To enable IPInfo data sets, see our documentation on how to enable the pack.
    • Please note that IPInfo data access in the data lake is not available at this time.

Panther Developer Workflows

  • Versions 1.47, 1.48, and 1.49 of panther-analysis have been released, including the following changes:
    • Added CrowdStrike queries for large zip creation and macOS browser credential access.
    • Added new detections for Atlassian, AWS, CrowdStrike, Duo, GitHub, G Suite, Microsoft 365, and Okta.
    • Added new Detection Packs for Atlassian, CrowdStrike, Duo, GitHub, and G Suite.
    • Read more about the new releases here.

Closed Beta

  • Pull SentinelOne Cloud Funnel 2.0 logs with Panther’s new Cloud Funnel 2.0 log puller.
    • In addition to Panther’s beta support for SentinelOne Cloud Funnel 1.0, this closed beta provides additional support for Cloud Funnel 2.0, which SentinelOne launched in November 2022.
  • An additional feature has been added to the improved Log Source Overview feature.
    • In the Log Source details page, added the S3 Bucket Details field under an S3 bucket’s Configuration tab, which includes a list of prefixes and excluded prefixes.

Bug Fixes

  • Fixed a bug that caused refresh issues when choosing filters on the Packs page in the Panther Console.
  • Fixed a bug that caused search results to appear out of order in the Log Source onboarding page in the Panther Console.

Previous Releases

v1.49 Dec 13, 2022
Panther’s Slack Bot, an alert destination that allows you to interact with alerts directly in Slack, is now available in open beta to all customers.
v1.48 Nov 29, 2022
Updated the Panther Console UI with improved contextual information to help users understand where they are at a glance.
v1.47 Nov 15, 2022
Alert Management in the Panther Console is now available to all customers.