v1.61

New and Noteworthy

• Tune rules directly from alerts in the Panther Console. This allows you to more easily address false positives by quickly adding filters, streamlining your detection management workflow. This feature is now available to all customers in open beta.

Now Generally Available

• You can now enforce single sign-on (SSO) in your instance of Panther. Enabling enforced SSO requires users to log in using your configured SAML provider in lieu of entering with a username and password.

Enhancements

• Added additional context to and humanized error messages generated by bulk uploading detection updates in the Panther Console and the Panther Analysis Tool (PAT) to improve troubleshooting.
• To improve performance and reliability, the maximum lookback period for Data Replays has been changed to 15 days.

Panther Developer Workflows

• The following enhancements have been made to pantherlog:
  • Suggestions are now shown when a command or flag is not found.
  • Added a help page for the parse command.
  • The file extension .yaml is now allowed for schema tests in addition to .yml.
  • Stack traces are no longer printed when pantherlog fails unless the debug flag is enabled.
• Version 0.19.12 of panther_analysis_tool has been released, featuring a fix to the following bug:
  • Added additional validation for rate minutes and timeouts to Scheduled Queries.

Bug Fixes

• Resolved an issue that could cause arrays to turn into strings in Rule Filters.
• Fixed a bug that prevented users from changing the operator for Rule Filters.
• Fixed a bug with certain detection IDs where the list of alerts would not load properly.
• Adjusted the handling of browser page zoom in the Panther Console.