Dec 13, 2023

New and Noteworthy

  • Added detection inheritance for Python detections and Simple Detections.
    • Inheritance lets you create one or more Derived Detections from a single Base Detection. 
    • Derived Detections inherit the Base Detection’s core detection logic, which is immutable, as well as its metadata field values, which can be overwritten for each Derived Detection.
    • Filters may also be added to derived detections.
    • This feature is in open beta and is available to all Panther customers.
  • Monitor Netskope audit logs for suspicious activity with five new detections contained in a new Panther-managed detection pack. The new detections available in the Panther Console and the panther-analysis GitHub repository.

Now Generally Available


Panther Developer Workflows

  • Versions 3.28.0, 3.29.0, 3.30.0, and 3.31.0 of panther-analysis have been released, featuring five new Netskope detections, improved references for many rules, updated enrichment lookup tables for GreyNoise, IPInfo, and Tor, and more.

Previous Releases

v1.92 Dec 6, 2023
Use our new Splunk alert destination to send Panther alerts to Splunk.
v1.91 Nov 29, 2023
Use the new Summary tab on search results to quickly understand what is and is not important when triaging an alert, investigating a potential breach, or threat hunting.
v1.90 Nov 16, 2023
Added the ability to use prefix exclusion filters with GCS sources.