Indicator Search

Sugandha Lahoti
Indicator Search

Quickly find hits on IOCs in your data lake with Panther’s Indicator Search

What

Panther Enterprise now offers an Indicator Search for customers to perform lightning-fast searches across all collected logs for IOCs such as IP addresses, domains, hashes, and more. With the Indicator Search, you can quickly baseline behaviors, correlate suspicious activity across systems, and kickstart security investigations against terabytes of normalized log data.

Panther’s Indicator Search is powered by our cloud-native Data Lake, which enables zero-admin storage for huge amounts of security data. The Data Lake is searchable via SQL and is fully open for complete transparency, greater control, and broader interoperability with third-party tools like visualization and BI.

Why

Panther’s Indicator Search helps security practitioners answer critical questions faster. In any investigation, time is of the essence. Quickly correlating IOCs across data sources can help security analysts detect malicious activity early in the attack sequence to prevent further escalation.

In addition, according to IBM research, it takes on average about 280 days for companies to identify a breach. Once discovered, the Indicator Search can be used to better understand which systems were accessed, what assets were compromised, and how detections can be updated and improved to identify similar activity in the future, in real-time.

How it Works

The Indicator Search is designed to be simple and easy to use:

  1. Start your investigation with a known IOC
  2. Copy & paste the indicator(s) into the search field and find ALL connected events associated with that indicator
  3. Drill down into specific events by pivoting into the Data Explorer with prebuilt SQL queries
  4. Find additional indicators in the Data Explorer and perform another search to gain additional context about the attack
  5. Continue to pivot through your data to map the entire attacker footprint

How does this impact you

With Panther’s Indicator Search, you can:

  • Quickly search for IOCs such as IPs, domains, hashes, ARNs, and more
  • Batch search ALL of your security data
  • Find hits and pivot into Panther’s Data Explorer to gain additional context about suspicious activity

TL;DR

Perform lightning-fast searches for IOCs across all your logs with our new Indicator Search.

Get Started

  • If you’re an existing Panther Enterprise customer, you can start using Indicator Search by navigating to Data Analytics. Read the docs.
  • If you’d like to learn more about Panther Enterprise, request a demo.