Feb 14, 2023

New and Noteworthy

  • Use our new Rule Filters in the Panther Console to quickly tune existing rules without writing code.
    • This feature is now available to all customers in open beta. 
    • Submit any feedback on Rule Filters using this form
  • Added IPinfo’s Privacy Data to Panther’s IPinfo integration.
    • Use this enrichment data in detections and data lake queries to:
      • Identify malicious traffic from bots and spammers
      • Identify content access from VPNs
      • Prevent web scraping from proxies and requests from servers
      • Fight fraud by flagging users who are masking their identity
    • Merge insights from IPinfo and Panther’s GreyNoise integration to identify malicious traffic and accelerate security investigations.
  • panther-analysis versions 2.0.0 and 2.0.1 have been released.
    • Version 2.0.0 adjusted how deep_get() functions. For information about how to use deep_get() going forward, as well as information about new detections in this version, reference the comprehensive release notes for 2.0.0 on GitHub.
    • Version 2.0.1 features minor bug fixes.


  • Added the ability to search in the Panther Console for a schema by a field name used within it.
    • Quickly search for a schema by a field or property in the schema search bar or by using CMD + K in the Console.

Schema Changes

  • The Gravitational.TeleportAudit schema has been updated to include 17 new fields. Reference the documentation for the full list of fields that are now included.
  • Added the ec2RoleDelivery field to the AWS.CloudTrail schema.
  • The OrgId field for the Snyk.OrgAudit schema is now optional instead of required. 


  • Nested userId fields that appear in some CloudTrail events will now be listed as AWS indicators under p_any_aws_account_ids.
  • In the Detection Editor in the Panther Console, the “Report Mapping” tab’s functionality has been moved to the “Rule Settings” tab and is now labeled “Framework Mapping.” 

Bug Fixes

  • Fixed a bug that caused DynamoDB cloud scanning to not paginate correctly.