v1.46
Latest release
calendar
Jan 10, 2023
Features
Pull SentinelOne Deep Visibility logs with Panther's new SentinelOne Cloud Funnel log puller.
Schema Changes
Custom schemas can now support multiple timestamp formats, including custom formats.
Added two new schemas for Lacework logs:
Lacework.AlertDetails
Lacework.CloudCompliance
The groupId field is no longer required and is now optional in the following schemas:
Snyk.GroupAudit
Snyk.OrgAudit
Enhancements
In the Panther Console, under Settings > General > Developer Workflow, added a new option to disallow enabling Detection Packs from the Console.
This helps prevent update conflicts between the Console and CI/CD for customers who use the Panther Analysis Tool (PAT). The option is off by default.
Added a new SQL macro, p_occurs_around, to facilitate querying around a certain time.
Added a link to the Scheduled Rule details page which opens that Scheduled Query in the Data Explorer.
Updated the UI of the Log Sources onboarding page to improve its usability, which includes separating the former AWS tile into 10 individual AWS services.
Panther’s CloudFormation deployment parameters have been updated.
Panther Developer Workflows
Updated panther-analysis to version 1.38.1, which includes the following changes:
Additional AWS and Microsoft Graph detections.
Crowdstrike detections are now bundled in a Pack.
Open Betas
Panther SDK, a new way to create, manage, and reuse Python across your detections, is now available in open beta.
Unlike the typical detections workflow provided through panther-analysis, your content will be managed separately from Panther's. This allows you to stay up-to-date without running into future merge conflicts.
Bug Fixes
Fixed a bug that caused an excessive number of loading transitions on the Data Replay page.
Fixed a bug that caused the UI to display incorrectly on the Data Replay page.
Fixed a bug that caused the UI to display incorrectly on the Log Sources onboarding success page.
