v1.63

Apr 19, 2023

New and Noteworthy

  • In the Panther Console, in the Dashboard’s Data tab, the total volume of events processed now accurately displays data for all ingested log types. In previous versions of Panther, only log types that had data processed in the last 14 days were included in the display.
    • Please note that because this update now correctly accounts for all ingested log types, your total volume of events processed may appear larger than before.

In Open Beta

  • Added the ability to define a field schema with the copy:from transformation for custom logs.
    • This allows you to select a field and promote it to a top-level field in the nested hierarchy, helping you flatten your data’s JSON structure.

In Closed Beta

Enhancements

  • Lookup Tables now support array primary keys.
  • The following enhancements have been made to pantherlog:
    • pantherlog infer can now output a schema name by taking the --name flag.
    • pantherlog test now ignores p_event_time when an event field is not provided.
    • Added additional context to validation errors in pantherlog test for improved troubleshooting.

Panther Developer Workflows

  • Version 3.2.2 of panther-analysis has been released, featuring the following updates:
    • Added new Snyk detections.
    • Name and ID fields are now wrapped in double quotes to account for special characters in those fields. If these fields do not have any special YAML characters and you do not rely on Panther Console’s Export option to be identical to the original YAML file, the double quotes are not required.

Bug Fixes

  • Resolved an issue that caused events to have inconsistent timestamps for the p_alert_creation field.
  • Added missing fields to the AWS.WAFWebACL schema.
  • Fixed missing hostname and domain name indicators in the SentinelOne CloudFunnel 2.0 schema.
`

Previous Releases

v1.62 Apr 12, 2023
Quickly construct, save, tag, and edit queries to search your data lake with the Query Builder in the Panther Console.
 
v1.61 Apr 5, 2023
Tune rules directly from alerts in the Panther Console. This allows you to more easily address false positives by quickly adding filters, streamlining your detection management workflow.
 
v1.60 Mar 29, 2023
You can now save, open, update, and add tags to queries that you create in Query Builder, enabling you to easily reference and work more quickly with frequently-used queries.