Jun 29, 2023

Now Generally Available

  • Use HTTP log ingestion to send log events and alerts directly to Panther with webhooks. Quickly ingest data without having to set up additional infrastructure such as intermediate transports or API tokens.
  • Added a histogram to the Query Builder that provides a visualization of results by time. This helps you quickly identify abnormal activity, gain insights into trends, prioritize investigations, and hone your searches.
  • Combine multiple fields’ values into the value for a new field with the concat transformation for custom logs.
    • For example, combined fields can be used as a key for enrichment.

In Open Beta

Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.

  • Panther’s Cloud Security Scanning now supports Amazon Route 53 Domains and Hosted Zone resources. Use these integrations to maintain visibility and control over the security of your AWS cloud infrastructure.
  • Onboard Auth0 tenant logs with the new Auth0 log puller. Use this integration to monitor event logs from the Auth0 log stream.
  • Extract a specific value from a string field with the split transformation for custom logs. This allows you to create new schema fields which you can then designate as indicators.


  • In the Panther Console, the following updates have been made to the Alerts & Errors page:
    • Condensed the alerts list UI to allow you to see more alerts at once.
    • Rearranged information such as severity, detections, and timestamp within alerts to improve readability.
    • Alerts now include the log or resource type.
  • In the Panther Console, in a log source’s Schemas tab, clicking View Data now opens Query Builder with pre-filled selections instead of Data Explorer.

Panther Developer Workflows

  • Version 0.23.0 of panther_analysis_tool has been released, featuring the following update:
    • Added support for saved queries.
  • Versions 3.9.0, 3.9.1, and 3.9.2 of panther-analysis have been released, featuring the following updates:
    • Added new detections for Auth0, CrowdStrike, MongoDB, and Tines.
    • Added the queries/ directory to the Python linting requirements.
    • Added the deep_walk() global helper function, which can serve as an alternative to deep_get() when the key you are trying to access is nested inside a list.
    • Various bug fixes.

Bug Fixes

  • Fixed a bug that displayed incorrect Last Event Received times for SQS sources.

Previous Releases

v1.72 Jun 22, 2023
Added the ability to create, read, update, and delete S3 log sources via the Panther API. This new feature makes it easier to manage large numbers of S3 log sources or infrastructure-as-code.
v1.71 Jun 15, 2023
Onboard Netskope audit logs with the new Netskope log puller.
v1.70 Jun 9, 2023
Added the ability to restrict the use of API tokens to specified IP addresses when editing or creating an API token.