Jun 1, 2023

Now Generally Available

  • Improved the S3 log source onboarding and schema editing experience. You can now browse S3 bucket directories and contents from the Panther Console, and the process of selecting, inferring, and applying schemas has been simplified. Includes the ability to infer multiple schemas at once, including from historical data.

Schema Changes

  • Added the OnePassword.AuditEvent schema to the 1Password log puller, allowing you to monitor audit events from the Activity Log.  


  • The following enhancements have been made to HTTP log ingestion:
    • Added support for Lines and JSON Array stream types in addition to JSON.
    • Payloads can now be sent compressed with gzip. Panther transparently decompresses compressed files, which does not require extra headers.
    • In the Panther Console, when adding a log source from the Add New Source page, HTTP is now available as a data transport mechanism for Cloudflare, Fluentd, GitLab, and Osquery log sources.
  • In the Panther Console, under Settings > Users, added a field for a user’s last login.
    • Note: Login information prior to version 1.69 of Panther is not displayed. This field will show “Login History Unavailable” for users who have not logged in to your instance of Panther after upgrading to version 1.69.

Panther Developer Workflows

  • Version 0.22.2 of panther_analysis_tool has been released, featuring new support for the following log types:
    • MongoDB.OrganizationEvent 
    • MongoDB.ProjectEvent
  • Versions 3.7.2 and 3.7.3 of panther-analysis has been released, featuring the following updates:
    • Added a new Pack, Credential Security.
    • Added Falcon Data Replicator (FDR) detections to the CrowdStrike Pack.
    • Various bug fixes.

Bug Fixes

  • Resolved an issue where actors failed to pass when showing classification errors.
  • Fixed a bug that caused redirect issues after updating a schema.