Data Transports

Panther integrates with various common data transport log ingestion sources

Overview
A Data Transport is a type of log source that is used to send log types that are not natively supported by Panther. Data Transports aim to successfully process custom data types through Panther’s log processing pipeline, map existing detections to custom data types, and map data models to custom data types. In addition to using a Data Transport to onboard your custom logs, you'll need to create a custom schema to normalize and classify the data.
Panther Supported Data Transports
Panther currently supports the following Data Transport methods:
​AWS S3​
​AWS CloudWatch 
​AWS SQS​
​AWS SNS​
​Google Cloud Storage (GCS)​
​Google Cloud Pub/Sub​
Ingesting compressed data in Panther
For S3 and GCS transports, Panther supports ingesting compressed data. Panther will transparently decompress data prior to classifying your data according to your associated schemas.
Panther's decompression works by first determining the compression algorithm that each file was compressed with. This does not depend on the file extension, or metadata, but rather the content of the file itself. All you need to do is to ensure that the data you are sending to Panther is in one of the supported formats.
Panther supports the following formats:
​Gzip​
​Zstd​
Note: Panther only supports Zstd data that was compressed without the use of a dictionary.
Troubleshooting Data Transports
Visit the Panther Knowledge Base to view articles about data transports that answer frequently asked questions and help you resolve common errors and issues.

Text logs in CSV format

S3 Source

Last modified 3mo ago