Jul 13, 2023

In Open Beta

Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.

  • Test out Panther’s streamlined detection editor in the Panther Console.
    • Consolidated the view and edit functionality into a single pane on a Detection page, enabling users to tune detections more quickly. The Alert Settings and Test sections have also been incorporated into the page. 
    • Alert settings under “Set Alert Fields” now include the Alert Severity and Framework Mapping.
    • Added a persistent header with access to additional information, including MITRE ATT&CK details and a change log.
  • Onboard Tailscale logs with the new Tailscale log puller. Use this integration to monitor audit and network logs.

Schema Changes

  • Added the following fields to the GitHub.Audit schema:
    • admin_enforced
    • pull_request_reviews_enforcement_level
    • required_status_checks_enforcement_level
    • linear_history_requirement_enforcement_level


  • In the Panther Console, in the Add New Source and Schemas pages, schemas are now displayed by default in a new tree view. This view provides simplified schema information, including field type, asterisks denoting required fields, nested fields, and descriptions. The original display can still be accessed by clicking YAML View.
  • In the Panther Console, you can now enable Panther audit logs, which provide a read-only history of activity within your Panther deployment, including when this option is enabled or disabled.
    • Note: Only users with the Edit Settings & SAML Preferences permission are allowed to enable Panther audit logs.
  • HTTP log sources can no longer be created with invalid header names.

Panther Developer Workflows

  • Added a new command, validate, to Panther Analysis Tool. This allows you to validate your detections against your Panther instance before running a bulk upload.
  • Versions 3.9.3 and 3.10.0 of panther-analysis have been released, featuring the following updates:
    • Several GCP detections now use the deep_walk function.
    • Various bug fixes.

Bug Fixes

  • Resolved an issue with incorrect dates in the bulk download file metadata, which prevented those files from being zipped.
  • Enabled existing bulk upload metrics for async bulk uploads.
  • Fixed a bug that caused edits to the security configuration of an HTTP log source to take longer than expected to reflect in the transport.
  • Fixed a bug with classification errors for certain types of Azure.SignIn events.
  • Corrected the UserKey field to not be required for Microsoft 365 logs.
  • Resolved an issue where schema versions were incorrectly updated when schema metadata was updated.
  • Fixed a bug with the MongoDB log puller where events were not pulled from all project IDs.

Previous Releases

v1.73 Jun 29, 2023
Now generally available: Use HTTP log ingestion to send log events and alerts directly to Panther with webhooks.
v1.72 Jun 22, 2023
Added the ability to create, read, update, and delete S3 log sources via the Panther API. This new feature makes it easier to manage large numbers of S3 log sources or infrastructure-as-code.
v1.71 Jun 15, 2023
Onboard Netskope audit logs with the new Netskope log puller.