New and Noteworthy

• GreyNoise is now available as an enrichment source in Panther.

  • Use Panther detection capabilities with GreyNoise threat intelligence data to reduce false-positive alerts by:

    • Ruling out internet background noise from external event sources to ensure you're focused on the most critical events first.

    • Identifying potential opportunistic attacks that may have been allowed into your perimeter.

    • Identifying emerging threats based on GreyNoise context data and tagging.

  • To enable Analyst roles to view and manage GreyNoise packages in the Panther Console, they will need to be assigned the View Lookups and Manage Lookups permissions.

  • The Basic GreyNoise package is included for all Panther customers at no additional cost. The Advanced package, which includes expanded intelligence from GreyNoise for advanced filtering and threat hunting, requires a paid subscription to be activated. Learn more in our documentation or by watching the demo video below.

Features

• Added the ability to use Terraform templates when setting up Google Cloud Storage (GCS) data transport and AWS cloud accounts in the Panther Console.

Enhancements

• When updating the S3 configuration on a Lookup Table in the Panther Console, an informational warning is now displayed indicating that users must also update IAM permissions and provide a new role ARN.

• Alert severities for Alert Destinations in the Panther Console are now visually distinct and incorporate iconography rather than just color.

• Panther’s CloudFormation deployment parameters have been updated.

Bug Fixes

• Fixed a bug that reported an incorrect number of “modified” queries when uploading a zip containing queries in the Bulk Uploader in the Panther Console.

•