v1.78

calendar

Aug 10, 2023

In Open Beta

Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.

  • Added raw event filters to log sources.

    • These allow you to filter raw events that are ingested into Panther by using regex or substring filters. 

    • Filtering helps you realize the value of your high-volume logs and use logs that were previously cost-prohibitive when connected with Panther.

  • Onboard Carbon Black logs with our new log source integration.

Enhancements
  • Field discovery can now be enabled for CSV logs with headers.

  • You can now define and discover fields with the following names:

    • year

    • month

    • day

    • hour

    • partition_time

  • Added support for scientific float notation to the unix_ns timestamp format. 

  • In the Panther Console, when editing an alert destination, log types are now grouped by category.

Panther Developer Workflows
  • Versions 3.13.0 and 3.14.0 of panther-analysis have been released, featuring the following updates:

    • Added a new detection for Azure.SignIn.

    • Added GitHub.Audit actor IP to lookup tables.

    • Various bug fixes and improvements.

  • Version 0.25.0 of panther_analysis_tool has been released, featuring the following updates:

    • Added a benchmark subcommand that tests rules against one hour of data for one log type. This enables you to evaluate the performance of your rules prior to uploading them.

    • You can now use the fieldDiscoveryEnabled property to enable or disable field discovery.

Bug Fixes
  • Fixed a bug that caused certain events to drop instead of raising a classification failure.

  • Fixed a bug that created broken breadcrumb links on the alert details page.