Jun 1, 2023

Now Generally Available

  • Improved the S3 log source onboarding and schema editing experience. You can now browse S3 bucket directories and contents from the Panther Console, and the process of selecting, inferring, and applying schemas has been simplified. Includes the ability to infer multiple schemas at once, including from historical data.

Schema Changes

  • Added the OnePassword.AuditEvent schema to the 1Password log puller, allowing you to monitor audit events from the Activity Log.  


  • The following enhancements have been made to HTTP log ingestion:
    • Added support for Lines and JSON Array stream types in addition to JSON.
    • Payloads can now be sent compressed with gzip. Panther transparently decompresses compressed files, which does not require extra headers.
    • In the Panther Console, when adding a log source from the Add New Source page, HTTP is now available as a data transport mechanism for Cloudflare, Fluentd, GitLab, and Osquery log sources.
  • In the Panther Console, under Settings > Users, added a field for a user’s last login.
    • Note: Login information prior to version 1.69 of Panther is not displayed. This field will show “Login History Unavailable” for users who have not logged in to your instance of Panther after upgrading to version 1.69.

Panther Developer Workflows

  • Version 0.22.2 of panther_analysis_tool has been released, featuring new support for the following log types:
    • MongoDB.OrganizationEvent 
    • MongoDB.ProjectEvent
  • Versions 3.7.2 and 3.7.3 of panther-analysis has been released, featuring the following updates:
    • Added a new Pack, Credential Security.
    • Added Falcon Data Replicator (FDR) detections to the CrowdStrike Pack.
    • Various bug fixes.

Bug Fixes

  • Resolved an issue where actors failed to pass when showing classification errors.
  • Fixed a bug that caused redirect issues after updating a schema.

Previous Releases

v1.68 May 24, 2023
Now generally available: Onboard Tines audit logs with the Tines log puller. Use this integration to monitor changes made by users to data in your Tines tenant.
v1.67 May 17, 2023
Onboard GitHub audit logs using GitHub's audit log streaming feature via AWS S3 or Google Cloud Storage.
v1.66 May 10, 2023
Added a histogram to the Query Builder that provides a visualization of query results by time.