v1.76

In Open Beta

Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.

• Onboard auditd logs with our new log source integration.
• Use the new mask transformation to conceal sensitive information within your logs.
  • Redact or obfuscate (using MD5, SHA-1, SHA-256, or SHA-512 hashes) data in the masked fields.
  • Note: Masking a field means you cannot later use Panther’s search tools to query for its original value.
• You can now select databases and tables when using Indicator Search in the Panther Console. This can dramatically speed up searches when using parameters to narrow a search query.

Enhancements

• In the Panther Console, added a download button to the edit detection page, which allows you to download a YAML file for that detection.
  • The download button is only available when the Developer Workflow option is enabled.
• In the Panther Console, in the Alerts Details page, replaced the “View with Data Explorer” button with a “Search Events” button, which now opens the Query Builder with information prefilled from the alert.
  • This change only applies to users with a Snowflake backend and to alerts that have events from exactly one log type.
• You can now create roles in the Panther Console that have no permissions.
• The automatic field discovery feature, introduced in Panther version 1.75 in closed beta, has been renamed to field discovery.

Panther Developer Workflows

• Version 0.24.3 of panther_analysis_tool has been released, featuring the following updates:
  • Added auditd, Azure, and Windows Event Logs schemas.
  • Various improvements.
• Version 3.12.0 of panther-analysis has been released, featuring the following update:
  • Added support for the Azure.SignIn log type.

Bug Fixes

• Resolved an issue where field discovery failed to work with the rename transformation.
• Fixed a bug that caused field discovery to break when discovering a field with a reserved name.