v1.74
Latest release
calendar
Jul 12, 2023
In Open Beta
Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.
Test out Panther’s streamlined detection editor in the Panther Console.
Consolidated the view and edit functionality into a single pane on a Detection page, enabling users to tune detections more quickly. The Alert Settings and Test sections have also been incorporated into the page.
Alert settings under “Set Alert Fields” now include the Alert Severity and Framework Mapping.
Added a persistent header with access to additional information, including MITRE ATT&CK details and a change log.
Onboard Tailscale logs with the new Tailscale log puller. Use this integration to monitor audit and network logs.
Schema Changes
Added the following fields to the GitHub.Audit schema:
admin_enforced
pull_request_reviews_enforcement_level
required_status_checks_enforcement_level
linear_history_requirement_enforcement_level
Enhancements
In the Panther Console, in the Add New Source and Schemas pages, schemas are now displayed by default in a new tree view. This view provides simplified schema information, including field type, asterisks denoting required fields, nested fields, and descriptions. The original display can still be accessed by clicking YAML View.
In the Panther Console, you can now enable Panther audit logs, which provide a read-only history of activity within your Panther deployment, including when this option is enabled or disabled.
Note: Only users with the Edit Settings & SAML Preferences permission are allowed to enable Panther audit logs.
HTTP log sources can no longer be created with invalid header names.
Panther Developer Workflows
Added a new command,
validate, to Panther Analysis Tool. This allows you to validate your detections against your Panther instance before running a bulk upload.Versions 3.9.3 and 3.10.0 of panther-analysis have been released, featuring the following updates:
Several GCP detections now use the
deep_walkfunction.Various bug fixes.
Bug Fixes
Resolved an issue with incorrect dates in the bulk download file metadata, which prevented those files from being zipped.
Enabled existing bulk upload metrics for async bulk uploads.
Fixed a bug that caused edits to the security configuration of an HTTP log source to take longer than expected to reflect in the transport.
Fixed a bug with classification errors for certain types of Azure.SignIn events.
Corrected the UserKey field to not be required for Microsoft 365 logs.
Resolved an issue where schema versions were incorrectly updated when schema metadata was updated.
Fixed a bug with the MongoDB log puller where events were not pulled from all project IDs.
