In Open Beta

Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.

• Onboard auditd logs with our new log source integration.

• Use the new mask transformation to conceal sensitive information within your logs.

  • Redact or obfuscate (using MD5, SHA-1, SHA-256, or SHA-512 hashes) data in the masked fields.

  • Note: Masking a field means you cannot later use Panther’s search tools to query for its original value.

• You can now select databases and tables when using Indicator Search in the Panther Console. This can dramatically speed up searches when using parameters to narrow a search query.

Enhancements

• In the Panther Console, added a download button to the edit detection page, which allows you to download a YAML file for that detection.

  • The download button is only available when the Developer Workflow option is enabled.

• In the Panther Console, in the Alerts Details page, replaced the “View with Data Explorer” button with a “Search Events” button, which now opens the Query Builder with information prefilled from the alert.

  • This change only applies to users with a Snowflake backend and to alerts that have events from exactly one log type.

• You can now create roles in the Panther Console that have no permissions.

• The automatic field discovery feature, introduced in Panther version 1.75 in closed beta, has been renamed to field discovery.

Panther Developer Workflows

• Version 0.24.3 of panther_analysis_tool has been released, featuring the following updates:

  • Added auditd, Azure, and Windows Event Logs schemas.

  • Various improvements.

• Version 3.12.0 of panther-analysis has been released, featuring the following update:

  • Added support for the Azure.SignIn log type.

Bug Fixes

• Resolved an issue where field discovery failed to work with the rename transformation.

• Fixed a bug that caused field discovery to break when discovering a field with a reserved name.