Aug 10, 2023

In Open Beta

Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.

  • Added raw event filters to log sources.
    • These allow you to filter raw events that are ingested into Panther by using regex or substring filters. 
    • Filtering helps you realize the value of your high-volume logs and use logs that were previously cost-prohibitive when connected with Panther.
  • Onboard Carbon Black logs with our new log source integration.


  • Field discovery can now be enabled for CSV logs with headers.
  • You can now define and discover fields with the following names:
    • year
    • month
    • day
    • hour
    • partition_time
  • Added support for scientific float notation to the unix_ns timestamp format. 
  • In the Panther Console, when editing an alert destination, log types are now grouped by category.

Panther Developer Workflows

  • Versions 3.13.0 and 3.14.0 of panther-analysis have been released, featuring the following updates:
    • Added a new detection for Azure.SignIn.
    • Added GitHub.Audit actor IP to lookup tables.
    • Various bug fixes and improvements.
  • Version 0.25.0 of panther_analysis_tool has been released, featuring the following updates:
    • Added a benchmark subcommand that tests rules against one hour of data for one log type. This enables you to evaluate the performance of your rules prior to uploading them.
    • You can now use the fieldDiscoveryEnabled property to enable or disable field discovery.

Bug Fixes

  • Fixed a bug that caused certain events to drop instead of raising a classification failure.
  • Fixed a bug that created broken breadcrumb links on the alert details page.