v1.63
Apr 19, 2023
New and Noteworthy
- In the Panther Console, in the Dashboard’s Data tab, the total volume of events processed now accurately displays data for all ingested log types. In previous versions of Panther, only log types that had data processed in the last 14 days were included in the display.
- Please note that because this update now correctly accounts for all ingested log types, your total volume of events processed may appear larger than before.
In Open Beta
- Added the ability to define a field schema with the
copy:fromtransformation for custom logs.- This allows you to select a field and promote it to a top-level field in the nested hierarchy, helping you flatten your data’s JSON structure.
In Closed Beta
- Assign role-based access control (RBAC) by log type for alerts.
- This feature allows you to create roles that are only permitted to view or manage certain alerts based on log type, enhancing your ability to add more granular authorization controls.
Enhancements
- Lookup Tables now support array primary keys.
- The following enhancements have been made to pantherlog:
pantherlog infercan now output a schema name by taking the--nameflag.pantherlog testnow ignoresp_event_timewhen an event field is not provided.- Added additional context to validation errors in
pantherlog testfor improved troubleshooting.
Panther Developer Workflows
- Version 3.2.2 of panther-analysis has been released, featuring the following updates:
- Added new Snyk detections.
- Name and ID fields are now wrapped in double quotes to account for special characters in those fields. If these fields do not have any special YAML characters and you do not rely on Panther Console’s Export option to be identical to the original YAML file, the double quotes are not required.
Bug Fixes
- Resolved an issue that caused events to have inconsistent timestamps for the
p_alert_creationfield. - Added missing fields to the AWS.WAFWebACL schema.
- Fixed missing hostname and domain name indicators in the SentinelOne CloudFunnel 2.0 schema.