v1.76

Jul 27, 2023

In Open Beta

Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.

Onboard auditd logs with our new log source integration.
Use the new mask transformation to conceal sensitive information within your logs.
- Redact or obfuscate (using MD5, SHA-1, SHA-256, or SHA-512 hashes) data in the masked fields.
- Note: Masking a field means you cannot later use Panther’s search tools to query for its original value.
You can now select databases and tables when using Indicator Search in the Panther Console. This can dramatically speed up searches when using parameters to narrow a search query.

In the Panther Console, added a download button to the edit detection page, which allows you to download a YAML file for that detection.
- The download button is only available when the Developer Workflow option is enabled.
In the Panther Console, in the Alerts Details page, replaced the “View with Data Explorer” button with a “Search Events” button, which now opens the Query Builder with information prefilled from the alert.
- This change only applies to users with a Snowflake backend and to alerts that have events from exactly one log type.
You can now create roles in the Panther Console that have no permissions.
The automatic field discovery feature, introduced in Panther version 1.75 in closed beta, has been renamed to field discovery.

Version 0.24.3 of panther_analysis_tool has been released, featuring the following updates:
- Added auditd, Azure, and Windows Event Logs schemas.
- Various improvements.
Version 3.12.0 of panther-analysis has been released, featuring the following update:
- Added support for the Azure.SignIn log type.

Resolved an issue where field discovery failed to work with the rename transformation.
Fixed a bug that caused field discovery to break when discovering a field with a reserved name.