v1.86

New and Noteworthy

• Make use of our new Panther Core Fields, which make up Panther’s Unified Data Model (UDM), to normalize data from various sources into a consistent structure while maintaining context. Core Fields are useful for searching and writing detections across log types.
  • Events ingested prior to the Panther UDM being enabled in your Panther instance will not contain Core Fields.
• Added the ability to ingest Carbon Black alerts, endpoint events, and watchlist hits using Carbon Black’s data streaming feature via AWS S3.
  • This functionality complements the Carbon Black audit log ingest functionality available with our previously-released Carbon Black log source, which has been renamed Carbon Black Audit Logs in the Panther Console.

The preceding features are in open beta and available to all customers.

Now Generally Available

• Sync alert assignees and comments to Jira using our one-way syncing functionality.
• Ingest Auth0 logs with Panther’s built-in Auth0 log source integration.

Enhancements

• Added the isArchived field to the Panther schemas public API to enable easy searching for archived and non-archived schemas.

Bug Fixes

• Panther Audit Log Sources will no longer trigger log drop-off alarms.
• The % character may no longer be used in rule and policy IDs. When using panther_analysis_tool, use of the % character will cause schema checks for all ids and display names to fail.