Parsing and Normalization

For common log sources, Panther provides managed schemas that parse raw logs in JSON, CSV, or free text format. You also have the ability to define, write, and manage custom schemas, and can infer a schema from sample logs using the pantherlog CLI tool.

Once you’ve configured your schema,  Panther will recognize log types and extract important indicators like username, URL, email, IP address, and more to support fast detections and investigations across all log types.

We’re so thankful for the infer schema functionality. The flexibility to throw any log source into Panther was a critical reason we chose the tool.

Jan Urbanc, Head of Security Operations, Bitstamp

Writing Detections

Once you’ve configured your data sources, your logs will run through Panther’s detection engine for real-time analysis and alerting. Panther offers 500+ pre-built detections to help you immediately monitor for common vulnerabilities and security risks.

Unlike other SIEM tools, Panther’s Detection-as-Code architecture allows security teams to tailor detections specifically to their environment by leveraging Python, unit tests, and standard CI/CD workflows.