New and Noteworthy

• panther-analysis version 3.46.0 was released, featuring the following improvements among other changes:

  • Added a is_base64 global helper function to determine whether a string is base64 encoded and return the decoded string.

  • Improved public IP recognition in several detections.

• Added support for Policy Denied audit logs to the GCP.AuditLog log type.

Enhancements

• Deployed improvements to the normalization process for SQS, HTTP and Pub/Sub sources and the log processing pipeline that may lead to decreased AWS Lambda and AWS S3 costs, respectively, for Cloud Connected customers.

Bug Fixes

• Fixed a bug that caused search summaries with empty values to not create the correct filter chips.

• Fixed a bug that caused the cursor to displayed a few characters off in Data Explorer.

• Fixed an issue that caused AWS VPC DNS logs in Parquet to result in classification errors. 

• Fixed a bug that caused false health alerts for Tenable log sources.

• Fixed an issue where runaway rules would break Data Replay.