New and Noteworthy

• Health monitoring for Snowflake to validate your logs are flowing as expected

• Pull your Duo logs with our new SaaS log puller.

• Cloud Security scan history is now stored in your data lake

Features

• Create and maintain universal data models in the UI that can be referenced when writing new rules and policies in the Python editor

• Manage, update, and delete custom log schemas in Panther

• Autodetect in Indicator Search: A new field option in Indicator Search called “Autodetect Type” that automatically detects the type of field entered into the Indicator Search

• Policy-based alerts: See alerts generated by failed cloud security policies

• Dynamic alert fields: Dynamically set the severity of an alarm to route alarms on critical and production resources to monitored Slack channels or kick off related workflows

• Added support for new log types: AWS VPC DNS

Enhancements

• Improved S3 onboarding: specify multiple prefix log types mapping per onboarded s3 source

• Custom log schema generation script: analyzes custom schema logs and produces a suggested YML structure that can be reviewed, edited, and saved

Bug Fixes

• VPC Flow logs parser outputs invalid data: this fixes reports of seeing invalid accountIDs in VPC Flow Logs data

• Cloud Security scanner only handles some rate limit errors: the Cloud Security scanner now has the logic needed to handle more rate-limiting errors

• Panther fails for 0 size files: Panther log processor will no longer fail if it encounters a 0-size file in S3