v1.54

Feb 14, 2023

New and Noteworthy

Use our new Rule Filters in the Panther Console to quickly tune existing rules without writing code.
- This feature is now available to all customers in open beta.
- Submit any feedback on Rule Filters using this form.
Added IPinfo’s Privacy Data to Panther’s IPinfo integration.
- Use this enrichment data in detections and data lake queries to:
  - Identify malicious traffic from bots and spammers
  - Identify content access from VPNs
  - Prevent web scraping from proxies and requests from servers
  - Fight fraud by flagging users who are masking their identity
- Merge insights from IPinfo and Panther’s GreyNoise integration to identify malicious traffic and accelerate security investigations.
panther-analysis versions 2.0.0 and 2.0.1 have been released.
- Version 2.0.0 adjusted how deep_get() functions. For information about how to use deep_get() going forward, as well as information about new detections in this version, reference the comprehensive release notes for 2.0.0 on GitHub.
- Version 2.0.1 features minor bug fixes.

Added the ability to search in the Panther Console for a schema by a field name used within it.
- Quickly search for a schema by a field or property in the schema search bar or by using CMD + K in the Console.

The Gravitational.TeleportAudit schema has been updated to include 17 new fields. Reference the documentation for the full list of fields that are now included.
Added the ec2RoleDelivery field to the AWS.CloudTrail schema.
The OrgId field for the Snyk.OrgAudit schema is now optional instead of required.

Nested userId fields that appear in some CloudTrail events will now be listed as AWS indicators under p_any_aws_account_ids.
In the Detection Editor in the Panther Console, the “Report Mapping” tab’s functionality has been moved to the “Rule Settings” tab and is now labeled “Framework Mapping.”