v1.53

New and Noteworthy

• Improved the Overview Dashboard in the Panther Console. The new design gives you actionable insights directly from the Overview to enable your team to jump into the right workflow, like triaging alerts, engaging with alerting trends, and identifying detections to refine.
  
  • Please share any feedback you have about the new design by clicking on the “Send Feedback” button at the top of the page in the Panther Console.
• Added auto-complete and error remediation suggestions to the schema editor, simplifying schema creation and management.
• Added JSON stream type support for S3 and GCS custom log sources. This includes multiple JSON log formats: new-line delimited, without a delimiter, and multi-line JSON events.

Schema Changes

• Updated the AWS.S3ServerAccess schema to support accesspointarn and aclrequired fields. These fields were added per the changes announced by Amazon.

Enhancements

• p_event_time will no longer be shown in the Filter section of the Query Builder.
  • The existing higher-level time filter uses p_event_time when constructing queries.

Panther Developer Workflows

• Version 1.54.0 of panther-analysis has been released.
  • Added detections and rules for the unified Crowdstrike.FDREvent schema released in Panther version 1.52.
  • Added detections for Zoom and Asana. 
  • Additional changes are included in the release notes on GitHub.

Bug Fixes

• Updated error messaging for Data Replay when historical data is not available and event data from the past 24 hours may not be available.