Some of the common use-cases of Panther are:

• Continuous Security Monitoring: Gain real-time visibility across security logs and cloud infrastructure to quickly detect threats, misconfigurations, and other vulnerabilities that could lead to a breach.
• Investigate Alerts: Quickly search Panther's security data lake to contextualize alerts, tune detections, hunt for IOCs, and assess the impact of threats moving through your environment.
• Threat Hunting: Leverage Panther's normalized fields to search extracted IOCs across all of your log data to bring a holistic approach to threat hunting.
• Cloud Compliance: Define security best practices in code to add speed, flexibility, and automation to your compliance initiatives, including SOC, PCI, HIPAA, and more.
• SIEM for Snowflake: Turn your Snowflake into a SIEM with real-time alerting and 200+ pre-built detections. Consolidate, normalize, and retain your security data in Snowflake to power investigations, reporting, and business intelligence.
• SIEM for AWS: Build a structured security data lake from all of your default AWS logs to power real-time detections, fast queries, threat hunting, and robust security analytics.

Panther collects all of your critical security logs, analyzes them in real-time, and normalizes data into structured events that get stored into a data lake.

Here’s how it works:

1. Panther collects security logs from the cloud and on-premise data sources via AWS S3 / SQS / SNS, and direct API integrations
2. Panther scans your AWS infrastructure to understand the state of your cloud
3. All of this data is parsed, normalized, analyzed, and stored in your security data lake to power future investigations
4. Alerts are generated and dispatched to your team in real-time
5. Optional automatic remediations are applied to fix misconfigured infrastructure

The world is shifting from analysts and dashboards to automation and code. By enabling security teams to operationalize massive volumes of security data with cloud-first architectures and developer-driven workflows, Panther can serve as the foundation for modern organizations to quickly bootstrap detection and response programs and secure cloud environments.

Rather than inventing another new domain-specific language (DSL) for security teams to learn, Panther uses Python to enable teams to quickly bootstrap a modern and flexible detection and response program.

Panther runs as a completely serverless architecture to obtain the lowest overhead/cost at the highest scale. By leveraging AWS cloud-native services like Lambda, ECS, DynamoDB, S3, and more, Panther can handle massive workloads with zero-hassle administration.

Panther Community is an essential, fully-functional, open source platform for teams exploring Panther. Get started with Panther.

Panther Enterprise offers maximum value to teams and organizations with advanced features around querying and data storage, the ability to pull SaaS log data, customizable RBAC and SSO integrations, and the option for SaaS deployment. Request a Demo.

Yes! Panther includes 200+ built-in rules and policies to support standard and premium detections. Learn more about Panther Rules and Policies.

Panther uses Python to help you write expressive, flexible, and testable detections. With its versatility and extensibility, Python offers security engineers the ability to more easily write and maintain complicated detection logic that aligns security programs with business objectives for risk and compliance.

Watch this on-demand webinar to learn how you can write custom detections in Panther and identify common and specialized cybersecurity attacks using Python detections and developer-friendly workflows.

Panther can ingest terabytes of security log data per day from a variety of sources including AWS and GCP, security tools like Osquery and OSSEC, and a growing number of SaaS applications such as G Suite, Okta, and OneLogin. As data is processed, detections are run and alerts are dispatched in real-time to destinations like Slack, Jira, and PagerDuty.

Get started with our Integration Directory to learn how you can collect data from all your apps, send alerts to your messaging pipelines, and build a data lake on top of your AWS or
Snowflake with Panther.

Panther lets you dispatch alerts to your team in real-time to destinations like Slack, Jira, and PagerDuty. View all destinations supported by Panther.

Yes, Panther is open source! See it for yourself, Run Panther!

Questions or suggestions? Let us know in our community Slack!