v1.68

May 24, 2023

Now Generally Available

  • Onboard Tines audit logs with the Tines log puller. Use this integration to monitor changes made by users to data in your Tines tenant.

In Open Beta

  • Added a histogram to the Query Builder that provides a visualization of results by time. This helps you quickly identify abnormal activity, gain insights into trends, prioritize investigations, and hone your searches. 
  • Added a new transformation for custom logs, concat, which allows you to combine multiple fields’ values into the value for a new field.
    • For example, combined fields can be used as a key for enrichment.

In Closed Beta

  • Onboard Auth0 tenant logs with the new Auth0 log puller and Panther-managed detections. Use this integration to monitor event logs from the Auth0 log stream.
    • If you would like to participate in this closed beta, contact your Panther representative.

Schema Changes

  • Added new Azure Active Directory activities schemas to capture audit and sign-in events:
    • Azure.Audit
    • Azure.SignIn
  • The following updates have been made to Zeek schemas:
    • Added a new schema, Zeek.SSL.
    • Added new fields to Zeek.HTTP.

Panther Developer Workflows

  • You can now add comments to existing alerts via the Panther API.
  • Version 0.22.1 of panther_analysis_tool has been released, featuring the following update:
    • Added support for the Auth0.Events log type.
  • Versions 3.7.0 and 3.7.1 of panther-analysis have been released, featuring the following updates:
    • Added Auth0 detections and Pack.
    • Added Tines detections.
    • Added link to Snyk alert context to identify users.

Bug Fixes

  • Fixed a bug that caused classification errors when parsing CloudTrail Insights data received through SQS.
  • Resolved a replay result processing issue that could cause replays to fail.
  • Lacework alert management schema classification errors no longer appear when the IP_ADDR field is missing.
`

Previous Releases

v1.67 May 17, 2023
Onboard GitHub audit logs using GitHub's audit log streaming feature via AWS S3 or Google Cloud Storage.
 
v1.66 May 10, 2023
Added a histogram to the Query Builder that provides a visualization of query results by time.
 
v1.65 May 3, 2023
Improved the S3 log source onboarding experience. Use simplified workflows, infer multiple schemas, including from historical data, and browse S3 bucket directories and content from the Panther Console.