Trusted by

  • Docker
  • Discord logo
  • Cedar logo
  • Framer Logo
  • FloQast Logo
  • Jumio
  • Avetta
  • Dropbox Logo
  • Asana Logo
  • Gusto logo
  • Teleport Logo
  • LaunchDarkly Logo
  • Worldcoin
  • Persona logo
  • HubSpot Logo
  • Earnin Logo
  • Benchling logo
  • VGS Logo
  • Grail Logo
  • Illuvium
  • Watt IQ logo
  • Snowflake Logo
  • Zapier Logo
  • Domino Logo
  • Stedi Logo
  • Iterable
  • Funnel
  • Elementor Logo
  • coinbase logo
  • Circle Logo
  • Infoblox Logo
  • Loom logo
  • enlaceHealth
  • JupiterOne
  • Auth0 Logo
  • Mattermost Logo
  • Intercom Logo
  • Snyk Logo
  • CMS: Centers for Medicare & Medicaid Services
  • Highspot


To start, every Panther customer receives their own instance, which lives in an isolated AWS account (managed by Panther) via a single-tenant deployment model to ensure security isolation. 

Panther collects security logs from the cloud via AWS S3, SQS, SNS, CloudWatch Logs, GCS or direct integrations with SaaS providers. Panther parses the raw logs in JSON, CSV, or free text format. Panther reads and normalizes the data as it comes through, recognizes the log types, extracts important indicators like username, URL, email, IP addresses, and more to support fast detections and SQL queries across all log types.


Ingested logs run through Panther’s Python engine for real-time analysis and alerting. Out of the box, you'll have access to 500+ pre-built detections for high-priority log sources and security risks. 

Teams can also customize, create, and harden detections leveraging Python, unit tests and standard CI/CD workflows to tailor detections specifically for their environment.


Use Panther’s pre-built detection packs and customize them as you like, or craft your own detections in Python to set rules for alerting. 

Dynamically add context to alerts and dispatch them to existing automation workflows via integrations like Slack, PagerDuty and Jira.

In addition, easily automate remediation by sending alerts to downstream SOAR tools like Tines.


Panther pushes normalized data into a security data lake inside Snowflake, where it is readily available for investigation using SQL queries. 

Security logs inside the security data lake are enriched with events and non-event contextual information such as identity context (user, host, IP addresses), vulnerability context (scan reports), business context and more. 

Quickly extract valuable insights from terabytes of data with ad-hoc and scheduled queries.

Deployment Options

Panther is delivered as a cloud-native SaaS, with zero operational overhead for customers. We take care of provisioning, upgrades and all other system administration so your team can focus on higher value security work.

SaaS Deployment

Panther creates and manages the AWS account as well as the Snowflake account, providing full transparency to customers.

Bring your own Snowflake

Panther can be used as a connected-app to store ingested data to your existing Snowflake Data Lake.