Home
Panther is a cloud-native platform for detecting threats, improving cloud security posture, and powering investigations.
Security teams can use Panther for:
Use Case | Description |
Continuous Monitoring | Analyze logs in real-time and identify suspicious activity that could indicate a breach |
Alert Triage | Pivot across all of your security data to understand the full context of an alert |
Searching IOCs | Quickly search for matches against IOCs using standardized data fields |
Securing Cloud Resources | Identify misconfigurations, achieve compliance, and model security best practices in code |
The three main components are:
Log Analysis to centralize, parse, and analyze log data with Python
Cloud Security to scan AWS accounts, detect misconfigurations, and improve cloud security posture
Historical Search for analytics on collected log data and alerts
The benefits of Panther include:
Flexible Python-based detections
Built on serverless technologies for high scale at low cost
Near real-time analysis for quick alerting and remediation
Simple deployments using infrastructure as code
Secure, least-privilege, and encrypted infrastructure deployed within your AWS account
Term | Meaning |
Event | A normalized log from sources such as CloudTrail, Osquery, or Suricata |
Rule | A Python function to detect suspicious activity |
Alert | A notification to the team when a policy has failed or a rule has triggered |
Policy | A Python function representing the desired secure state of a resource |
Resource | A cloud entity, such as an IAM user, virtual machine, or data bucket |
To get set up with Panther, continue to the Quick Start on the next page.