I'd say the biggest differences are that Panther:
- Has a UI-driven workflow (vs CLI)
- Has an improved design to be more scalable and cost-effective
- Is written almost entirely in Golang
- Made a larger investment in the Athena side, allowing data pivoting and correlation across types
- Has first-class support for monitoring infrastructure as "resources", opening up more compliance use cases
We applied a lot of lessons learned from running StreamAlert and from my team's experiences at Amazon.