v1.54

New and Noteworthy

• Use our new Rule Filters in the Panther Console to quickly tune existing rules without writing code.
  • This feature is now available to all customers in open beta. 
  • Submit any feedback on Rule Filters using this form. 
• Added IPinfo’s Privacy Data to Panther’s IPinfo integration.
  • Use this enrichment data in detections and data lake queries to:
    • Identify malicious traffic from bots and spammers
    • Identify content access from VPNs
    • Prevent web scraping from proxies and requests from servers
    • Fight fraud by flagging users who are masking their identity
  • Merge insights from IPinfo and Panther’s GreyNoise integration to identify malicious traffic and accelerate security investigations.
• panther-analysis versions 2.0.0 and 2.0.1 have been released.
  • Version 2.0.0 adjusted how deep_get() functions. For information about how to use deep_get() going forward, as well as information about new detections in this version, reference the comprehensive release notes for 2.0.0 on GitHub.
  • Version 2.0.1 features minor bug fixes.

Features

• Added the ability to search in the Panther Console for a schema by a field name used within it.
  • Quickly search for a schema by a field or property in the schema search bar or by using CMD + K in the Console.

Schema Changes

• The Gravitational.TeleportAudit schema has been updated to include 17 new fields. Reference the documentation for the full list of fields that are now included.
• Added the ec2RoleDelivery field to the AWS.CloudTrail schema.
• The OrgId field for the Snyk.OrgAudit schema is now optional instead of required. 

Enhancements

• Nested userId fields that appear in some CloudTrail events will now be listed as AWS indicators under p_any_aws_account_ids.
• In the Detection Editor in the Panther Console, the “Report Mapping” tab’s functionality has been moved to the “Rule Settings” tab and is now labeled “Framework Mapping.” 

Bug Fixes

• Fixed a bug that caused DynamoDB cloud scanning to not paginate correctly.