v1.55

Feb 22, 2023

New and Noteworthy

Added support for MAC address indicators. MAC addresses can now be used in Indicator Search directly or by pivoting from an alert’s details page.
- Values that comply with IEEE 802 MAC-48, EUI-48, EUI-64, or are a 20-octet IP over InfiniBand link-layer address, are now added to p_any_mac_addresses.
- The following Panther-managed schemas have been updated to extract MAC addresses:
  - AlphaSOC.Alert
  - Crowdstrike.DetectionSummary
  - Crowdstrike.ManagedAssets
  - Crowdstrike.NotManagedAssets
  - Crowdstrike.FDREvent
  - Juniper.Firewall
  - Suricata.DHCP
  - Zeek.DHCP
Panther’s Data Transport integration with Google Cloud Pub/Sub is now generally available and no longer in open beta.
- Use this integration to directly pull log data from Pub/Sub topics.

Schema Changes

Added several fields to the Cloudflare.HttpRequest and Cloudflare.Firewall schemas.
- Adjustments were also made to Cloudflare schemas to accommodate changes announced by Cloudflare that will result in some fields being renamed or deprecated.
Added several fields to the Gravitational.TeleportAudit schema.

Enhancements

Schema inference has been enhanced to infer 14 date formats whether using inference in the Panther Console or pantherlog.
In the “Data” dashboard tab in the Panther Console, latency values in the “Average Data Latency by Log Type” visualization now display single decimal values.
Sentinel One CloudFunnel 1.0 log source has been deprecated and replaced with the Cloud Funnel 2.0 source.
The Query Builder form is now manually collapsible to allow for more vertical space for query results.
Fuzzy matching in Query Builder for LIKE operators now supports regular wildcards like *. Previously, only Snowflake-specific wildcards like % and _ were supported.
Updated operator logic to gracefully handle rule filter fields that are None so that Panther does not add any implicit logic on top of the operator.

Panther Developer Workflows

Version 2.1.0 of panther-analysis has been released, featuring new detections for Asana and GitHub as well as an expansion to IPinfo enrichment.
Version 0.19.17 of panther_analysis_tool has been released, featuring a new option, --sort-test-results. With this option, results for all passing tests are printed first, followed by results for failing tests.

Bug Fixes

The ListUsers API is now able to return SSO users without email addresses.
Fixed an issue during role creation that redirected the user to resolve validation errors.
Sorting by “Time Open” in visualizations now sorts by actual time instead of raw string values.
In the “Data” dashboard tab, the “Total Value Ingested” visualization now returns consistent results.
Fixed ALB classification errors by adding support for the grpcs type.

Previous Releases

View All

v1.54 Feb 14, 2023

Use our new Rule Filters in the Panther Console to quickly tune existing rules without writing code.

v1.53 Feb 7, 2023

Improved the Overview Dashboard in the Panther Console. The new design gives your team actionable insights to jump into the right workflow, like triaging alerts, engaging with alerting trends, and identifying detections to refine.

v1.52 Jan 31, 2023

Expanded editing capabilities for custom schemas in the Panther Console. You can now rename and delete fields, as well as edit a field’s type property.