v1.54
Feb 14, 2023
New and Noteworthy
- Use our new Rule Filters in the Panther Console to quickly tune existing rules without writing code.
- This feature is now available to all customers in open beta.
- Submit any feedback on Rule Filters using this form.
- Added IPinfo’s Privacy Data to Panther’s IPinfo integration.
- Use this enrichment data in detections and data lake queries to:
- Identify malicious traffic from bots and spammers
- Identify content access from VPNs
- Prevent web scraping from proxies and requests from servers
- Fight fraud by flagging users who are masking their identity
- Merge insights from IPinfo and Panther’s GreyNoise integration to identify malicious traffic and accelerate security investigations.
- Use this enrichment data in detections and data lake queries to:
- panther-analysis versions 2.0.0 and 2.0.1 have been released.
- Version 2.0.0 adjusted how
deep_get()
functions. For information about how to usedeep_get()
going forward, as well as information about new detections in this version, reference the comprehensive release notes for 2.0.0 on GitHub. - Version 2.0.1 features minor bug fixes.
- Version 2.0.0 adjusted how
Features
- Added the ability to search in the Panther Console for a schema by a field name used within it.
- Quickly search for a schema by a field or property in the schema search bar or by using CMD + K in the Console.
Schema Changes
- The Gravitational.TeleportAudit schema has been updated to include 17 new fields. Reference the documentation for the full list of fields that are now included.
- Added the
ec2RoleDelivery
field to the AWS.CloudTrail schema. - The
OrgId
field for the Snyk.OrgAudit schema is now optional instead of required.
Enhancements
- Nested
userId
fields that appear in some CloudTrail events will now be listed as AWS indicators underp_any_aws_account_ids
. - In the Detection Editor in the Panther Console, the “Report Mapping” tab’s functionality has been moved to the “Rule Settings” tab and is now labeled “Framework Mapping.”
Bug Fixes
- Fixed a bug that caused DynamoDB cloud scanning to not paginate correctly.