Video

Real-Time Alerts With Unified Data Models

Learn how to get real-time alerts on suspicious activity across your environment with Panther's Unified Data Models feature.

Duration: 11:46 minutes

Panther’s Unified Data Model feature allows you to get real-time alerts on suspicious activity across your environment.  You can easily massage data from multiple, disparate data sources into a unified format that can be applied to a set of standard detections.

Users have the ability to create a Unified Data Model (UDM) for each new log source that they onboard. Once specified, UDMs can be referenced in your built-in detections to quickly generate high-value alerts from disparate log sources. Data Models provide a way to map a specific LogType’s field name to a unified data model field name. This means you can create detections that can generically be applied to many LogTypes.

Learn more about how Unified Data Model works. Read the documentation and review our field references.