Kevin Defane Barrett

About
Skills
Writing

Release notes

Context

The change logs for a SIEM (security information and event management) product to educate customers about new changes, features, enhancements, bug fixes, and opportunities to participate in product feature betas.

Sample

Panther v1.72

New and Noteworthy

  • Added the ability to create, read, update, and delete S3 log sources via the Panther API. This new feature makes it easier to manage large numbers of S3 log sources or infrastructure-as-code.

In Open Beta

  • Onboard Netskope audit logs with the new Netskope log puller. Use this integration to monitor events within your Netskope instance.

In Closed Beta

  • Test out Panther’s streamlined detection editor in the Panther Console.
    • Consolidated the view and edit functionality into a single pane on a Detection page, enabling users to tune detections more quickly. The Alert Settings and Test sections have also been incorporated into the page. 
    • Alert settings under “Set Alert Fields” now include the Alert Severity and Framework Mapping.
    • Added a persistent header with access to additional information, including MITRE ATT&CK details and a change log.
  • Manage Panther roles with the new Okta System for Cross-domain Identity Management (SCIM) integration. This feature allows you to automatically manage roles, update profiles, and activate or deactivate users through Okta.
  • You can now select databases and tables when using Indicator Search in the Panther Console. This can dramatically speed up searches when using parameters to narrow a search query.
  • Added the ability to enable user profiles for Google Workspace logs. This allows you to pull user profiles into Panther-managed Lookup Tables and set the refresh period for retrieving profile updates.

Schema Changes

  • Azure.SignIn now supports the following logs from the Azure Active Directory:
    • NonInteractiveUserSignInLogs
    • ServicePrincipalSignInLogs
    • ManagedIdentitySignInLogs

Enhancements

  • In the Panther Console, when onboarding or editing a log source, the number of steps in the process has been reduced and the navigation has been moved to the top of the page for ease of use.
  • You can now upload SAML metadata files directly through the Panther Console. In previous versions of Panther, you were required to provide an identity provider URL.
  • The processing limit for SQS Source Data Transports, previously 1 MiB/second, has been removed.

Panther Developer Workflows

  • Versions 3.8.0, 3.8.1, 3.8.2, and 3.8.3 of panther-analysis have been released, featuring the following updates:
    • Added new detections for Auth0, CrowdStrike, GCP, GitHub, and Tines.
    • Added a new rule, GitHub.Org.Moderators.Add, to the GitHub Detection Pack.
    • Various bug fixes.