SOCRadar Log Monitoring

Integration Overview

SOCRadar is an Extended Threat Intelligence platform providing visibility into cyber threats across the deep and dark web, digital risk protection, attack surface management, and threat intelligence feeds. Panther integrates with SOCRadar to ingest security incidents in real time via webhook, giving security teams a unified view of external threat intelligence alongside their internal security data. Normalized incident data is stored in Panther's Snowflake-powered security data lake for detection, investigation, and correlation.

Use Cases for SOCRadar Logs

Common SIEM use cases for SOCRadar logs include:

• Correlating dark web findings and credential exposure alerts with internal authentication and access logs

• Detecting phishing campaigns and attack surface threats as they're identified by SOCRadar

• Centralizing external threat intelligence alongside internal security telemetry for unified investigation

Onboarding SOCRadar Logs in Panther

Panther's integration for SOCRadar is easy to configure, allowing you to onboard your log data in just a few minutes. SOCRadar incidents are streamed to Panther in real time via an HTTP webhook configured in SOCRadar, using basic or bearer token authentication.

For more detailed steps on onboarding SOCRadar or for supported log schema, you can view our SOCRadar documentation here.