Apr 12, 2023

Now Generally Available

In Open Beta

Schema Changes

  • A new indicator field, p_any_actor_ids, is now available for all schemas. It provides a Panther-managed field containing actor identifiers.


  • In the Panther Console, the following enhancements have been made to Alert Details:
    • Custom enrichment is now aligned vertically for better readability.
    • Improved the handling of nested enrichment data.
  • Bulk and individual downloads now wrap name and ID YAML fields in double quotes to better accommodate special characters in those fields.
    • panther-analysis YAML files have been updated to match this new format.
  • The schema inference process now infers emails and MD5, SHA-1, and SHA-256 hashes.

Panther Developer Workflows

  • Version 0.20.0 of panther_analysis_tool has been released, featuring the following updates:
    • Added a test to validate whether table names in queries match the pattern <string>.public.<string> or snowflake.account_usage.<string>. This validation can be disabled by supplying the --ignore-table-names argument.
    • Added a warning message that alerts when the running version of PAT is out of date and an update is available.

Bug Fixes

  • Added validations for fields stored in p_any_domains to avoid storing ”.” values.
  • Fixed a bug that caused the s3sns tool to block indefinitely in case of an error.
  • Resolved various issues with Data Replay on the Edit Detections page.