Panther AI Workflow Examples

Videos and images of Panther AI in action

Overview

The videos on this page demonstrate common Panther AI workflows. For the best viewing experience, it's recommended to click Watch on Youtube in the bottom-left corner of each video, or view them in full-screen mode.

Using Panther AI with alerts

Running AI alert triage

In the following example of alert triage, Panther AI:

Gathers context by reading the alert, associated detection (including its Python code), alerts generated by the detection over the last seven days, and all alerts over the last 24 hours
Analyzes data
May gather additional context by using other tools (such as the enrichmentTool) and executing data lake queries

Running an AI-suggested follow-up prompt to alert triage

In this example, after AI alert triage is run, the user clicks on one of the options in the Recommended Follow Up AI Prompts section.

Using a detection runbook to direct AI alert triage

During alert triage, Panther AI is directed to read instructions from the associated detection's runbook field. You can leverage this to instruct Panther AI to perform specific tasks when triaging an alert.

For example, as a runbook value, you might enter:

"Run the saved query called "Okta Historical Profile" for the user in the events as context."
"Search over all logs for activity from the clientIP over the last week as context."
"Always add a comment to the alert with a summary."

In the below example, to demonstrate that Panther AI takes a detection's runbook into account during alert triage, we added the following to the runbook:

Before your analysis report, add a summary in the form of a limerick.

We can see a limerick in the response:

Under an "ALB Web Scanning Analysis" title are various sections with text under them, such as "Summary" and "Key Findings."

Generating an AI summary of alerts list

In the example below, Panther AI summarizes the recent alerts on the alert list page.

Using Panther AI with Search and detections

Search results AI summarization

In the example below, Panther AI performs Search results summarization for recent AWS Application Load Balancer (ALB) events.

Detection writing from Search results

After Panther AI performs Search results summarization for events representing potentially malicious activity, Panther AI creates a detection with unit tests.

Using Panther AI with Saved Searches

Writing and saving SQL queries for reuse

In the example below, Panther AI is prompted to write and name a SQL query (or Saved Search) to be used in the future (by humans and Panther AI).

The Panther AI Overview dashboard entry point is in closed beta starting with Panther version 1.113. Please share any bug reports and feature requests with your Panther support team.

Running and editing saved SQL queries

In this example, Panther AI is asked to run a named Saved Search (but with modifications requiring SQL changes), enrich each IP address, and visualize the result.

The Panther AI Overview dashboard entry point is in closed beta starting with Panther version 1.113. Please share any bug reports and feature requests with your Panther support team.

PreviousManaging Panther AI Response History NextSystem Configuration

Last updated 10 hours ago

Was this helpful?