Panther's Log Analysis is used to detect threats in log data.
This works by parsing, normalizing, and analyzing high volumes of data in real-time. In order to onboard into this pipeline, data must send to either an S3 bucket or an SQS queue.
Common events analyzed with log analysis include:
Authorization or authentication
Alerts from IDS