Nov 29, 2023

New and Noteworthy

  • Use the new Summary tab on search results to quickly understand what is and is not important when triaging an alert, investigating a potential breach, or threat hunting.
    • On the Summary tab, fields that you’ve selected will display a horizontal bar chart showing the count of the top five values for each field. 
    • Users may expand the chart to display the counts for the up to 20 values as well as reorder the chart to quickly see the lowest counts for the summarized field.
    • Add or remove visualizations for event fields using the Available Fields and Selected Fields lists on the left-hand side of the results panel. Adding or removing a field shows or hides the field both as a chart and as a column in the results table.
    • This feature is in open beta and is available to all customers.
  • New detections available in the Panther Console and the panther-analysis GitHub repository:
  • Take advantage of our new automatic stream type detection functionality to make setting up log sources even easier.
    • This feature is in open beta and is available to all customers.
  • Use the new Panther standard field p_source_file to identify metadata of the file that an event originated from, including the bucket name and object key. This information can be helpful for troubleshooting classification errors.
    • This field is only available for S3 sources.


  • Use CMD+I (Mac) / CTRL+I (PC) when editing a schema in the Panther Console to view field suggestions based on the position of the text cursor.

Schema Changes


  • When creating a new detection in the Panther Console, you will now be prompted to select the detection type (Rule, Policy, or Scheduled Rule) before proceeding to the detection editor.
  • When a scheduled search times out, it will now generate a system error.
  • Added a floating horizontal scroll bar and subtle shading to indicate the presence of additional information to the left and right on the search results table.

Panther Developer Workflows

  • panther_analysis_tool version 0.33.0 was released, featuring various updates and improvements.
  • panther-analysis versions 3.25.0 and 3.26.0 were released, featuring new detections for Carbon Black and Kubernetes and other additions and improvements.

Previous Releases

v1.90 Nov 16, 2023
Added the ability to use prefix exclusion filters with GCS sources.
v1.89 Nov 9, 2023
Added the ability to manually resize columns in search results tables and significantly improved the load time of the Log Sources page in the Panther Console.
v1.88 Nov 6, 2023
Added support for GCP, Google Workspace, Azure, and Microsoft 365 audit logs to the Panther Core Fields (UDM)