Panther API (BETA)


The Panther API is currently in public beta. Please share any bug reports and feature requests with your account team.
Panther offers a public GraphQL-over-HTTP API, meaning you can write GraphQL queries and invoke the API using a typical HTTP request. For more information on GraphQL, please see GraphQL's documentation.

How to use Panther's API

To get started with Panther's API:
  1. 1.
    Create an API Token.
  2. 2.
    Obtain your unique HTTP URL.
  3. 3.
    Invoke the API.
  4. 4.
    Start writing GraphQL queries.

Supported Operations

The Panther API supports an ever-growing set of capabilities that allow you to build your security workflows. Currently, the following capabilities are available through the API:

Alert Management

Our alerting API allows you to:
  • List your alerts and errors with optional filters
  • Fetch the details of a particular alert
  • Update the status of one or more alerts
For more information visit the Alerts & Errors page.

Data Lake Querying

Our Data Lake API allows you to:
  • List your data lake databases, tables, and columns
  • Execute a data lake (Data Explorer) query using SQL
  • Execute an Indicator Search query
  • Cancel any currently-running query
  • Fetch the details of any previously executed query
  • List all currently-running or previously-executed queries with optional filters
For more information visit the Data Lake Queries page.