Overview

Panther's Log Analysis is used to detect threats in log data.

This works by parsing, normalizing, and analyzing high volumes of data in real-time. In order to onboard into this pipeline, data must send to either an S3 bucket or an SQS queue.

Common events analyzed with log analysis include:

  • Authorization or authentication

  • API calls

  • Network traffic

  • Running processes

  • Alerts from IDS