v1.92

Dec 6, 2023

New and Noteworthy

Use our new Splunk alert destination to send Panther alerts to Splunk.
- This new integration enables you to leverage Panther’s powerful detection-as-code functionality on a set of logs while keeping your existing triage, search, and remediation workflows in Splunk.
- This feature is in open beta and is available to all customers.
Easily convert Sigma rules into Panther YAML detections (Simple Detections) using the sigma-cli tool.
- Sigma rules are a common way to share detection logic in a vendor-agnostic format. This converter makes thousands of Sigma rules available for use in Panther. It also can make it easier to migrate to Panther from another SIEM.
- Currently, only Okta and AWS CloudTrail log sources are supported for conversion. More will be added.
- This feature is in open beta and is available to all customers.
Track your monthly ingestion volume against your allotment using the new ingestion quota tool in the log ingestion dashboard.

Enhancements

The 1Password log source can now pull events that were generated while a device was offline.

Panther Developer Workflows

panther-analysis version 3.27.0 was released, featuring updates to various detections and other additions.
panther_analysis_tool version 0.34.0 was released, featuring assorted additions and improvements.

Previous Releases

View All

v1.91 Nov 29, 2023

Use the new Summary tab on search results to quickly understand what is and is not important when triaging an alert, investigating a potential breach, or threat hunting.

v1.90 Nov 16, 2023

Added the ability to use prefix exclusion filters with GCS sources.

v1.89 Nov 9, 2023

Added the ability to manually resize columns in search results tables and significantly improved the load time of the Log Sources page in the Panther Console.