Material Security is a unified email security, user behavior analytics, and data loss prevention solution for Microsoft 365 and Google Workspace. Panther seamlessly integrates with Material Security, allowing you to monitor and respond to email-based threats across your environment. Once Material events are ingested into Panther, the normalized data is stored in a Snowflake-powered, serverless data lake for future security investigations.
Panther offers native support for cases created in Material Security. These logs provide metadata for emails that have triggered AI rules, managed detections, or custom detections in Material Security. Common SIEM use cases for these events include:
Panther’s integration for Material Security is easy to configure, allowing you to onboard your log data in just a few minutes. Material Security events are streamed via webhook.
For more detailed steps on onboarding Material Security or supported schema for events, view our Material Security documentation.
As Panther ingests Material Security events, they are parsed, normalized, and stored in a Snowflake security data lake. This empowers security teams to craft detections, identify anomalies, and conduct investigations on your data across days, weeks, or even months.
Panther’s managed schema applies normalization fields to your Material Security events, which standardizes names for attributes and empowers users to correlate and investigate data across all log types. For more on searching log data in Panther, check out our documentation on Investigations & Search.
With Panther, your team won’t be confined to restrictive detection rules as seen in many SIEM platforms. Panther is built with detection-as-code principles, giving you the ability to use Python to write expressive detections and to integrate external systems like version control and CI/CD pipelines into your detection engineering workflows. This results in powerful, flexible, and reusable scripting of detections for your security team. In addition, you can create correlation rules to link multiple events together, like IDP logs and Material Security logs, for highly targeted alerts.
Panther fires alerts when your detection rules or policies are triggered, and integrates with a variety of alert destinations to allow for easy access and management of any Material Security alerts. Alerts can also be forwarded to alert context or SOAR platforms for more remediation options.
Alerts are categorized into five different severity levels: Info, Low, Medium, High, and Critical. Security teams have the option to dynamically assign severity based on specific log event attributes.
If you have any questions about configuring Material Security with Panther, we’re here to help. All customers have access to our technical support team via a dedicated Slack channel, email, or in-app messenger.
You can check out our documentation on configuring Material Security here, or customers can sign up for the Panther Community to share best practices or custom detections for Material Security.
With Panther, security teams don’t have to struggle with restrictive detection logic, waste time and resources on operational overhead, or pay skyrocketing costs to keep up with the growth of cloud data. Panther was founded by a team of veteran security practitioners who struggled with legacy SIEM challenges first-hand, and built an intuitive, cloud-native platform to solve them.
Panther is a SIEM built for security operations at cloud scale, offering flexible detection-as-code, intuitive security workflows, and actionable real-time alerts to keep up with the needs of today’s security teams. For a powerful, flexible, and scalable SIEM solution, request a demo today.
Monitor your sales operations data for suspicious activity.
Monitor unusual activity within your Zendesk account.
Monitor your access management tools for suspicious activity.
Monitor your team’s communication and collaboration tools for suspicious activity.
Monitor email threats.
Monitor security alerts across Microsoft products, services, and partners.
Gain complete visibility into your cloud and container environments.
Monitor your team’s communication platform for suspicious activity.
