Reduce Fatigue & False Positives

Panther resolves cross-log entities to help you investigate alerts with ease and efficiency. Panther’s Alert Management feature allows you to assign alerts to other users, view alert activity history, add comments, and quickly tune detections – all from the Panther Console.

You can also assign Alert Runbooks to define instructions for remediating the issue, or to describe the alert’s severity or the conditions that triggered the alert. All of this context can then be forwarded to an alert destination of your choice based on your defined routing scenarios and settings.

The notification setup and Slack integration are seamless.

Mimoh Das, Head of IT, Cloud Infrastructure, and DevSecOps at Unison

Investigating Alerts

After you’ve triggered an alert and routed it to your preferred destination, it’s time to investigate. Panther pushes your normalized data into a security data lake inside Snowflake, where it is readily available for investigation using SQL queries.

From there, you can investigate specific indicators of compromise (IoCs) related to your alert, or use our Data Explorer feature for robust SQL-based searches. For analysts without extensive knowledge, our Query Builder allows you to construct a data lake query using no-code filters.