This page provides help for common issues you may encounter with Panther deployment or usage.
Don't see what you're looking for? Contact support​
Didn't receive the invitation email for the first Panther user?
Has the deployment finished successfully? The CloudFormation stack(s) should be CREATE_COMPLETE
.
Check your spam folder - the email is sent from no-reply@verificationemail.com
From the CloudFormation web console, double-check the FirstUserEmail
parameter in your stack - you may have mistyped the email. If so, read on.
(Optional) Check the Panther CloudWatch dashboards for any errors and/or
search the /aws/lambda/panther-cfn-custom-resources
for error messages to help identify the root cause of the issue.
If you didn't receive the invite for whatever reason, you'll need to send another invite manually.
Download the appropriate invite
opstool binary from the latest release assets​
Run the tool, e.g.: ./invite-darwin-amd64
- it will prompt you for the user name and email
If your email already exists in Panther, you can try adding an email suffix: user+suffix@example.com
Every Panther deployment should automatically install many Python rules and policies. If you don't see any on your first login, there may have been an issue downloading them during deployment.
To fix:
Download the analysis set manually
Login to the Panther web app and navigate to Cloud Security > Policies (or Log Analysis > Rules)
Click "Create New" and choose "Bulk". Upload the zipfile you downloaded in step 1.
(Optional) Check the Panther CloudWatch dashboards for any errors and/or
search the /aws/lambda/panther-cfn-custom-resources
for error messages to help identify the root cause of the issue.
When configuring Cloud Security for a given account, the default scan interval is 24h.
To reduce this interval, onboard CloudTrail data from the given account, or configure real-time events.