Sysdig offers extensive monitoring of cloud infrastructure for vulnerabilities, configuration issues, and suspicious activity. Panther can pull audit logs directly from Sysdig by querying the Sysdig Audit REST API.
Panther can collect, normalize, and analyze Sysdig logs to help you identify suspicious activity in real time. Your normalized data is then retained in a serverless data lake to power future security investigations.
Use Cases
Common security use cases for monitoring Sysdig.Audit Logs with Panther include:
- Detecting any suspicious activity within your Sysdig instance
- Monitoring the creation, modification, or deletion of policies
- Investigating any user access changes
How it Works
Panther’s Sysdig integration is simple and fast:
- Add Sysdig as a data source in Panther using a Sysdig Secure API Key
- Panther parses, normalizes, and analyzes your log data in real-time
- As rules are triggered, alerts are sent to your configured destinations
- Normalized logs can be searched from Panther’s Data Explorer
- Sit back and monitor your activity!
You can learn more about onboarding Sysdig logs in Panther and supported log schema here.
