Feb 14, 2023

New and Noteworthy

  • Use our new Rule Filters in the Panther Console to quickly tune existing rules without writing code.
    • This feature is now available to all customers in open beta. 
    • Submit any feedback on Rule Filters using this form
  • Added IPinfo’s Privacy Data to Panther’s IPinfo integration.
    • Use this enrichment data in detections and data lake queries to:
      • Identify malicious traffic from bots and spammers
      • Identify content access from VPNs
      • Prevent web scraping from proxies and requests from servers
      • Fight fraud by flagging users who are masking their identity
    • Merge insights from IPinfo and Panther’s GreyNoise integration to identify malicious traffic and accelerate security investigations.
  • panther-analysis versions 2.0.0 and 2.0.1 have been released.
    • Version 2.0.0 adjusted how deep_get() functions. For information about how to use deep_get() going forward, as well as information about new detections in this version, reference the comprehensive release notes for 2.0.0 on GitHub.
    • Version 2.0.1 features minor bug fixes.


  • Added the ability to search in the Panther Console for a schema by a field name used within it.
    • Quickly search for a schema by a field or property in the schema search bar or by using CMD + K in the Console.

Schema Changes

  • The Gravitational.TeleportAudit schema has been updated to include 17 new fields. Reference the documentation for the full list of fields that are now included.
  • Added the ec2RoleDelivery field to the AWS.CloudTrail schema.
  • The OrgId field for the Snyk.OrgAudit schema is now optional instead of required. 


  • Nested userId fields that appear in some CloudTrail events will now be listed as AWS indicators under p_any_aws_account_ids.
  • In the Detection Editor in the Panther Console, the “Report Mapping” tab’s functionality has been moved to the “Rule Settings” tab and is now labeled “Framework Mapping.” 

Bug Fixes

  • Fixed a bug that caused DynamoDB cloud scanning to not paginate correctly.

Previous Releases

v1.53 Feb 7, 2023
Improved the Overview Dashboard in the Panther Console. The new design gives your team actionable insights to jump into the right workflow, like triaging alerts, engaging with alerting trends, and identifying detections to refine.
v1.52 Jan 31, 2023
Expanded editing capabilities for custom schemas in the Panther Console. You can now rename and delete fields, as well as edit a field’s type property.
v1.51 Jan 24, 2023
Quickly construct queries to search your data lake with the new Query Builder in the Panther Console.