Aug 3, 2023
New and Noteworthy
- Panther is now available as a provider with support for AWS S3 log sources in the HashiCorp Terraform Registry. Terraform is an infrastructure-as-code tool that allows you to efficiently build, change, and version cloud and on-premise resources. See our documentation to start managing your AWS S3 log sources with Terraform.
Now Generally Available
- You can now select databases and tables when using Indicator Search in the Panther Console. This can dramatically speed up searches when using parameters to narrow a search query.
In Open Beta
Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.
- Onboard Docker logs with our new log source integration.
- Use our new field discovery feature with schemas to retain data from fields in incoming log events that are not defined within your schemas, enabling you to query data from these fields and write detections referencing them.
- Field discovery can only be enabled for log sources with a JSON stream type. Additionally, this feature is currently only available for custom schemas, not Panther-managed ones.
- Improved descriptions for fields in Tailscale schemas.
- The following updates have been made to Windows.EventLogs:
- Added a trace indicator to the ActivityID field.
- Changed ID field types from int to string.
- The following enhancements have been made to field discovery:
- Nested fields can now be discovered when the parent fields are declared in the schema.
- The Schemas page now displays whether a schema has field discovery enabled.
- Discovered fields are now displayed in the schema details.
- Updated the GitHub log puller to maintain its current functionality with the new GitHub audit log API rate limit.
- In the Panther Console, on the Add New Source page, updated the descriptions for following log sources to better describe their use cases:
- Asana, auditd, CrowdStrike, Heroku, Netskope, Tailscale, and Windows Event Logs.
Panther Developer Workflows
- Version 3.12.1 of panther-analysis has been released, featuring the following updates:
- Added detections for Azure.SignIn.
- Fixed a bug that caused schema inferences to generate invalid schemas.
- Fixed a bug that caused an erroneous error message to appear when real time scanning was disabled.