v1.55

Feb 22, 2023

Added support for MAC address indicators. MAC addresses can now be used in Indicator Search directly or by pivoting from an alert’s details page.

arrow-left

All

Added support for MAC address indicators. MAC addresses can now be used in Indicator Search directly or by pivoting from an alert’s details page.
- Values that comply with IEEE 802 MAC-48, EUI-48, EUI-64, or are a 20-octet IP over InfiniBand link-layer address, are now added to p_any_mac_addresses.
- The following Panther-managed schemas have been updated to extract MAC addresses:
  - AlphaSOC.Alert
  - Crowdstrike.DetectionSummary
  - Crowdstrike.ManagedAssets
  - Crowdstrike.NotManagedAssets
  - Crowdstrike.FDREvent
  - Juniper.Firewall
  - Suricata.DHCP
  - Zeek.DHCP
Panther’s Data Transport integration with Google Cloud Pub/Sub is now generally available and no longer in open beta.
- Use this integration to directly pull log data from Pub/Sub topics.

Added several fields to the Cloudflare.HttpRequest and Cloudflare.Firewall schemas.
- Adjustments were also made to Cloudflare schemas to accommodate changes announced by Cloudflare that will result in some fields being renamed or deprecated.
Added several fields to the Gravitational.TeleportAudit schema.

Schema inference has been enhanced to infer 14 date formats whether using inference in the Panther Console or pantherlog.
In the “Data” dashboard tab in the Panther Console, latency values in the “Average Data Latency by Log Type” visualization now display single decimal values.
Sentinel One CloudFunnel 1.0 log source has been deprecated and replaced with the Cloud Funnel 2.0 source.
The Query Builder form is now manually collapsible to allow for more vertical space for query results.
Fuzzy matching in Query Builder for LIKE operators now supports regular wildcards like * Previously, only Snowflake-specific wildcards like % and _ were supported.
Updated operator logic to gracefully handle rule filter fields that are None so that Panther does not add any implicit logic on top of the operator.

Version 2.1.0 of panther-analysis has been released, featuring new detections for Asana and GitHub as well as an expansion to IPinfo enrichment.
Version 0.19.17 of panther_analysis_tool has been released, featuring a new option, --sort-test-results. With this option, results for all passing tests are printed first, followed by results for failing tests.

The ListUsers API is now able to return SSO users without email addresses.
Fixed an issue during role creation that redirected the user to resolve validation errors.
Sorting by “Time Open” in visualizations now sorts by actual time instead of raw string values.
In the “Data” dashboard tab, the “Total Value Ingested” visualization now returns consistent results.
Fixed ALB classification errors by adding support for the grpcs type.

arrow-left

All

Feb 6, 2025

Feb 22, 2023

Added support for MAC address indicators. MAC addresses can now be used in Indicator Search directly or by pivoting from an alert’s details page.

Added support for MAC address indicators. MAC addresses can now be used in Indicator Search directly or by pivoting from an alert’s details page.
- Values that comply with IEEE 802 MAC-48, EUI-48, EUI-64, or are a 20-octet IP over InfiniBand link-layer address, are now added to p_any_mac_addresses.
- The following Panther-managed schemas have been updated to extract MAC addresses:
  - AlphaSOC.Alert
  - Crowdstrike.DetectionSummary
  - Crowdstrike.ManagedAssets
  - Crowdstrike.NotManagedAssets
  - Crowdstrike.FDREvent
  - Juniper.Firewall
  - Suricata.DHCP
  - Zeek.DHCP
Panther’s Data Transport integration with Google Cloud Pub/Sub is now generally available and no longer in open beta.
- Use this integration to directly pull log data from Pub/Sub topics.

Added several fields to the Cloudflare.HttpRequest and Cloudflare.Firewall schemas.
- Adjustments were also made to Cloudflare schemas to accommodate changes announced by Cloudflare that will result in some fields being renamed or deprecated.
Added several fields to the Gravitational.TeleportAudit schema.

Schema inference has been enhanced to infer 14 date formats whether using inference in the Panther Console or pantherlog.
In the “Data” dashboard tab in the Panther Console, latency values in the “Average Data Latency by Log Type” visualization now display single decimal values.
Sentinel One CloudFunnel 1.0 log source has been deprecated and replaced with the Cloud Funnel 2.0 source.
The Query Builder form is now manually collapsible to allow for more vertical space for query results.
Fuzzy matching in Query Builder for LIKE operators now supports regular wildcards like * Previously, only Snowflake-specific wildcards like % and _ were supported.
Updated operator logic to gracefully handle rule filter fields that are None so that Panther does not add any implicit logic on top of the operator.

Version 2.1.0 of panther-analysis has been released, featuring new detections for Asana and GitHub as well as an expansion to IPinfo enrichment.
Version 0.19.17 of panther_analysis_tool has been released, featuring a new option, --sort-test-results. With this option, results for all passing tests are printed first, followed by results for failing tests.

The ListUsers API is now able to return SSO users without email addresses.
Fixed an issue during role creation that redirected the user to resolve validation errors.
Sorting by “Time Open” in visualizations now sorts by actual time instead of raw string values.
In the “Data” dashboard tab, the “Total Value Ingested” visualization now returns consistent results.
Fixed ALB classification errors by adding support for the grpcs type.