Apache is a widely used, open-source, cross-platform web server that allows users to deploy websites to the internet. Panther can collect, normalize, and monitor Apache logs to help you identify suspicious activity in real time. Your normalized data is then retained to conduct future security investigations in a serverless security data lake powered by Snowflake.
Apache access logs store information about events that occurred on your Apache web server. Common security use cases for Apache access logs include:
Panther’s integration for Apache is simple and fast to configure, allowing you to onboard logs in just a few minutes. Simply select Apache from the list of pre-defined log sources, select your preferred data transport method, and configure Apache to push logs to your data transport source.
For more details on onboarding Apache logs or for supported log schema, you can view our Apache documentation here.
As Panther ingests Apache access logs, they are parsed, normalized, and stored in a Snowflake security data lake. This allows security teams to write detections, identify anomalies, and conduct investigations on logs in the context of days, weeks, or months of data.
Panther applies normalization fields to all log records, which standardizes names for attributes and empowers users to correlate data across all log sources - not just Apache. Panther’s search tools - Data Explorer, Indicator Search, and Query Builder - allow you to investigate your normalized logs for suspicious activity or vulnerabilities. For more guidance on searching log data in Panther, check out our documentation on Investigations & Search .
A number of pre-built detections are available by default in Panther, offering users immediate value for monitoring common IoCs and threats. You can explore our built-in detection coverage for Apache logs here.
With Panther, your team won’t be confined to restrictive detection rules as seen in many SIEM platforms. Panther is built with detection-as-code principles, giving you the ability to write Python to define detection logic and to integrate external systems like version control and CI/CD pipelines into your detection engineering processes. This results in powerful, flexible, and reusable scripting of detection logic for your security team.
Panther generates alerts when your detection rules or policies are triggered, and integrates with a variety of alert destinations to allow for easy access and management of any Apache alerts. Alerts can also be sent to alert context or SOAR platforms for more remediation options.
Alerts are categorized by five different severity levels: Info, Low, Medium, High, and Critical. Security teams have the ability to dynamically assign severity based on specific log event attributes.
If you have any questions about configuring or monitoring Apache logs in Panther, our customer support team is here to help. All customers have access to support via a dedicated Slack channel, email, or in-app messenger.
You can view our documentation on configuring and monitoring Apache logs here, or customers can sign up for the Panther Community to share best practices or custom detections for monitoring Apache.
With Panther, your security team doesn’t have to struggle with rigid detection logic, waste time and resources on operational overhead, or pay excessive costs to keep up with the growth of cloud app data. Panther was founded by a team of veteran security practitioners who struggled with today’s SIEM challenges first-hand, and built an intuitive, cloud-native platform to solve them.
Panther is a cloud-native SIEM built for security operations at scale, offering flexible detection-as-code, intuitive security workflows, and actionable real-time alerts to keep up with the needs of today’s security teams. For a strong, flexible, and scalable SIEM solution for Apache, request a demo today.