How Loglass’s Two-Person IT Team Built Enterprise Security Operations on an AI SOC Platform

Evolving From Manual Log Review to Centralized Detection & Alerting

Loglass's two-person corporate IT team carries a wide mandate: device management, account administration, office networking, and security. As a company built on modern tooling, the team was already leveraging AI-native workflows across their stack, using Cursor for development and leaning into automation wherever possible. But when conducting security investigations, that modern approach hit a wall. The investigation workflow was manual and fragmented: check the Google Workspace console, then Notion, then Slack, one platform at a time, piecing together what happened across disconnected audit logs.

Panther centralized their visibility in one platform. Out-of-the-box detection packs for Google Workspace, Slack, and Notion provided immediate coverage without requiring the team to build rules from scratch. Panther's Python-based detection framework gave them the flexibility to customize logic as their environment evolved, and weekly onboarding sessions with the Panther team meant they could iterate and improve detections continuously.

Within the first week of ingesting logs, Panther identified 41 high-severity and 429 medium-severity alerts — signals that became visible only after consolidating logs into a single platform. The team began tuning detection logic week over week using Panther's MCP server and Cursor, suppressing expected activity patterns and refining thresholds until high-severity alerts reached zero and medium-severity alerts dropped from 429 to 18 by the end of the first month. "Panther let us centralize our logs and detection, so we can measure more than before—and we get one clear view of activity across our key platforms," shares Daichi Hirabayashi, Corporate IT at Loglass.

Today, approximately 80% of alerts are resolved automatically through Panther AI, with human oversight to confirm outcomes with confidence.

Responding Faster by Working in Japanese

Security tools across the industry deliver alerts in English. For a Japanese-speaking team where fast response is critical, that creates a compounding bottleneck at every stage of an investigation: translate the alert, interpret the context, formulate a response, then act. When an incident requires an immediate decision, that overhead is more than a minor inconvenience; it is a meaningful delay.

"Security issues need a fast response. With Panther AI and Cursor, we can work in Japanese and deploy new rules right away."

Daichi Hirabayashi, Corporate IT, Loglass

By connecting Panther's MCP server with Cursor, the Loglass team configured their entire security workflow to operate in Japanese. Alerts are summarized in Japanese. New detection rules can be described in natural language, generated, and deployed within a single weekly cycle without writing code from scratch. During their search for a security platform they evaluated a legacy SIEM that required two weeks of back-and-forth to tune a single detection rule. In Panther, this work is now completed with no vendor bottlenecks. 

The team estimates that removing the translation step and streamlining the detection iteration cycle has reduced overall investigation workload by 70%.

"Beyond the time-saving benefits, the fact that even less experienced members can conduct incident investigations using natural language provides us with greater flexibility and options as we scale the team in the future."

Yohei Takahashi, Corporate IT, Loglass

Detecting Risk in the Age of AI

As AI adoption accelerates across Loglass's business, a new risk category emerged that existing tooling simply wasn't built to handle. Employees and AI agents alike were creating, editing, deleting, and downloading documents across Google Workspace, Slack, and Notion. Without the ability to correlate activity across those platforms or distinguish human behavior from AI-driven automation, the team had no way to know whether bulk document operations represented normal productivity or a data exposure event in progress.

Using Panther significantly expands the team's visibility into this behavior. By ingesting logs across all three platforms and applying detection logic to bulk document operations, the team can now surface and investigate activity regardless of whether a human or an AI agent initiated it. That visibility also changed what the team could communicate internally, with concrete data in hand, they were able to make the case to leadership for the next layer of their security program, including AI DLP and secure web gateway tooling.

"Having Panther's support, with the security expertise built in, lowers the barrier to adopting a SOC platform for a small team."

Daichi Hirabayashi, Corporate IT, Loglass

For lean teams navigating the same challenges, Loglass's experience is a practical proof point: serious security operations don't require a large team. They require the right platform.