Sep 20, 2023

New and Noteworthy

Schema Changes

  • The Azure.SignIn schema has been deprecated.
    • Events from log sources that were set to use this log type will instead be classified using our Azure.Audit schema, which has been expanded to include the event fields from the deprecated schema. 
    • Any detections that targeted Azure.SignIn should be updated to target Azure.Audit instead.
    • Existing data lake tables for Azure.SignIn will not be removed.
  • Updated the GitHub.Audit and GitHub.Webhook schemas to include multiple additional fields.

Panther Developer Workflows


Bug Fixes

  • Fixed dynamic title field value selection issues with simple detections.
  • Added several workflow fixes when creating and editing simple detections.