New and Noteworthy

Added the ability to restrict the use of API tokens to specified IP addresses when editing or creating an API token. This allows you to ensure that API tokens with elevated privileges are used only by certain systems, such as your corporate address space.

In Open Beta

Azure Blob Storage is now available as a Data Transport log source in the Panther Console. This allows Panther to easily pull log data directly from your Azure container, enabling you to write detections and run queries on your processed data.

Schema Changes

Added the following fields to the AWS.VPCDns schema:

• firewall_domain_list_id

• firewall_rule_action

• firewall_rule_group_id

Enhancements

• Updated the design of the drop-off alarm configuration for log sources to improve usability.

Panther Developer Workflows

Version 0.22.3 of panther_analysis_tool has been released, featuring the addition of support for Netskope and Notionlog types.

Note: Support for these new log types in the Panther Console will be available in a future release of Panther.

Versions 3.7.4 and 3.7.5 of panther-analysis have been released, featuring the following updates:

• Added a generic approach for impossible travel detections for login-style events.

• Added a CrowdStrike Falcon Data Replicator (FDR) data model to the CrowdStrike Pack.

• Various bug fixes.

Bug Fixes

• Fixed a bug on the Helpers page that limited the display to 24 helper functions.

• Fixed a bug that caused 1Password log sources to display log types that the user had not selected.