Mar 1, 2023

Schema Changes

  • To support SaaS audit event streaming in addition to self-hosted audit logs, the following fields have been added to the GitLab.Audit schema:
    • created_at
    • details 
    • entity_path
    • event_type
    • id
    • ip_address


  • In an alert’s “Details” tab in the Panther Console, the event JSON section is now expanded by default.
  • Improved Indicator Search, allowing you to pivot on any field from an alert event and search for indicators by field. When searching for indicators by field, you can select from the options in the dropdown menu, including:
    • Auto Detect Type – Automatically analyzes type identification based on the indicators you enter. 
    • Simple Search – Requires search input to be in the <attribute path>=‘<attribute value>’ format.
  • The following updates have been made to the Add New Source page in the Panther Console:
    • Added an option to request a new log source. At the bottom of the page, click “Request it here” to notify our team.
    • Removed the option to toggle between all and popular sources. All sources now appear when loading this page.
  • In the Detections edit page, the unit test tab and name field have been merged into a single tab to improve ease of use for managing unit tests. 
  • Normalized retention of processed-data S3 buckets to 30 days.

Panther Developer Workflows

  • panther-analysis versions 2.2.0 and 3.0.0 have been released.
    • Version 2.2.0 featured a new detection for Dropbox and minor bug fixes.
    • Version 3.0.0 updates the name of the global helper panther to panther_default and adds an Asana detection.

Bug Fixes

  • Fixed the following in the Overview Dashboard in the Panther Console:
    • Hovering over a specific alert now only displays data for that cell.
    • The y-axis of the Ingestion by Log Source graph is now labeled in bytes.
    • The Alerts By Log Type graph now sorts by alert count.
  • Generated Terraform template files now have an accurate creation time. 

Previous Releases

v1.55 Feb 22, 2023
Added support for MAC address indicators. MAC addresses can now be used in Indicator Search directly or by pivoting from an alert’s details page.
v1.54 Feb 14, 2023
Use our new Rule Filters in the Panther Console to quickly tune existing rules without writing code.
v1.53 Feb 7, 2023
Improved the Overview Dashboard in the Panther Console. The new design gives your team actionable insights to jump into the right workflow, like triaging alerts, engaging with alerting trends, and identifying detections to refine.