Supported Logs

Overview

Panther has native schema support for each of the sources listed below, with different supported methods to ingest data depending on the log source.

If you would like to ingest logs from a source not listed as Panther-supported, you can either define your own Custom Log source or request support of a new log source.

For information on tracking logged activity within your Panther instance, please see Panther Audit Logs.

View all Panther-supported log sources in the list below or in your Panther Console, by navigating to the Log Sources > Add New Source page. There, you can browse sources in the grid or use the search bar to find a source:

Working with Panther-managed schemas

Testing a Panther-managed schema

Need to validate that a Panther-managed schema will parse your logs correctly? You can test sample logs against the Panther-managed schema just like you can test logs against a custom schema. Follow the steps below:

1. In the left-hand navigation bar of your Panther Console, click Configure > Schemas.

2. Click on the name of a schema labeled PANTHER MANAGED.

3. In the schema details page, scroll to the bottom of the page where you'll be able to upload logs.

Cloning a Panther-managed schema

It is not possible to edit a Panther-managed schema. Instead, you can clone the schema to create a copy of it, which you can edit. To clone a schema:

1. In the left-hand navigation bar of your Panther Console, click Configure > Schemas.

2. Click on the name of a schema in the list.

3. On the schema's details page, click Clone in the upper right corner.

For information on editing a custom schema, see the Custom Logs documentation.

Panther-supported log sources

Panther offers built-in support for each of the following log sources. Click a tile to learn more about that source:

Troubleshooting supported logs

Visit the Panther Knowledge Base to view articles about supported log sources that answer frequently asked questions and help you resolve common errors and issues.