In Open Beta

Features in open beta are available to all customers. To share any bug reports or feature requests, please contact your Panther representative.

• Added raw event filters to log sources.

  • These allow you to filter raw events that are ingested into Panther by using regex or substring filters. 

  • Filtering helps you realize the value of your high-volume logs and use logs that were previously cost-prohibitive when connected with Panther.

• Onboard Carbon Black logs with our new log source integration.

Enhancements

• Field discovery can now be enabled for CSV logs with headers.

• You can now define and discover fields with the following names:

  • year

  • month

  • day

  • hour

  • partition_time

• Added support for scientific float notation to the unix_ns timestamp format. 

• In the Panther Console, when editing an alert destination, log types are now grouped by category.

Panther Developer Workflows

• Versions 3.13.0 and 3.14.0 of panther-analysis have been released, featuring the following updates:

  • Added a new detection for Azure.SignIn.

  • Added GitHub.Audit actor IP to lookup tables.

  • Various bug fixes and improvements.

• Version 0.25.0 of panther_analysis_tool has been released, featuring the following updates:

  • Added a benchmark subcommand that tests rules against one hour of data for one log type. This enables you to evaluate the performance of your rules prior to uploading them.

  • You can now use the fieldDiscoveryEnabled property to enable or disable field discovery.

Bug Fixes

• Fixed a bug that caused certain events to drop instead of raising a classification failure.

• Fixed a bug that created broken breadcrumb links on the alert details page.