v1.87

New and Noteworthy

• Added 7 new Okta detections based on recent high profile attacks by threat actors. The new detections are available in the Panther Console and the panther-analysis GitHub repository.
• If you use CI/CD to manage your Panther content, please note that the default branch names for panther-analysis and panther_analysis_tool are now main instead of master.

In open beta and available to all customers:

• Quickly create and modify custom detections by using the Simple Detection builder in the Panther Console.
  • The builder lets you manage detections without writing code, but retains the benefits of detections-as-code, including expressiveness, testability, CI/CD integration, and reusability. Watch this video to learn more about the Simple Detection builder.
  • Simple Detections includes an overhaul of the Detection Filters feature to align with our low-code detection building workflow.
• Onboard AWS Security Hub data with our new log source integration.
• Added a schema for Jamf Compliance Reporter for use with our built-in Jamf Pro log source integration.

Now Generally Available

• Easily ingest Notion logs with our new built-in log source integration.
  • We’ve also released several new Notion detections. You can find them in the Panther Console in the detections list or Notion detection pack, or in the panther-analysis GitHub repo.
• Use our unified Search experience to search across all of your data—including log events, rule matches, and more—without writing SQL.

Schema Changes

• Updated the Tailscale.Network schema to support IPv6.

Panther Developer Workflows

• panther-analysis versions 3.17.0, 3.17.1, 3.18.0, and 3.19.0 have been released, featuring new detections for Notion and Okta and other improvements.
• panther_analysis_tool versions 0.29.0, 0.30.0, 0.30.1, 0.30.2, and 0.31.0 have been released, featuring various updates and enhancements.