Now Generally Available

Onboard Tines audit logs with the Tines log puller. Use this integration to monitor changes made by users to data in your Tines tenant.

In Open Beta

Added a histogram to the Query Builder that provides a visualization of results by time. This helps you quickly identify abnormal activity, gain insights into trends, prioritize investigations, and hone your searches.

Added a new transformation for custom logs, concat, which allows you to combine multiple fields’ values into the value for a new field. For example, combined fields can be used as a key for enrichment.

In Closed Beta

Onboard Auth0 tenant logs with the new Auth0 log puller and Panther-managed detections. Use this integration to monitor event logs from the Auth0 log stream. If you would like to participate in this closed beta, contact your Panther representative.

Schema Changes

Added new Azure Active Directory activities schemas to capture audit and sign-in events:

• Azure.Audit

• Azure.SignIn

The following updates have been made to Zeek schemas:

• Added a new schema, Zeek.SSL.

• Added new fields to Zeek.HTTP.

Panther Developer Workflows

You can now add comments to existing alerts via the Panther API.

Version 0.22.1 of panther_analysis_tool has been released, featuring the following update:

• Added support for the Auth0.Events log type.

Versions 3.7.0 and 3.7.1 of panther-analysis have been released, featuring the following updates:

• Added Auth0 detections and Pack.

• Added Tines detections.

• Added link to Snyk alert context to identify users.

Bug Fixes

• Fixed a bug that caused classification errors when parsing CloudTrail Insights data received through SQS.

• Resolved a replay result processing issue that could cause replays to fail.

• Lacework alert management schema classification errors no longer appear when the IP_ADDR field is missing.