v1.93

Dec 13, 2023

New and Noteworthy

Added detection inheritance for Python detections and Simple Detections.
- Inheritance lets you create one or more Derived Detections from a single Base Detection.
- Derived Detections inherit the Base Detection’s core detection logic, which is immutable, as well as its metadata field values, which can be overwritten for each Derived Detection.
- Filters may also be added to derived detections.
- This feature is in open beta and is available to all Panther customers.
Monitor Netskope audit logs for suspicious activity with five new detections contained in a new Panther-managed detection pack. The new detections available in the Panther Console and the panther-analysis GitHub repository.

Now Generally Available

Take advantage of our new automatic stream type detection functionality to make setting up log sources even easier.

Enhancements

Users can now get suggestions and error messages when developing Panther schemas and tests in an IDE using the schema-tests file available via the Panther documentation with JSON Schema.
Our MongoDB log source will now recover more quickly after delays.

Panther Developer Workflows

Versions 3.28.0, 3.29.0, 3.30.0, and 3.31.0 of panther-analysis have been released, featuring five new Netskope detections, improved references for many rules, updated enrichment lookup tables for GreyNoise, IPInfo, and Tor, and more.

Previous Releases

View All

v1.92 Dec 6, 2023

Use our new Splunk alert destination to send Panther alerts to Splunk.

v1.91 Nov 29, 2023

Use the new Summary tab on search results to quickly understand what is and is not important when triaging an alert, investigating a potential breach, or threat hunting.

v1.90 Nov 16, 2023

Added the ability to use prefix exclusion filters with GCS sources.