Jul 20, 2023

In Open Beta

Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.

  • Onboard Heroku logs with our new Heroku integration.
  • Onboard Windows event logs with our new Windows event log integration.
  • Use session variables to create Scheduled Queries that have a dynamic start and end time within Panther Analysis Tool (PAT).
  • Manage Panther roles with the new Okta System for Cross-domain Identity Management (SCIM) integration. This feature allows you to automatically manage roles, update profiles, and activate or deactivate users through Okta.
  • Added one-way assignee and comment syncing to Jira alert destinations.
    • When comment syncing is enabled, comments posted on a Panther alert in the Panther Console or via the Panther API are also posted on the corresponding Jira issue.
    • When assignee syncing is enabled, updating the assignee of a Panther alert in the Panther Console will also update the assignee of the corresponding Jira issue.

In Closed Beta

To join the closed beta for a feature, please contact your Panther representative.

  • Use our new automatic field discovery feature with schemas to retain data from fields in incoming log events that are not defined within your schemas, enabling you to query data from these fields and write detections referencing them.
    • Automatic field discovery can only be enabled for log sources with a JSON stream type. Additionally, this feature is currently only available for custom schemas, not Panther-managed ones.


  • Rules can now return default from the severity auxiliary function to fall back to the rule’s default severity value.
  • You may now select a stream type when configuring an SQS log source in the Panther Console.
  • You may now edit a Log Source’s Stream Type in the Configuration tab in the Panther Console.
  • A warning is now displayed on schema pages in the Panther Console when isEventTime is not defined in the schema.

Panther Developer Workflows

  • Versions 3.11.0, 3.11.1, 3.11.2, and 3.11.3 of panther-analysis have been released, featuring the following updates:
    • Detections for Tailscale logs.
    • Updated the list of “safe” TLS ciphers in AWS ALB SSL/TLS policy.
    • Various bug fixes and improvements.

Previous Releases

v1.74 Jul 13, 2023
Test out Panther’s streamlined detection editor in the Panther Console. Changes include a consolidated view and edit pane, a “Set Alert Fields” section for alert settings, and other enhancements.
v1.73 Jun 29, 2023
Now generally available: Use HTTP log ingestion to send log events and alerts directly to Panther with webhooks.
v1.72 Jun 22, 2023
Added the ability to create, read, update, and delete S3 log sources via the Panther API. This new feature makes it easier to manage large numbers of S3 log sources or infrastructure-as-code.