v1.68

Now Generally Available

• Onboard Tines audit logs with the Tines log puller. Use this integration to monitor changes made by users to data in your Tines tenant.

In Open Beta

• Added a histogram to the Query Builder that provides a visualization of results by time. This helps you quickly identify abnormal activity, gain insights into trends, prioritize investigations, and hone your searches. 
• Added a new transformation for custom logs, concat, which allows you to combine multiple fields’ values into the value for a new field.
  • For example, combined fields can be used as a key for enrichment.

In Closed Beta

• Onboard Auth0 tenant logs with the new Auth0 log puller and Panther-managed detections. Use this integration to monitor event logs from the Auth0 log stream.
  • If you would like to participate in this closed beta, contact your Panther representative.

Schema Changes

• Added new Azure Active Directory activities schemas to capture audit and sign-in events:
  • Azure.Audit
  • Azure.SignIn
• The following updates have been made to Zeek schemas:
  • Added a new schema, Zeek.SSL.
  • Added new fields to Zeek.HTTP.

Panther Developer Workflows

• You can now add comments to existing alerts via the Panther API.
• Version 0.22.1 of panther_analysis_tool has been released, featuring the following update:
  • Added support for the Auth0.Events log type.
• Versions 3.7.0 and 3.7.1 of panther-analysis have been released, featuring the following updates:
  • Added Auth0 detections and Pack.
  • Added Tines detections.
  • Added link to Snyk alert context to identify users.

Bug Fixes

• Fixed a bug that caused classification errors when parsing CloudTrail Insights data received through SQS.
• Resolved a replay result processing issue that could cause replays to fail.
• Lacework alert management schema classification errors no longer appear when the IP_ADDR field is missing.