Features

• Pull Sysdig audit logs for infrastructure monitoring with Panther’s new Sysdig log puller.

Now Generally Available

• The Panther API is now generally available and no longer in beta.

Schema Changes

• The following fields are no longer required in Amazon.EKS.Audit:

  • annotations

  • requestURI

  • responseStatus

  • userAgent

• The following field is no longer required in Gravitational.TeleportAudit:

  • uid

• The field p_any_usernames has been added to the CloudTrail schema.

Enhancements

• The speed of inferring and testing schemas from raw data has been improved.

• In the Panther Console, on the Add New Source page, you can now use the search bar to filter for built-in log types.

• In the Panther Console, in a log source’s health tab, classification failure events are now only displayed if the log source becomes unhealthy. 

• A new parameter has been added to Panther’s CloudFormation deployment parameters:

  • Created

Panther Developer Workflows

• panther-analysis has been updated to version 1.36, which includes the following changes:

  • Added detections for Sigma AWS and Okta password access. 

  • Deprecated the unusual logins detection.

  • Various other enhancements and bug fixes.