Panther AI (Beta)
Last updated
Was this helpful?
Last updated
Was this helpful?
Panther AI encompasses a set of generative AI features aimed at speeding up your detection and response workflows.
Use Panther AI in the Panther Console to aid in triaging alerts—learn more in . There are also AI GraphQL API operations available to Cloud Connected customers—view them in the .
To use Panther AI features, your Panther instance's Enable Panther AI setting must be set to ON
and your user role must have the Run Panther AI permission. If you have a Cloud Connected Panther instance, you must also enable certain AI models in AWS.
To enable Panther AI:
In the upper-right corner of your Panther Console, click the gear icon (Settings) > General.
Once Enable Panther AI is set to ON
, the Run Panther AI permission will be:
If you have a Cloud Connected Panther instance, follow the instructions on the AWS Add or remove access to Amazon Bedrock foundation models documentation to request access to the following foundation models in the region your Panther instance is deployed in:
Claude 3.5 Sonnet v1 (anthropic.claude-3-5-sonnet-20240620-v1:0
)
Claude 3.5 Sonnet v2 (anthropic.claude-3-5-sonnet-20241022-v2:0
)
Claude 3.7 Sonnet v1 (anthropic.claude-3-7-sonnet-20250219-v1:0
)
Claude 3.5 Haiku v1 (anthropic.claude-3-5-haiku-20241022-v1:0
)
Panther AI assumes the role and associated permissions of the user running it—i.e., the user logged into the Console where AI operations are being run, or the user executing AI-related API calls.
When Panther AI aids in triaging or summarizing your data, it will return links to relevant data so you can verify its findings. Citations may include alerts, detections, and/or data queries.
Use of Panther AI features is subject to the .
On the , click the Enable Panther AI toggle to ON
.
The Enable Panther AI setting is set to OFF
by default, and can only be updated by a user with the Edit Settings & SAML Preferences permission.
Granted automatically to the Admin role.
Available to assign to additional roles. .
This means Panther AI will not perform read or write operations the current user could not perform themselves. This includes , if set for that user role.