Jun 9, 2023

New and Noteworthy

  • Added the ability to restrict the use of API tokens to specified IP addresses when editing or creating an API token. This allows you to ensure that API tokens with elevated privileges are used only by certain systems, such as your corporate address space.

In Open Beta

  • Azure Blob Storage is now available as a Data Transport log source in the Panther Console. This allows Panther to easily pull log data directly from your Azure container, enabling you to write detections and run queries on your processed data.

Schema Changes

  • Added the following fields to the AWS.VPCDns schema:
    • firewall_domain_list_id
    • firewall_rule_action
    • firewall_rule_group_id


  • Updated the design of the drop-off alarm configuration for log sources to improve usability.

Panther Developer Workflows

  • Version 0.22.3 of panther_analysis_tool has been released, featuring the addition of support for Netskope and Notion log types.
    • Note: Support for these new log types in the Panther Console will be available in a future release of Panther.
  • Versions 3.7.4 and 3.7.5 of panther-analysis have been released, featuring the following updates:
    • Added a generic approach for impossible travel detections for login style events.
    • Added a CrowdStrike Falcon Data Replicator (FDR) data model to the CrowdStrike Pack.
    • Various bug fixes.

Bug Fixes

  • Fixed a bug on the Helpers page that limited the display to 24 helper functions.
  • Fixed a bug that caused 1Password log sources to display log types that the user had not selected.

Previous Releases

v1.69 Jun 1, 2023
Improved the S3 log source onboarding and schema editing experience. You can now browse S3 bucket directories and contents from the Panther Console, and the process of selecting, inferring, and applying schemas has been simplified.
v1.68 May 24, 2023
Now generally available: Onboard Tines audit logs with the Tines log puller. Use this integration to monitor changes made by users to data in your Tines tenant.
v1.67 May 17, 2023
Onboard GitHub audit logs using GitHub's audit log streaming feature via AWS S3 or Google Cloud Storage.