live webinarThreat Hunting at Scale with Panther Register Now
Request a Demo
Pricing

Get Started Today

Open source

Community

End-to-End Visibility for Modern Security Teams

Deploy Panther

Enterprise

Team

Collaboration and Advanced Features for Teams

Get Pricing
Pro

Security at Scale with Max Performance

Get Pricing

Core

Real-Time Log Analysis
Real-Time Cloud Security
Real-Time Alerting
Automatic Remediation
200+ Built-in Detections
Data Analytics

Data Inputs

AWS S3
AWS SQS & SNS
Google Cloud Platform
SaaS Logs
5 Sources
Unlimited

Analytics and Investigations

Data Explorer
Indicator Search

Alerting

Alert Thresholds
Alert Summaries

Security and Compliance

Multi-Factor Authentication
Role-Based Access Control
SAML SSO (Okta, OneLogin, etc.)

Data Storage

Amazon S3
Parquet Conversion
Snowflake

Team Management

Users
Roles

Deployment

Self-hosted
Single-tenant SaaS

Customer Success

Community Slack
Detections Service Desk
Shared Slack Channel
SLA
M-F, 9x5
24x7

Open source

Community

End-to-End Visibility for Modern Security Teams

Core

Real-Time Log Analysis
Real-Time Cloud Security
Real-Time Alerting
Automatic Remediation
200+ Built-in Detections

Data Inputs

AWS S3
AWS SQS & SNS
Google Cloud Platform

Analytics and Investigations

Alerting

Alert Thresholds

Security and Compliance

Multi-Factor Authentication

Data Storage

Amazon S3

Team Management

Users
Roles

Deployment

Self-hosted

Customer Success

Community Slack
Deploy Panther

Enterprise

Team

Collaboration and Advanced Features for Teams

All Open Source features

Core

Data Analytics

Data Inputs

SaaS Logs

Analytics and Investigations

Data Explorer
Indicator Search

Alerting

Alert Summaries

Security and Compliance

Role-Based Access Control
SAML SSO (Okta, OneLogin, etc.)

Data Storage

Parquet Conversion

Deployment

Single-tenant SaaS

Customer Success

Detections Service Desk
SLA
Get Pricing

Enterprise

Pro

Security at Scale with Max Performance

All Enterprise Cloud-Prem features

Data Inputs

SaaS Logs

Data Storage

Snowflake

Customer Success

Shared Slack Channel
SLA
Get Pricing

Frequently Asked Questions

Looking for new cloud security solutions? Let us tell you about Panther.

What is Panther?

Panther is an open, scalable, and developer-friendly solution for cloud-first organizations to detect and respond to suspicious activity in real-time.

With Panther, teams can perform continuous security monitoring, achieve end-to-end security visibility across cloud and on-premise infrastructure, and build a robust security data lake to power investigations.

What are the use cases of Panther?

Some of the common use-cases of Panther are:

 

  • Continuous Security Monitoring: Gain real-time visibility across security logs and cloud infrastructure to quickly detect threats, misconfigurations, and other vulnerabilities that could lead to a breach.
  • Investigate Alerts:Quickly search Panther’s security data lake to contextualize alerts, tune detections, hunt for IOCs, and assess the impact of threats moving through your environment.
  • Threat Hunting: Leverage Panther’s normalized fields to search extracted IOCs across all of your log data to bring a holistic approach to threat hunting.
  • Cloud Compliance: Define security best practices in code to add speed, flexibility, and automation to your compliance initiatives, including SOC, PCI, HIPPA, and more.
  • SIEM for Snowflake: Turn your Snowflake into a SIEM with real-time alerting and 200+ pre-built detections. Consolidate, normalize, and retain your security data in Snowflake to power investigations, reporting, and business intelligence.
  • SIEM for AWS: Build a structured security data lake from all of your default AWS logs to power real-time detections, fast queries, threat hunting, and robust security analytics.
How Panther works?

Panther collects all of your critical security logs, analyzes them in real-time, and normalizes data into structured events that get stored into a data lake.

Here’s how it works:

 

  1. Panther collects security logs from cloud and on-premise data sources via AWS S3 / SQS / SNS, and direct API integrations
  2. Panther scans your AWS infrastructure to understand the state of your cloud
  3. All of this data is parsed, normalized, analyzed, and stored in your security data lake to power future investigations
  4. Alerts are generated and dispatched to your team in real-time
  5. Optional automatic remediations are applied to fix misconfigured infrastructure
How is Panther different when compared to traditional SIEMs?

The world is shifting from analysts and dashboards to automation and code. By enabling security teams to operationalize massive volumes of security data with cloud-first architectures and developer-driven workflows, Panther can serve as the foundation for modern organizations to quickly bootstrap detection and response programs and secure cloud environments.

Panther runs as a completely Serverless architecture to obtain the lowest overhead/cost at the highest scale. By leveraging AWS cloud-native services like Lambda, ECS, DynamoDB, S3 and more, Panther can handle massive workloads with zero-hassle administration.

What is the difference between Panther Community and Panther Enterprise?

Panther Community is an essential, open source platform for teams exploring Panther. Deploy Panther.

Panther Enterprise offers maximum value to teams and organizations who want advanced features, performance, and security at scale. Panther Enterprise can be deployed in your own AWS account (Cloud-Prem) or managed by Panther (Cloud) in our single-tenant hosted environment. Request a Demo.

Does Panther come with built-in detections?

Yes! Panther includes 200+ built-in rules and policies to support standard and premium detections. Learn more about Panther Rules and Policies.

Detections are expressed as a set of Python functions that control the analysis logic, alert grouping, and titles sent in alerts.

Can you write custom detections in Panther?

Panther uses Python to help you write expressive, flexible, and testable detections.

Watch this on-demand webinar to learn how you can write custom detections in Panther and identify common and specialized cybersecurity attacks using Python detections and developer-friendly workflows.

Where can we send alerts?

Panther lets you dispatch alerts to your team in real-time to destinations like Slack, Jira, and PagerDuty. View all destinations supported by Panther.

Which logs and integrations supported by Panther?

Panther can ingest terabytes of security log data per day from a variety of sources including AWS and GCP, security tools like Osquery and OSSEC, and a growing number of SaaS applications such as G Suite, Okta, and OneLogin. As data is processed, detections are run and alerts are dispatched in real-time to destinations like Slack, Jira, and PagerDuty.

Get started with our Integration Directory to learn how you can collect data from all your apps, send alerts to your messaging pipelines, and build a datalake on top of your AWS or SnowflakeDB with Panther.

Is Panther open source?

Yes, Panther is open source! See it for yourself, Run Panther!

Questions or suggestions? Let us know in our community Slack!

Where does my data go?
Your data always stays within your own AWS account, encrypted.

Run Panther

Learn how to secure your cloud, network, applications, and endpoints with Panther Enterprise.

Request a Demo