Apr 12, 2023

Now Generally Available

In Open Beta

Schema Changes

  • A new indicator field, p_any_actor_ids, is now available for all schemas. It provides a Panther-managed field containing actor identifiers.


  • In the Panther Console, the following enhancements have been made to Alert Details:
    • Custom enrichment is now aligned vertically for better readability.
    • Improved the handling of nested enrichment data.
  • Bulk and individual downloads now wrap name and ID YAML fields in double quotes to better accommodate special characters in those fields.
    • panther-analysis YAML files have been updated to match this new format.
  • The schema inference process now infers emails and MD5, SHA-1, and SHA-256 hashes.

Panther Developer Workflows

  • Version 0.20.0 of panther_analysis_tool has been released, featuring the following updates:
    • Added a test to validate whether table names in queries match the pattern <string>.public.<string> or snowflake.account_usage.<string>. This validation can be disabled by supplying the --ignore-table-names argument.
    • Added a warning message that alerts when the running version of PAT is out of date and an update is available.

Bug Fixes

  • Added validations for fields stored in p_any_domains to avoid storing ”.” values.
  • Fixed a bug that caused the s3sns tool to block indefinitely in case of an error.
  • Resolved various issues with Data Replay on the Edit Detections page.

Previous Releases

v1.61 Apr 5, 2023
Tune rules directly from alerts in the Panther Console. This allows you to more easily address false positives by quickly adding filters, streamlining your detection management workflow.
v1.60 Mar 29, 2023
You can now save, open, update, and add tags to queries that you create in Query Builder, enabling you to easily reference and work more quickly with frequently-used queries.
v1.59 Mar 22, 2023
You can now rotate your Panther API token via the Panther Console or the Panther API, enabling you to more easily enhance your security practices.