Panther AI (Beta)
Last updated
Was this helpful?
Last updated
Was this helpful?
Panther AI is in open beta starting with Panther version 1.112, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.
Panther AI encompasses a set of generative AI features aimed at speeding up your detection and response workflows.
Use Panther AI in the Panther Console to aid in triaging alerts—learn more in AI alert triage. There are also AI GraphQL API operations available to Cloud Connected customers—view them in the GraphQL API schema.
Use of Panther AI features is subject to the AI disclaimer found on the Legal page.
To use Panther AI features, your Panther instance's Enable Panther AI setting must be set to ON, and your user role must have the Run Panther AI permission.
The Enable Panther AI setting is set to OFF by default, and can only be updated by a user with the Edit Settings & SAML Preferences permission. Find this setting on the Settings > General page, within the Main Information tab:
Once Enable Panther AI is set to ON, the Run Panther AI permission will be:
Granted automatically to the default Admin role.
Available to assign to additional roles. Learn how to update a role's permissions here.
Panther AI assumes the role and associated permissions of the user running it—i.e., the user logged into the Console where AI operations are being run, or the user executing AI-related API calls.
This means Panther AI will not perform read or write operations the current user could not perform themselves. This includes log type access restrictions, if set for that user role.
When Panther AI aids in triaging or summarizing your data, it will return links to relevant data so you can verify its findings. Citations may include alerts, detections, and/or data queries.
