Jul 27, 2023

In Open Beta

Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.

  • Onboard auditd logs with our new log source integration.
  • Use the new mask transformation to conceal sensitive information within your logs.
    • Redact or obfuscate (using MD5, SHA-1, SHA-256, or SHA-512 hashes) data in the masked fields.
    • Note: Masking a field means you cannot later use Panther’s search tools to query for its original value.
  • You can now select databases and tables when using Indicator Search in the Panther Console. This can dramatically speed up searches when using parameters to narrow a search query.


  • In the Panther Console, added a download button to the edit detection page, which allows you to download a YAML file for that detection.
  • In the Panther Console, in the Alerts Details page, replaced the “View with Data Explorer” button with a “Search Events” button, which now opens the Query Builder with information prefilled from the alert.
    • This change only applies to users with a Snowflake backend and to alerts that have events from exactly one log type.
  • You can now create roles in the Panther Console that have no permissions.
  • The automatic field discovery feature, introduced in Panther version 1.75 in closed beta, has been renamed to field discovery.

Panther Developer Workflows

  • Version 0.24.3 of panther_analysis_tool has been released, featuring the following updates:
    • Added auditd, Azure, and Windows Event Logs schemas.
    • Various improvements.
  • Version 3.12.0 of panther-analysis has been released, featuring the following update:
    • Added support for the Azure.SignIn log type.

Bug Fixes

  • Resolved an issue where field discovery failed to work with the rename transformation.
  • Fixed a bug that caused field discovery to break when discovering a field with a reserved name.