Panther Announces Splunk Alert Destination Integration

This week, I am excited to publicly announce the open beta of our integration with Splunk. You may be wondering, why would one SIEM integrate with another? Why would a SOC run two SIEM solutions?

For me, a former Splunker, and now Field CISO at Panther, the answer is simple: This integration brings together the best features of Panther and Splunk. If you are one of the 15,000 companies worldwide using Splunk, Panther is a solution to consider for high-volume log sources to reduce SIEM costs as well as increase visibility and overall detection capabilities.

First, Panther’s modern, serverless architecture is built to scale and doesn’t degrade, break, or require constant care & feeding at cloud volumes. Customers using Panther who have used other SIEM solutions love the modern, cloud-first capabilities of Panther:

1. Detection as code offers a refreshing, modern approach to detection engineering. Our DaC approach leverages highly customizable real-time Python-based detections, a built-in testing framework, and the ability to create detections directly in the UI or with a CLI-based workflow. There are hundreds of easily customizable out-of-the-box detections for common cloud infrastructure, or you can quickly and easily create your own.
2. High-speed ingestion and a Security Data lake: Log volumes continue to increase exponentially, and many organizations have to make trade-offs due to budget and technical constraints. This means that not all logs are ingested due to cost and complexity –  increasing risk. Panther has out-of-the-box integrations for critical cloud log sources like AWS, Duo, Okta, Slack, Google Workspaces, Zoom, and more. Ingest and filter high-fidelity logs, such as AWS VPC Flow and Cloudtrail, quickly and cost-effectively. You should never compromise security due to cost, and you won’t with Panther.
3. As logs are ingested, Panther provides real-time detections to identify threats as they occur so you can take immediate action. All of this is available in a cloud-based security data lake with one year of fast searchable data retention out of the box. 

The integration brings some great benefits and new capabilities to Splunk. Panther’s real-time alerts – leveraging detection-as-code – are ingested in Splunk, integrating with existing incident response workflows and rich dashboarding capabilities in Splunk.

Customers such as Dropbox and Asana who started with Splunk, have found immense value from Panther. If you’d like to learn more, watch some of the “how-to” videos I created, or join one of my live, hands-on workshops where we cover how to leverage Panther’s detection-as-code capabilities with custom alert destinations, including Splunk, check out this resource page.