Panther AI (Beta)

Overview

Panther AI is in open beta starting with Panther version 1.112, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.

Panther AI encompasses a set of generative AI features aimed at speeding up your detection and response workflows.

Use Panther AI in the Panther Console to aid in triaging alerts—learn more in . There are also AI GraphQL API operations available to Cloud Connected customers—view them in the .

Enabling Panther AI

To use Panther AI features, your Panther instance's Enable Panther AI setting must be set to ON and your user role must have the Run Panther AI permission. If you have a Cloud Connected Panther instance, you must also enable certain AI models in AWS.

To enable Panther AI:

In the upper-right corner of your Panther Console, click the gear icon (Settings) > General.
- Once Enable Panther AI is set to ON, the Run Panther AI permission will be:
If you have a Cloud Connected Panther instance, follow the instructions on the AWS Add or remove access to Amazon Bedrock foundation models documentation to request access to the following foundation models in the region your Panther instance is deployed in:
- Claude 3.5 Sonnet v1 (anthropic.claude-3-5-sonnet-20240620-v1:0)
- Claude 3.5 Sonnet v2 (anthropic.claude-3-5-sonnet-20241022-v2:0)
- Claude 3.7 Sonnet v1 (anthropic.claude-3-7-sonnet-20250219-v1:0)
- Claude 3.5 Haiku v1 (anthropic.claude-3-5-haiku-20241022-v1:0)

AI permissions and scope

Panther AI assumes the role and associated permissions of the user running it—i.e., the user logged into the Console where AI operations are being run, or the user executing AI-related API calls.

Citations

When Panther AI aids in triaging or summarizing your data, it will return links to relevant data so you can verify its findings. Citations may include alerts, detections, and/or data queries.

PreviousTrailDiscover (Beta)NextSystem Configuration

Last updated 11 days ago

Was this helpful?

Overview

Panther AI is in open beta starting with Panther version 1.112, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.

Panther AI encompasses a set of generative AI features aimed at speeding up your detection and response workflows.

Use Panther AI in the Panther Console to aid in triaging alerts—learn more in . There are also AI GraphQL API operations available to Cloud Connected customers—view them in the .

Use of Panther AI features is subject to the .

Enabling Panther AI

To enable Panther AI:

In the upper-right corner of your Panther Console, click the gear icon (Settings) > General.

On the , click the Enable Panther AI toggle to ON.

The Enable Panther AI setting is set to OFF by default, and can only be updated by a user with the Edit Settings & SAML Preferences permission.
Once Enable Panther AI is set to ON, the Run Panther AI permission will be:
- Granted automatically to the Admin role.
- Available to assign to additional roles. .

If you have a Cloud Connected Panther instance, follow the instructions on the AWS Add or remove access to Amazon Bedrock foundation models documentation to request access to the following foundation models in the region your Panther instance is deployed in:

Claude 3.5 Sonnet v1 (anthropic.claude-3-5-sonnet-20240620-v1:0)
Claude 3.5 Sonnet v2 (anthropic.claude-3-5-sonnet-20241022-v2:0)
Claude 3.7 Sonnet v1 (anthropic.claude-3-7-sonnet-20250219-v1:0)
Claude 3.5 Haiku v1 (anthropic.claude-3-5-haiku-20241022-v1:0)

AI permissions and scope

Panther AI assumes the role and associated permissions of the user running it—i.e., the user logged into the Console where AI operations are being run, or the user executing AI-related API calls.

This means Panther AI will not perform read or write operations the current user could not perform themselves. This includes , if set for that user role.