New and Noteworthy

• Use our new Splunk alert destination to send Panther alerts to Splunk.

  • This new integration enables you to leverage Panther's powerful detection-as-code functionality on a set of logs while keeping your existing triage, search, and remediation workflows in Splunk.

  • This feature is in open beta and is available to all customers.

• Easily convert Sigma rules into Panther YAML detections (Simple Detections) using the sigma-cli tool.

  • Sigma rules are a common way to share detection logic in a vendor-agnostic format. This converter makes thousands of Sigma rules available for use in Panther. It also can make it easier to migrate to Panther from another SIEM.

  • Currently, only Okta and AWS CloudTrail log sources are supported for conversion. More will be added.

  • This feature is in open beta and is available to all customers.

• Track your monthly ingestion volume against your allotment using the new ingestion quota tool in the log ingestion dashboard.

Enhancements

• The 1Password log source can now pull events that were generated while a device was offline.

Panther Developer Workflows

• panther-analysis version 3.27.0 was released, featuring updates to various detections and other additions.

• panther_analysis_tool version 0.34.0 was released, featuring assorted additions and improvements.