Monitor Teleport Logs to gain complete visibility into SSH access with Panther’s Teleport integration.
Teleport is a gateway for managing access to clusters of Linux servers or Kubernetes clusters. Panther can collect, normalize, and monitor Teleport logs to help you identify suspicious activity in real time. Your normalized data is then retained to power future security investigations in a serverless data lake powered by AWS or the cloud-native data platform, Snowflake.
Use Panther’s built in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.
Common security use cases for Teleport with Panther include:
- Investigate high-volumes of failed logins
- Monitor commands and arguments executed on hosts
- Analyze network connections initiated by users or scheduled jobs
How it Works
The integration is simple and fast:
- Send Teleport’s audit log to AWS S3 with a log forwarding agent like Fluentd or Logstash
- Add your S3 Bucket as a data source in Panther
- Panther will parse, normalize, and analyze your log data in real-time
- As rules are triggered, alerts are sent to your configured destinations
- Normalized logs can be searched from Panther’s Data Explorer (Enterprise only)
- Sit back and monitor your activity!
Learn more about Panther's supported log schema for Teleport.