v1.66

New and Noteworthy

• Added a histogram to the Query Builder that provides a visualization of query results by time. This allows you to quickly identify abnormal activity, gain insights into trends, prioritize investigations, and hone your searches. Additionally, draft queries are now saved automatically when navigating to another page, and the query results limit has been removed.
• Panther’s Cloud Security Scanning now supports Amazon Route 53 Domains and Hosted Zone resources. Use these integrations to maintain visibility and control over the security of your AWS cloud infrastructure.
• The Query Builder histogram and Route 53 support are in closed beta. If you would like to participate, contact your Panther representative.

Features

• Added Tines as an alert destination, expanding Panther’s native support for Tines integrations in addition to the log puller.

In Open Beta

• Use HTTP log ingestion to send log events and alerts directly to Panther with webhooks. Quickly ingest data without having to set up additional infrastructure such as intermediate transports or API tokens.

Enhancements

• You can now edit the runbook field for Panther-managed detections, eliminating the need to clone the rule to make customizations.
• In the Panther Console, bulk uploads now have asynchronous upload support, eliminating timeouts that could occur after 30 seconds.
• Improved the performance of schema inference in the Panther Console.

Panther Developer Workflows

• Version 0.22.0 of panther_analysis_tool has been released, featuring the following updates:
  • Added support for asynchronous bulk upload for API users to eliminate timeouts that could occur after 30 seconds.
  • Fixed a bug that delayed bulk upload errors.
• Version 3.5.0 of panther-analysis has been released, featuring the following updates:
  • Added detections for Snyk, Crowdstrike, and Salesforce.
  • Resolved an issue with a missing event in deep_get.

Bug Fixes

• Fixed a bug that caused duplicate alerts in Data Replay.