Jun 29, 2023
Now Generally Available
- Use HTTP log ingestion to send log events and alerts directly to Panther with webhooks. Quickly ingest data without having to set up additional infrastructure such as intermediate transports or API tokens.
- Added a histogram to the Query Builder that provides a visualization of results by time. This helps you quickly identify abnormal activity, gain insights into trends, prioritize investigations, and hone your searches.
- Combine multiple fields’ values into the value for a new field with the
concattransformation for custom logs.
- For example, combined fields can be used as a key for enrichment.
In Open Beta
Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.
- Panther’s Cloud Security Scanning now supports Amazon Route 53 Domains and Hosted Zone resources. Use these integrations to maintain visibility and control over the security of your AWS cloud infrastructure.
- Onboard Auth0 tenant logs with the new Auth0 log puller. Use this integration to monitor event logs from the Auth0 log stream.
- Extract a specific value from a string field with the
splittransformation for custom logs. This allows you to create new schema fields which you can then designate as indicators.
- In the Panther Console, the following updates have been made to the Alerts & Errors page:
- Condensed the alerts list UI to allow you to see more alerts at once.
- Rearranged information such as severity, detections, and timestamp within alerts to improve readability.
- Alerts now include the log or resource type.
- In the Panther Console, in a log source’s Schemas tab, clicking View Data now opens Query Builder with pre-filled selections instead of Data Explorer.
Panther Developer Workflows
- Version 0.23.0 of panther_analysis_tool has been released, featuring the following update:
- Added support for saved queries.
- Versions 3.9.0, 3.9.1, and 3.9.2 of panther-analysis have been released, featuring the following updates:
- Added new detections for Auth0, CrowdStrike, MongoDB, and Tines.
- Added the
queries/directory to the Python linting requirements.
- Added the
deep_walk()global helper function, which can serve as an alternative to
deep_get()when the key you are trying to access is nested inside a list.
- Various bug fixes.
- Fixed a bug that displayed incorrect Last Event Received times for SQS sources.