New and Noteworthy

• GCP Pub/Sub is now available as a data transport for ingesting custom data into Panther.

  • This feature is currently in open beta and is available to all customers. 

Features

• Added the ability to quickly enable relevant Panther Detection Packs for a log source during the log source setup process.

• Added a new Panther-managed Lookup Table for Tor exit nodes.

Now Generally Available

• Panther’s Microsoft Graph log puller is now available to all customers and is no longer in closed beta.

Enhancements

• The following enhancements have been made to Composable Detections using the Config SDK, which is currently in closed beta and available to a select group of customers:

  • Customers with the AWS IAM role setup for PAT can now upload detections in the Config SDK format.

  • Unit testing for detections in the Config. SDK format now run via the panther_analysis_tool config test command.

• Extremely large numbers displayed in the Panther Console (such as on the Overview page) will now be abbreviated. For example, 3712378 will now display as “3.7M.”

• Panther’s CloudFormation deployment parameters have been updated.

Panther Developer Workflows

• panther-analysis has been updated to version 1.37, which includes the following changes:

  • Updates to panther_iocs.

  • Additional AWS detections.

  • Read more about the new release here.

Bug Fixes

• Fixed a bug that caused an erroneous validation error to appear when using the Assigned User alerts filter.

• For customers in the Alert Management closed beta: fixed a bug that appeared when assigning an alert to a deleted user.

• Fixed a bug that was generating false system error alerts for the Atlassian log puller.

• Fixed a bug that would cause schema testing to time out, it now pauses after 15 minutes.

• Fixed a bug that caused log source configuration to fail when an S3 prefix contained a special character.

• Fixed a bug that prevented Pantherlog CLI from working with CloudWatch Logs samples.

• Fixed a bug that prevented metrics-api from correctly collecting metrics that have not been updated in over two weeks.