Introducing PantherFlow: Accelerate Investigations in Your Security Data Lake

We’re excited to introduce PantherFlow, a user-friendly, pipe-based query language for security teams to perform rapid threat hunting and robust analytics in their security data lake. PantherFlow simplifies complex queries into bite-sized, easy-to-understand chunks so you can quickly find the answers you need.

How PantherFlow Transforms Investigations

PantherFlow is designed to transform how security teams interact with their data, providing agility and precision for threat hunts, investigations, and analysis. 

Traditional SIEMs present tradeoffs between scalability and cost that make it difficult to leverage high-volume logs for threat detection and incident response. This forces many security teams to build their own security data lake. Limited visibility and clunky search features make it challenging to get a comprehensive view of an incident, requiring teams to pivot between multiple tools. Most security data lakes rely on SQL for searches, so teams face both skill gaps and complex queries that hinder efficient incident response. This negatively impacts collaboration and detracts from the team’s primary responsibility: resolving incidents and securing the business. 

By combining a familiar search interface with the intuitiveness of pipeline query languages and the scale and efficiency of a security data lake, PantherFlow solves challenges that traditional SIEMs are unable to address. Panther customers are using PantherFlow to uncover valuable insights and convey the effectiveness of their security programs to business leadership.

Simple Statements Build Complex Queries

With PantherFlow, security teams get a more approachable search experience without sacrificing power and flexibility. Complex queries are built from short statements, and the data flows logically: queries start with the data source, and then operators like filters, joins, and transformations are added as sequential building blocks. This approach gives users the expressive power they need without the inherent complexities of SQL.

PantherFlow also doesn’t require data to have a fixed schema, offering the flexibility to query multiple tables, even when they’re structured differently. This is an incredibly powerful feature that Panther customers are already using to streamline investigations and remediate incidents:

PantherFlow really scratches an itch for our D&R engineers.  We try to automate everything, but there are still human investigation tasks.  Even though our team is highly capable of interacting with the data using SQL, they really need something that facilitates iterating rapidly on searches in a time-sensitive context. In addition, because we use a custom wrapped schema for our data, having a defined search language enables us to quickly get the answers we need from our data.

Brian Maloney

Security Engineering Manager at Benchling

Other languages like SQL make searching disparate tables challenging, but with PantherFlow, it’s as simple as listing as many table names as you need for the query.

To learn more, check out How to Write Queries in PantherFlow.

Watch the Webinar

PantherFlow’s intuitive design enables rapid query building and high-precision analysis, so users of all skill levels can drive fast investigations. Combined with Panther’s cost-effective data lake architecture, PantherFlow enables security teams to confidently investigate threats with speed and efficiency, at any data volume. 

To see how PantherFlow can accelerate your investigations and surface critical security insights, watch our webinar. We look at the what and why of PantherFlow, and we show you how to use it to investigate an account compromise, data exfiltration, and privilege escalation threat scenario. 

Table of Contents

Recommended Resources

Escape Cloud Noise. Detect Security Signal.
Request a Demo