Jul 27, 2023
In Open Beta
Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.
- Onboard auditd logs with our new log source integration.
- Use the new
masktransformation to conceal sensitive information within your logs.
- Redact or obfuscate (using MD5, SHA-1, SHA-256, or SHA-512 hashes) data in the masked fields.
- Note: Masking a field means you cannot later use Panther’s search tools to query for its original value.
- You can now select databases and tables when using Indicator Search in the Panther Console. This can dramatically speed up searches when using parameters to narrow a search query.
- In the Panther Console, added a download button to the edit detection page, which allows you to download a YAML file for that detection.
- The download button is only available when the Developer Workflow option is enabled.
- In the Panther Console, in the Alerts Details page, replaced the “View with Data Explorer” button with a “Search Events” button, which now opens the Query Builder with information prefilled from the alert.
- This change only applies to users with a Snowflake backend and to alerts that have events from exactly one log type.
- You can now create roles in the Panther Console that have no permissions.
- The automatic field discovery feature, introduced in Panther version 1.75 in closed beta, has been renamed to field discovery.
Panther Developer Workflows
- Version 0.24.3 of panther_analysis_tool has been released, featuring the following updates:
- Added auditd, Azure, and Windows Event Logs schemas.
- Various improvements.
- Version 3.12.0 of panther-analysis has been released, featuring the following update:
- Added support for the Azure.SignIn log type.
- Resolved an issue where field discovery failed to work with the
- Fixed a bug that caused field discovery to break when discovering a field with a reserved name.