Overview

Panther version 1.111 contains minor breaking changes to correlation rule and PantherFlow functionality.

Version 1.111 is scheduled to be available the week of January 13, 2025. These changes will be reflected in the Panther documentation when v1.111 is available.

Correlation rule change

In Panther v1.111, a correlation rule field has new validation. In correlation rules that are sequences, if Transitions.WithinTimeFrameMinutes is defined, WithinTimeFrameMinutes must be less than or equal to LookbackWindowMinutes.

If you currently have any sequence correlation rules where WithinTimeFrameMinutes is greater than LookbackWindowMinutes, it is recommended to update them.

PantherFlow changes

In Panther v1.111, PantherFlow has the following syntax changes:

• The datetime() and time.parse_date() functions will be removed

• The time.date_trunc() function will be renamed to time.trunc()

• The partially implemented date data type will be removed

If you currently have any saved PantherFlow queries that use datetime(), time.parse_date(), time.date_trunc(), and/or dates, it is recommended to update them.