Panther is a powerful, open-source, cloud-native SIEM designed to be:
Flexible: Python-based detections and alerting support for PagerDuty, Slack, MS Teams, and more
Scalable: Built on serverless technologies for cost and operational efficiency at scale
Fast: Near real-time rules analysis, alerting, and automatic remediation
Integrated: Analyze both security logs and cloud resources for total visibility
Automated: Fast and simple deployments with AWS CloudFormation
Secure: Least-privilege and encrypted infrastructure that you control
Panther's use-cases include:
Log Analysis: Centralize and analyze log data with Rules for threats and suspicious activity
Investigation: Perform historical queries with SQL over long-term data for analytics, log correlation, and forensics.
Cloud Compliance: Detect misconfigured cloud resources and enforce best practices with Policies.
Auto Remediation: Automatically correct non-compliance infrastructure
The following diagram offers a high-level overview of Panther's architecture:
Panther offers an intuitive way to detect suspicious activity by using Rules. Each Rule evaluates to a given log type, and contains metadata and context to help analysts understand its purpose.
Then, Python code can be input into the browser to analyze logs:
Panther also offers a feature to detect misconfigured AWS resources.
Each entity within an AWS account is defined as a Resource. Each Resource has a set of attributes that can be referenced in a Policy. The following screenshot shows how Panther lets you monitor all your Resources, Attributes, and Policies from a single pane of glass:
You can also easily search your Resources by using filters such as Type, Source, Status, or Name:
To get setup with Panther, continue with the Quick Start on the next page!