Apr 26, 2023
New and Noteworthy
- Panther now supports HTTP log ingestion, allowing you or a third party to send log events and alerts directly to Panther with a webhook call. Quickly ingest data without having to set up additional infrastructure such as intermediate transports or API tokens.
- Azure Blob Storage is now available as a Data Transport log source in the Panther Console. This allows Panther to easily pull log data directly from your Azure container, enabling you to write detections and run queries on your processed data.
- Additional Azure Blob Storage schemas and detections will be released in future updates to Panther.
- HTTP log ingestion and Azure Blob Storage support are in closed beta. If you would like to participate, contact your Panther representative.
- Roles that have role-based access control (RBAC) per log type enabled for search and alerts can now also have the ability to view enabled rules.
- Support for RBAC per log type is in closed beta. If you would like to participate, contact your Panther representative.
- Audit logs are now generated for SAML user creation events, allowing you to track when a Single Sign-On (SSO) user is created.
- You can now customize presets and specify min and max dates in date range pickers.
- Detections now maintain their list sort after users are redirected when deleting a detection.
- Updated Data Replay error messages for consistency to improve their readability.
Panther Developer Workflows
- Versions 0.20.1 and 0.21.0 of panther_analysis_tool have been released, featuring the following enhancements:
- Added the
--valid-table-namesoption for a user-supplied list of valid table names.
- Removed support for unused suppressions from the rule schema.
- Added support for Tines.Audit logs.
- Fully Qualified Table Name (FTQN) checks now support uppercase and all Snowflake syntax.
- Detections may now have identical file names if they are located at different file paths. For example, you can have a query at
queries/example.ymland a scheduled rule with the same name using it at
- Added the
- Version 3.3.0 of panther-analysis has been released, featuring the following updates:
- Added Snyk detections.
- Added Snowflake queries.
- Resolved an issue that caused unsaved change warnings to appear incorrectly in the Replay editor after updating the rule form.
- Fixed a bug that caused updates to a rule’s log types to fail to automatically sync to the Replay editor.
- Fixed a bug in the UI that displayed the option to add or delete Unit Tests on Panther-managed detections, which is not permitted.