New and Noteworthy

• In Panther version 1.103, targeted for release beginning March 12, 2024, we will introduce a change to our beta REST API endpoints and parameters that will cause pre-existing implementations to no longer function as anticipated.

  • All endpoints and query parameters that previously contained _ will be updated to use - instead. The impacted endpoints are as follows:

    • data models: data_models will become data-models

    • simple rules: simple_rules will become simple-rules

    • scheduled rules: scheduled_rules will become scheduled-rules

  • If you utilize these endpoints, to ensure that your implementations of the Panther API continue working after next week, please update your configurations after your instance is upgraded to version 1.103.

  • This change will take effect with the release of Panther version 1.103 beginning on March 12, 2024.

  • We do not intend to make any breaking changes to our API endpoints after they are out of their beta phase.

• panther-analysis versions 3.43.0 and 3.44.0 were released, featuring the following changes among other additions and improvements:

  • Converted several rules to Python from SDYAML.

  • Added data models for AWS EKS and GCP GKE logs to map to normalized Kubernetes log fields. 

Enhancements

• Renamed “Rule Matches” to “Alerts” on the rule details page.

• Added a “Copy ID” button to the rule details page in the Panther Console.

• Added a clearer error message when users attempt to run data replay on data from within the last 24 hours.

• When exporting search results from the Panther Console as a CSV, the columns users select to show in their results as well as their order will persist into the exported CSV.

• Added the ability to use nested fields with JSON path notation in the Simple Detection builder in the Panther Console.

Panther Developer Workflows

• panther_analysis_tool version 0.41.0 was released, which includes a change to packs-check so that disabled rules are ignored.

Bug Fixes

• Fixed an issue with an indicator search pivot button in alerts.

• Fixed an issue with breakpoints in detection code that would cause the detections engine to hang.

• The “download all entities” button no longer retrieves cached results, enabling users to obtain a more up-to-date export.

• Fixed an issue that caused scheduled queries above 128KB to fail.

• Fixed an issue that caused the detection page to crash when attempting to create a detection with an existing ID.

• The ingestion dashboard in the Panther Console now displays the number of bytes filtered over the past month.