Panther API (BETA)

Overview
The Panther API is currently in public beta. Please share any bug reports and feature requests with your account team.
Panther offers a public GraphQL-over-HTTP API, meaning you can write GraphQL queries and invoke the API using a typical HTTP request. For more information on GraphQL, please see GraphQL's documentation.
How to use Panther's API
To get started with Panther's API:
1.Create an API Token.
See Generating an API Token for instructions.
2.Obtain your unique HTTP URL.
See Using the Panther API for more information.
3.Invoke the API.
See Invoking the API for more information.
4.Start writing GraphQL queries. 
View the supported operations to see what's available.
Supported Operations
The Panther API supports an ever-growing set of capabilities that allow you to build your security workflows. Currently, the following capabilities are available through the API:
Alert Management
Our alerting API allows you to:
List your alerts and errors with optional filters
Fetch the details of a particular alert
Update the status of one or more alerts
For more information visit the Alerts & Errors page.
Data Lake Querying
Our Data Lake API allows you to:
List your data lake databases, tables, and columns
Execute a data lake (Data Explorer) query using SQL
Execute an Indicator Search query 
Cancel any currently-running query
Fetch the details of any previously executed query
List all currently-running or previously-executed queries with optional filters
For more information visit the Data Lake Queries page.

AWS Unauthorized API Call

Generating an API Token

Last modified 1d ago

Copy link

Contents

Overview

How to use Panther's API

Supported Operations

Alert Management

Data Lake Querying