New and Noteworthy

• Added the ability to infer schemas from data streamed into Panther for custom HTTP log sources.

  • You may now choose to attach schemas to custom HTTP log sources after initial setup. You may configure your custom sources to use pre-existing schemas or create new ones using our process.

Panther Developer Workflows

• Version 0.26.0 of panther_analysis_tool has been released, featuring the following updates:

  • Improved log schema regexes.

  • Policy resource types may now be optional.

  • Added enrich-test-data command.

  • Added pat command line alias for panther_analysis_tool.

  • Additional bug fixes and improvements.

Now Generally Available

• Use raw event filters with log sources to filter raw events that are ingested into Panther by using regex or substring filters.

  • Filtering helps you realize the value of your high-volume logs and use logs that were previously cost-prohibitive when connected with Panther.

• Extract a specific value from a string field with the split transformation for custom logs. This allows you to create new schema fields which you can then designate as indicators.

• Use the mask transformation to conceal sensitive information within your logs.

  • Redact or obfuscate (using MD5, SHA-1, SHA-256, or SHA-512 hashes) data in the masked fields.

  • Note: Masking a field means you cannot later use Panther’s search tools to query for its original value.