New and Noteworthy

• Added detection inheritance for Python detections and Simple Detections.

  • Inheritance lets you create one or more Derived Detections from a single Base Detection. 

  • Derived Detections inherit the Base Detection's core detection logic, which is immutable, as well as its metadata field values, which can be overwritten for each Derived Detection.

  • Filters may also be added to derived detections.

  • This feature is in open beta and is available to all Panther customers.

• Monitor Netskope audit logs for suspicious activity with five new detections contained in a new Panther-managed detection pack. The new detections available in the Panther Console and the panther-analysis GitHub repository.

Now Generally Available

• Take advantage of our new automatic stream type detection functionality to make setting up log sources even easier.

Enhancements

• Users can now get suggestions and error messages when developing Panther schemas and tests in an IDE using the schema-tests file available via the Panther documentation with JSON Schema.

• Our MongoDB log source will now recover more quickly after delays.

Panther Developer Workflows

• Versions 3.28.0, 3.29.0, 3.30.0, and 3.31.0 of panther-analysis have been released, featuring five new Netskope detections, improved references for many rules, updated enrichment lookup tables for GreyNoise, IPInfo, and Tor, and more.