Real-Time Alerts With Unified Data Models
Learn how to get real-time alerts on suspicious activity across your environment with Panther's Unified Data Models feature.
Duration: 11:46 minutes
Panther’s Unified Data Model feature allows you to get real-time alerts on suspicious activity across your environment. You can easily massage data from multiple, disparate data sources into a unified format that can be applied to a set of standard detections.
Users have the ability to create a Unified Data Model (UDM) for each new log source that they onboard. Once specified, UDMs can be referenced in your built-in detections to quickly generate high-value alerts from disparate log sources. Data Models provide a way to map a specific LogType’s field name to a unified data model field name. This means you can create detections that can generically be applied to many LogTypes.
Correlate Activity Across Your Environment With Scheduled Queries
Analyze all of your collected log data to bring more context and correlation to your threat detection efforts with Scheduled Queries.