Panther Now Integrates with Amazon Security Lake: Embracing the Open Cybersecurity Schema Framework (OCSF)

Announcing Panther’s Amazon Security Lake Integration   

As we deepen our partnership with AWS even further after achieving AWS Security Competency status, Panther is excited to announce our integration with Amazon Security Lake is now generally available. Panther users can set up the integration using these instructions. 

This integration empowers security teams securing AWS data to harness Panther’s robust detection-as-code capabilities. With this integration, security teams can now unlock the full potential of their Amazon Security Lake Data, enabling seamless ingestion of OCSF-formatted data into Panther’s platform. 

Panther users ingesting CloudTrail data, especially through the Amazon Security Lake integration, will now also benefit from our newest enrichment provider: TrailDiscover. TrailDiscover enriches CloudTrail events to provide critical context, such as IP data, user analytics, and compliance mapping. Panther users can now enable TrailDiscover via CI/CD. 

The Amazon Security Lake and Panther integration was built to support OCSF version 1.1. This forward-looking approach ensures compatibility and future-readiness, positioning Panther as a leader in leveraging the latest security data standards. 

Panther’s integration streamlines the ingestion of security data into its platform, tapping directly into Amazon Security Lake for the seamless flow of OCSF-formatted data from AWS sources like CloudTrail and VPCFlow, as well as third-party sources. Designed to ingest any data in the OCSF format from Amazon Security Lake, this integration expands the scope of security signals available to security teams through additional data sources. 

Security Signal Expansion: 

• Real-time Threat Detection: This integration lets users detect and respond to security threats in real time. For example, you can set up rules and alerts to monitor for suspicious activities in AWS Cloudtrail logs, like unauthorized access attempts or changes to critical infrastructure settings.

• Anomaly Detection: The integration enables users to detect anomalies by analyzing VPC flow logs. You can identify unusual network traffic patterns, potential network intrusions, or anomalous behavior that may indicate a security breach.

• Compliance Monitoring: Users can use the integration to monitor compliance with security policies and regulatory requirements. For instance, you can track changes to DNS records in Route53 logs to ensure DNS configurations comply with best practices and security standards.

• Custom Log Sources: Besides native AWS services, users can ingest and analyze any third-party or custom log sources that adhere to the OCSF schema. This flexibility allows them to tailor their security monitoring to their specific environment and threat landscape.

Security monitoring with Panther goes beyond data collection, enabling real-time detections on ingested data to quickly identify potential threats and vulnerabilities. By leveraging the rich pool of Amazon Security Lake data in Panther, security teams enhance their detection capabilities and proactively mitigate risks.

Panther empowers security teams to take decisive action through efficient alert response workflows, facilitating rapid incident response with insights from their ingested Amazon Security Lake data. With access to actionable data for thorough investigations, Panther enables comprehensive analysis of historical logs and tracing of the origin of security incidents, empowering informed decisions and improving overall security posture.

Ready to leverage the full security potential of your Amazon Security Lake data? Sign up for a Panther demo today to experience firsthand how our integration can transform your security operations, providing seamless data ingestion, real-time detections, and actionable insights to stay ahead of emerging threats and safeguard your environment.