Apr 26, 2023

New and Noteworthy

  • Panther now supports HTTP log ingestion, allowing you or a third party to send log events and alerts directly to Panther with a webhook call. Quickly ingest data without having to set up additional infrastructure such as intermediate transports or API tokens.
  • Azure Blob Storage is now available as a Data Transport log source in the Panther Console. This allows Panther to easily pull log data directly from your Azure container, enabling you to write detections and run queries on your processed data.
    • Additional Azure Blob Storage schemas and detections will be released in future updates to Panther.
  • HTTP log ingestion and Azure Blob Storage support are in closed beta. If you would like to participate, contact your Panther representative.


  • Roles that have role-based access control (RBAC) per log type enabled for search and alerts can now also have the ability to view enabled rules.
    • Support for RBAC per log type is in closed beta. If you would like to participate, contact your Panther representative.
  • Audit logs are now generated for SAML user creation events, allowing you to track when a Single Sign-On (SSO) user is created.
  • You can now customize presets and specify min and max dates in date range pickers.
  • Detections now maintain their list sort after users are redirected when deleting a detection.
  • Updated Data Replay error messages for consistency to improve their readability.

Panther Developer Workflows

  • Versions 0.20.1 and 0.21.0 of panther_analysis_tool have been released, featuring the following enhancements:
    • Added the --valid-table-names option for a user-supplied list of valid table names.
    • Removed support for unused suppressions from the rule schema.
    • Added support for Tines.Audit logs.
    • Fully Qualified Table Name (FTQN) checks now support uppercase and all Snowflake syntax.
    • Detections may now have identical file names if they are located at different file paths. For example, you can have a query at queries/example.yml and a scheduled rule with the same name using it at rules/example.yml.
  • Version 3.3.0 of panther-analysis has been released, featuring the following updates:
    • Added Snyk detections.
    • Added Snowflake queries.

Bug Fixes

  • Resolved an issue that caused unsaved change warnings to appear incorrectly in the Replay editor after updating the rule form.
  • Fixed a bug that caused updates to a rule’s log types to fail to automatically sync to the Replay editor.
  • Fixed a bug in the UI that displayed the option to add or delete Unit Tests on Panther-managed detections, which is not permitted.

Previous Releases

v1.63 Apr 19, 2023
In the Panther Console, in the Dashboard’s Data tab, the total volume of events processed now accurately displays data for all ingested log types.
v1.62 Apr 12, 2023
Quickly construct, save, tag, and edit queries to search your data lake with the Query Builder in the Panther Console.
v1.61 Apr 5, 2023
Tune rules directly from alerts in the Panther Console. This allows you to more easily address false positives by quickly adding filters, streamlining your detection management workflow.