Monitor AWS logs to gain complete visibility into activity across your cloud services with Panther’s AWS integration.
AWS logs contain detailed events of activity inside of your cloud accounts. Panther can collect, normalize, and monitor AWS logs data to identify suspicious activity in real time. Your normalized data is then retained to power future security investigations in a serverless data lake powered by AWS or the cloud-native data platform, Snowflake.
Collect all security-relevant AWS log types, such as Application Load Balancers, Aurora MySQL Instances, CloudTrail, CloudWatch Events, GuardDuty Alerts, S3 Access Logs, and VPC Network Traffic Flow.
Use Panther’s robust built-in Python detections to identify threats and leverage its serverless data lake to power investigations with terabytes of security data. Also, write custom detections to identify any type of activity that’s important to your business.
Panther enables the following use cases with this data:
- Detect compromised IAM access keys
- Analyze sensitive network traffic flows
- Filter GuardDuty or TrustedAdvisor alerts for even higher signal
- Monitor application-level data
- Identify data exfiltration on S3 buckets
Panther also extracts the following data fields to make queries and threat hunting with SQL simple and effective:
- Account IDs
- Instance IDs
How it Works
The integration is simple and works easily with your existing infrastructure:
- Link your existing S3/SQS queues to Panther as a data source
- Panther parses, normalizes, and analyzes your log data in real-time
- As rules are triggered, alerts are sent to your configured destinations
- Normalized logs can be searched from Panther’s Data Explorer
- Sit back and monitor your activity!
Learn more about Panther's supported services and log schema for AWS