Nginx provides open-source solutions for web serving, caching, load balancing, application delivery, reverse proxying, and other web tasks. Panther can collect, normalize, and monitor Nginx access logs to help you identify suspicious activity in real time. Your normalized Nginx data is then retained to conduct future security investigations in a serverless data lake powered by Snowflake.
The Nginx access log records client requests and provides an audit trail to help users understand web activity. Common security use cases for monitoring Nginx access logs include:
Panther’s integration for Nginx is easy and fast to configure, allowing you to onboard access logs in just a few minutes. Simply select Nginx from the list of pre-defined log sources, select your preferred data transport method, and configure Nginx to push logs to your data transport source.
For more detailed steps on onboarding Nginx logs or for supported log schema, you can view our Nginx documentation here.
As Panther ingests Nginx logs, they are parsed, normalized, and stored in a Snowflake security data lake. This allows your security team to write detections, identify anomalies, and conduct investigations on logs in the context of days, weeks, or months of data.
Panther applies normalization fields to all log records, which standardizes names for attributes and allows users to correlate data across all log sources - not just Nginx. Panther’s search tools - Data Explorer, Indicator Search, and Query Builder - allow you to investigate your normalized logs for suspicious activity or vulnerabilities. For more on querying and searching normalized log data in Panther, read our documentation on Investigations & Search.
A number of pre-built detections are available in Panther, which provide immediate value for monitoring common IoCs and threats. You can explore our built-in detection coverage for Nginx access logs here.
With Panther, your team won’t be confined to rigid detection logic or proprietary languages as seen in many SIEM platforms. Panther is architected around detection-as-code principles, granting you the ability to write Python to define detections and to integrate external systems like version control and CI/CD pipelines into your detection engineering processes. This results in powerful, flexible, and reusable scripting of detection logic for your team.
Panther fires alerts when your detection rules or policies are triggered, and offers a variety of alert destination integrations to allow for easy access and management of alerts for your security team. Alerts can also be sent to SOAR or alert context platforms for more remediation options.
Alerts are categorized by five different severity levels: Info, Low, Medium, High, and Critical. Your security team can dynamically assign severity based on specific log event attributes.
If you have any questions about configuring or monitoring Nginx logs in Panther, we’re here to help. All customers have access to our technical support team via a dedicated Slack channel, email, or in-app messenger.
You can view our documentation on configuring and monitoring Nginx logs here, or customers can join the Panther Community to share best practices or custom detections for monitoring Nginx.
With Panther, you don’t have to waste time and effort on operational overhead, accept limitations with SIEM detections, or pay skyrocketing costs to keep up with the growth of cloud data. Panther was founded by a team of veteran security practitioners who struggled with traditional SIEM challenges first-hand, and built an intuitive, cloud-native platform to solve them.
Panther is a cloud-native SIEM built for security operations at scale, offering powerful detection-as-code, intuitive security workflows, and actionable real-time alerts to keep up with the needs of today’s security teams. For a powerful, flexible, and scalable SIEM solution for Nginx, request a demo today.