Last updated
Was this helpful?
Last updated
Was this helpful?
Panther has native schema support for each of the , with different supported methods to ingest data depending on the log source.
If you would like to ingest logs from a source not listed as Panther-supported, you can either define your own source or .
For information on tracking logged activity within your Panther instance, please see .
View all or in your Panther Console, by navigating to the Log Sources > Add New Source page. There, you can browse sources in the grid or use the search bar to find a source:
The log files can be compressed using the following formats:
gzip
zstd (without dictionary)
Need to validate that a Panther-managed schema will parse your logs correctly? You can test sample logs against the Panther-managed schema just like you can test logs against a custom schema. Follow the steps below:
In the left-hand navigation bar of your Panther Console, click Configure > Schemas.
Click on the name of a schema labeled PANTHER MANAGED
.
In the schema details page, scroll to the bottom of the page where you'll be able to upload logs.
It is not possible to edit a Panther-managed schema. Instead, you can clone the schema to create a copy of it, which you can edit. To clone a schema:
In the left-hand navigation bar of your Panther Console, click Configure > Schemas.
Click on the name of a schema in the list.
On the schema's details page, click Clone in the upper right corner.
Panther offers built-in support for each of the following log sources. Click a tile to learn more about that source:
For information on editing a custom schema, see the .
Visit the Panther Knowledge Base to that answer frequently asked questions and help you resolve common errors and issues.
Panther supports 100+ security log types across 50+ different categories