v1.78

In Open Beta

Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.

• Added raw event filters to log sources.
  • These allow you to filter raw events that are ingested into Panther by using regex or substring filters. 
  • Filtering helps you realize the value of your high-volume logs and use logs that were previously cost-prohibitive when connected with Panther.
• Onboard Carbon Black logs with our new log source integration.

Enhancements

• Field discovery can now be enabled for CSV logs with headers.
• You can now define and discover fields with the following names:
  • year
  • month
  • day
  • hour
  • partition_time
• Added support for scientific float notation to the unix_ns timestamp format. 
• In the Panther Console, when editing an alert destination, log types are now grouped by category.

Panther Developer Workflows

• Versions 3.13.0 and 3.14.0 of panther-analysis have been released, featuring the following updates:
  • Added a new detection for Azure.SignIn.
  • Added GitHub.Audit actor IP to lookup tables.
  • Various bug fixes and improvements.
• Version 0.25.0 of panther_analysis_tool has been released, featuring the following updates:
  • Added a benchmark subcommand that tests rules against one hour of data for one log type. This enables you to evaluate the performance of your rules prior to uploading them.
  • You can now use the fieldDiscoveryEnabled property to enable or disable field discovery.

Bug Fixes

• Fixed a bug that caused certain events to drop instead of raising a classification failure.
• Fixed a bug that created broken breadcrumb links on the alert details page.