v1.54
Latest release
calendar
Feb 14, 2023
New and Noteworthy
Use our new Rule Filters in the Panther Console to quickly tune existing rules without writing code.
This feature is now available to all customers in open beta.
Submit any feedback on Rule Filters using this form.
Added IPinfo’s Privacy Data to Panther’s IPinfo integration.
Use this enrichment data in detections and data lake queries to:
Identify malicious traffic from bots and spammers
Identify content access from VPNs
Prevent web scraping from proxies and requests from servers
Fight fraud by flagging users who are masking their identity
Merge insights from IPinfo and Panther’s GreyNoise integration to identify malicious traffic and accelerate security investigations.
panther-analysis versions 2.0.0 and 2.0.1 have been released.
Version 2.0.0 adjusted how
deep_get()functions. For information about how to usedeep_get()going forward, as well as information about new detections in this version, reference the comprehensive release notes for 2.0.0 on GitHub.Version 2.0.1 features minor bug fixes.
Features
Added the ability to search in the Panther Console for a schema by a field name used within it.
Quickly search for a schema by a field or property in the schema search bar or by using CMD + K in the Console.
Schema Changes
The Gravitational.TeleportAudit schema has been updated to include 17 new fields. Reference the documentation for the full list of fields that are now included.
Added the
ec2RoleDeliveryfield to the AWS.CloudTrail schema.The
OrgIdfield for the Snyk.OrgAudit schema is now optional instead of required.
Enhancements
Nested
userIdfields that appear in some CloudTrail events will now be listed as AWS indicators underp_any_aws_account_ids.In the Detection Editor in the Panther Console, the “Report Mapping” tab’s functionality has been moved to the “Rule Settings” tab and is now labeled “Framework Mapping.”
Bug Fixes
Fixed a bug that caused DynamoDB cloud scanning to not paginate correctly.
