New and Noteworthy

• Added AWS Transit Gateway Flow as an S3 Source.

  • Capture information about the IP traffic going to and from your transit gateways.

• The Boomerang feature has been added to Panther’s Slack Bot, available in open beta.

  • With Boomerangs, you can send questions to and receive responses from other users in your Slack instance, streamlining your alert triage workflows.

• IPInfo enrichment is now generally available and no longer in closed beta.

  • IPInfo provides integrated IP related enrichment, such as adding geolocation and ASN data to alert events.

  • To enable IPInfo data sets, see our documentation on how to enable the pack.

  • Please note that IPInfo data access in the data lake is not available at this time.

Panther Developer Workflows

• Versions 1.47, 1.48, and 1.49 of panther-analysis have been released, including the following changes:

  • Added CrowdStrike queries for large zip creation and macOS browser credential access.

  • Added new detections for Atlassian, AWS, CrowdStrike, Duo, GitHub, G Suite, Microsoft 365, and Okta.

  • Added new Detection Packs for Atlassian, CrowdStrike, Duo, GitHub, and G Suite.

  • Read more about the new releases here.

Closed Beta

• Pull SentinelOne Cloud Funnel 2.0 logs with Panther's new Cloud Funnel 2.0 log puller.

  • In addition to Panther's beta support for SentinelOne Cloud Funnel 1.0, this closed beta provides additional support for Cloud Funnel 2.0, which SentinelOne launched in November 2022.

• An additional feature has been added to the improved Log Source Overview feature.

  • In the Log Source details page, added the S3 Bucket Details field under an S3 bucket’s Configuration tab, which includes a list of prefixes and excluded prefixes.

Bug Fixes

• Fixed a bug that caused refresh issues when choosing filters on the Packs page in the Panther Console.

• Fixed a bug that caused search results to appear out of order in the Log Source onboarding page in the Panther Console.