Latest release
Feb 8, 2024
New and Noteworthy
Use the new Summary tab on search results to quickly understand what is and is not important when triaging an alert, investigating a potential breach, or threat hunting.
On the Summary tab, fields that you’ve selected will display a horizontal bar chart showing the count of the top five values for each field.
Users may expand the chart to display the counts for the up to 20 values as well as reorder the chart to quickly see the lowest counts for the summarized field.
Add or remove visualizations for event fields using the Available Fields and Selected Fields lists on the left-hand side of the results panel. Adding or removing a field shows or hides the field both as a chart and as a column in the results table.
This feature is in open beta and is available to all customers.
New detections available in the Panther Console and the panther-analysis GitHub repository:
Utilize new rules (contained in a new detection pack) to detect suspicious and malicious behavior within the Carbon Black management console.
Identify suspicious behavior in the Kubernetes control plane with several new detections developed in collaboration with the Snowflake Threat Detection Team.
Take advantage of our new automatic stream type detection functionality to make setting up log sources even easier.
This feature is in open beta and is available to all customers.
Use the new Panther standard field
to identify metadata of the file that an event originated from, including the bucket name and object key. This information can be helpful for troubleshooting classification errors.This field is only available for S3 sources.
Use CMD+I (Mac) / CTRL+I (PC) when editing a schema in the Panther Console to view field suggestions based on the position of the text cursor.
Schema Changes
Added a Panther-managed Nginx.Error schema for parsing additional Nginx data.
When creating a new detection in the Panther Console, you will now be prompted to select the detection type (Rule, Policy, or Scheduled Rule) before proceeding to the detection editor.
When a scheduled search times out, it will now generate a system error.
Added a floating horizontal scroll bar and subtle shading to indicate the presence of additional information to the left and right on the search results table.
Panther Developer Workflows
panther_analysis_tool version 0.33.0 was released, featuring various updates and improvements.
panther-analysis versions 3.25.0 and 3.26.0 were released, featuring new detections for Carbon Black and Kubernetes and other additions and improvements.