Jan 10, 2023
New and Noteworthy
- Added AWS Transit Gateway Flow as an S3 Source.
- Capture information about the IP traffic going to and from your transit gateways.
- The Boomerang feature has been added to Panther’s Slack Bot, available in open beta.
- With Boomerangs, you can send questions to and receive responses from other users in your Slack instance, streamlining your alert triage workflows.
- IPInfo enrichment is now generally available and no longer in closed beta.
- IPInfo provides integrated IP related enrichment, such as adding geolocation and ASN data to alert events.
- To enable IPInfo data sets, see our documentation on how to enable the pack.
- Please note that IPInfo data access in the data lake is not available at this time.
Panther Developer Workflows
- Versions 1.47, 1.48, and 1.49 of panther-analysis have been released, including the following changes:
- Added CrowdStrike queries for large zip creation and macOS browser credential access.
- Added new detections for Atlassian, AWS, CrowdStrike, Duo, GitHub, G Suite, Microsoft 365, and Okta.
- Added new Detection Packs for Atlassian, CrowdStrike, Duo, GitHub, and G Suite.
- Read more about the new releases here.
- Pull SentinelOne Cloud Funnel 2.0 logs with Panther’s new Cloud Funnel 2.0 log puller.
- In addition to Panther’s beta support for SentinelOne Cloud Funnel 1.0, this closed beta provides additional support for Cloud Funnel 2.0, which SentinelOne launched in November 2022.
- An additional feature has been added to the improved Log Source Overview feature.
- In the Log Source details page, added the S3 Bucket Details field under an S3 bucket’s Configuration tab, which includes a list of prefixes and excluded prefixes.
- Fixed a bug that caused refresh issues when choosing filters on the Packs page in the Panther Console.
- Fixed a bug that caused search results to appear out of order in the Log Source onboarding page in the Panther Console.