What you'll need:
An AWS Account to deploy Panther into
An IAM user or role with permissions to create and manage the necessary resources
Use the code samples below to create the deployment roles:
Get started with 3 quick steps!
Clone the latest release of Panther:
git clone https://github.com/panther-labs/panther --depth 1 --branch v1.0.0cd panther
Install and run Docker 17+, then verify the service is up:
The status bar will also display the Docker Icon (on macOS):
For customized deployment options, click here.
Start the development environment:
Run the following command to deploy Panther:
mage setup:swagger deploy
The initial deployment will take ~10 minutes with a fast internet connection. If your credentials timeout, you can safely redeploy to pick up where you left off.
At the end of the deploy command, you'll be prompted for your first/last name and email to setup the first Panther user account.
You'll get an email from
email@example.com with your temporary password. If you don't see it, be sure to check your spam folder.
If you use
aws-vault, you must be authenticated with MFA. Otherwise, IAM role creation will fail with
Now you can sign into Panther! The URL is sent in the welcome email and also printed in the terminal at the end of the deploy command.
Congratulations! You are now ready to use Panther.
Follow the steps below to complete your setup:
Invite your team in
Configure destinations to receive generated alerts
Onboard data for real-time log analysis
Write custom detection rules based on internal business logic
Onboard accounts for cloud security scans
Query collected logs with historical search
Rather than deploying from within a docker container, you can instead configure your development environment locally. This will take more time initially but will lead to faster deployments.
You can also deploy from an EC2 instance with Docker and git installed in the same region you're deploying Panther to. This is typically the fastest option since it minimizes the latency when communicating with AWS services. Instead of exporting your AWS credentials as environment variables, you will need to attach the deployment IAM role to your EC2 instance profile. Your EC2 instance needs at least 1 vCPU and 2GB of memory; the cheapest suitable instance type is a
Panther relies on dozens of AWS services, some of which are not yet available in every region. In particular, AppSync, Cognito, Athena, and Glue are newer services not available in us-gov, china, and other regions. At the time of writing, all Panther backend components are supported in the following:
us-east-1 (n. virginia)
Consult the AWS region table for the source of truth about service availability in each region.
Configure your AWS credentials and deployment region:
export AWS_REGION=us-east-1 # Choose your region from the list aboveexport AWS_ACCESS_KEY_ID=...export AWS_SECRET_ACCESS_KEY=...
If you've already configured your credentials with the AWS CLI (you have a
~/.aws/credentials file), you can easily add them to the environment:
export AWS_ACCESS_KEY_ID=`aws configure get aws_access_key_id`export AWS_SECRET_ACCESS_KEY=`aws configure get aws_secret_access_key`