v1.68

May 24, 2023

Now Generally Available

  • Onboard Tines audit logs with the Tines log puller. Use this integration to monitor changes made by users to data in your Tines tenant.

In Open Beta

  • Added a histogram to the Query Builder that provides a visualization of results by time. This helps you quickly identify abnormal activity, gain insights into trends, prioritize investigations, and hone your searches. 
  • Added a new transformation for custom logs, concat, which allows you to combine multiple fields’ values into the value for a new field.
    • For example, combined fields can be used as a key for enrichment.

In Closed Beta

  • Onboard Auth0 tenant logs with the new Auth0 log puller and Panther-managed detections. Use this integration to monitor event logs from the Auth0 log stream.
    • If you would like to participate in this closed beta, contact your Panther representative.

Schema Changes

  • Added new Azure Active Directory activities schemas to capture audit and sign-in events:
    • Azure.Audit
    • Azure.SignIn
  • The following updates have been made to Zeek schemas:
    • Added a new schema, Zeek.SSL.
    • Added new fields to Zeek.HTTP.

Panther Developer Workflows

  • You can now add comments to existing alerts via the Panther API.
  • Version 0.22.1 of panther_analysis_tool has been released, featuring the following update:
    • Added support for the Auth0.Events log type.
  • Versions 3.7.0 and 3.7.1 of panther-analysis have been released, featuring the following updates:
    • Added Auth0 detections and Pack.
    • Added Tines detections.
    • Added link to Snyk alert context to identify users.

Bug Fixes

  • Fixed a bug that caused classification errors when parsing CloudTrail Insights data received through SQS.
  • Resolved a replay result processing issue that could cause replays to fail.
  • Lacework alert management schema classification errors no longer appear when the IP_ADDR field is missing.