Feb 22, 2023

New and Noteworthy

  • Added support for MAC address indicators. MAC addresses can now be used in Indicator Search directly or by pivoting from an alert’s details page.
    • Values that comply with IEEE 802 MAC-48, EUI-48, EUI-64, or are a 20-octet IP over InfiniBand link-layer address, are now added to p_any_mac_addresses.
    • The following Panther-managed schemas have been updated to extract MAC addresses:
      • AlphaSOC.Alert
      • Crowdstrike.DetectionSummary
      • Crowdstrike.ManagedAssets
      • Crowdstrike.NotManagedAssets
      • Crowdstrike.FDREvent
      • Juniper.Firewall
      • Suricata.DHCP
      • Zeek.DHCP
  • Panther’s Data Transport integration with Google Cloud Pub/Sub is now generally available and no longer in open beta.
    • Use this integration to directly pull log data from Pub/Sub topics.

Schema Changes


  • Schema inference has been enhanced to infer 14 date formats whether using inference in the Panther Console or pantherlog. 
  • In the “Data” dashboard tab in the Panther Console, latency values in the “Average Data Latency by Log Type” visualization now display single decimal values.
  • Sentinel One CloudFunnel 1.0 log source has been deprecated and replaced with the Cloud Funnel 2.0 source.
  • The Query Builder form is now manually collapsible to allow for more vertical space for query results.
  • Fuzzy matching in Query Builder for LIKE operators now supports regular wildcards like *. Previously, only Snowflake-specific wildcards like % and _ were supported.
  • Updated operator logic to gracefully handle rule filter fields that are None so that Panther does not add any implicit logic on top of the operator. 

Panther Developer Workflows

Bug Fixes

  • The ListUsers API is now able to return SSO users without email addresses.
  • Fixed an issue during role creation that redirected the user to resolve validation errors.
  • Sorting by “Time Open” in visualizations now sorts by actual time instead of raw string values.
  • In the “Data” dashboard tab, the “Total Value Ingested” visualization now returns consistent results.
  • Fixed ALB classification errors by adding support for the grpcs type.

Previous Releases

v1.54 Feb 14, 2023
Use our new Rule Filters in the Panther Console to quickly tune existing rules without writing code.
v1.53 Feb 7, 2023
Improved the Overview Dashboard in the Panther Console. The new design gives your team actionable insights to jump into the right workflow, like triaging alerts, engaging with alerting trends, and identifying detections to refine.
v1.52 Jan 31, 2023
Expanded editing capabilities for custom schemas in the Panther Console. You can now rename and delete fields, as well as edit a field’s type property.