Ingesting New Log Types With Custom Schemas
Learn how to ingest new log types with Panther's Custom Schemas and have the heaving lifting done upfront to easily manage your log scheams.
Duration: 12:30 minutes
Custom Schema feature allows you to easily manage log schemas.
With the Custom Schema feature, it allows users to onboard, write rules, and query the data to make managing log schemas easier. The feature does the heaving lifting upfront and produces a script that analyzes the logs, then using the indicator search, you’ll be able to run detections on the logs.
Panther allows users to define their own log types by adding a Custom Log Type entry. Custom Log Types are identified by a Custom. prefix in their name and can be used wherever a 'native' Log Type is used:
- Onboarding data through SQS or S3
- Writing Rules for these Log Types.
- Querying the data in Data Explorer. Panther will create a new table for the Custom Log Type, once you onboard a source that uses it.
- Querying the data through Indicator Search
Read the documentation and review our example queries.
Correlate Activity Across Your Environment With Scheduled Queries
Analyze all of your collected log data to bring more context and correlation to your threat detection efforts with Scheduled Queries.