Supported Logs

Panther supports 100+ security log types across 50+ different categories

Overview

Panther has native schema support for each of the sources listed below, with different supported methods to ingest data depending on the log source.

If you would like to ingest logs from a source not listed as Panther-supported, you can either define your own Custom Log source or request support of a new log source.

For information on tracking logged activity within your Panther instance, please see Panther Audit Logs.

View all Panther-supported log sources in the list below or in your Panther Console, by navigating to the Log Sources > Add New Source page. There, you can browse sources in the grid or use the search bar to find a source:

The heading reads, "What type of logs do you want to monitor with this source?" and below it is a circled search bar.

Working with Panther-managed schemas

Testing a Panther-managed schema

The log files can be compressed using the following formats:

gzip
zstd (without dictionary)

Need to validate that a Panther-managed schema will parse your logs correctly? You can test sample logs against the Panther-managed schema just like you can test logs against a custom schema. Follow the steps below:

In the left-hand navigation bar of your Panther Console, click Configure > Schemas.
Click on the name of a schema labeled PANTHER MANAGED.
In the schema details page, scroll to the bottom of the page where you'll be able to upload logs.

In the Panther Console below a schema, there is a section labeled "Test a schema against sample logs." In that section, there is an option to drag and drop in a file or to select a file to upload.

Cloning a Panther-managed schema

It is not possible to edit a Panther-managed schema. Instead, you can clone the schema to create a copy of it, which you can edit. To clone a schema:

In the left-hand navigation bar of your Panther Console, click Configure > Schemas.
Click on the name of a schema in the list.
On the schema's details page, click Clone in the upper right corner.

For information on editing a custom schema, see the Custom Logs documentation.

Panther-supported log sources

Panther offers built-in support for each of the following log sources. Click a tile to learn more about that source:

1Password

Apache

AppOmni

Asana

Atlassian

Auditd

Auth0

AWS ALB

AWS Aurora

AWS CloudFront

AWS CloudTrail

AWS CloudWatch

AWS Config

AWS EKS

AWS GuardDuty

AWS Security Hub

Amazon Security Lake

AWS S3

AWS Transit Gateway

AWS VPC

AWS WAF

Azure Monitor

Bitwarden

Box

Carbon Black

Cisco Umbrella

Cloudflare

CrowdStrike

Docker

Dropbox

Duo Security

Envoy

Fastly

Fluentd

GCP

GitHub

GitLab

Google Workspace

Heroku

Jamf Pro

Juniper

Lacework

Material Security

Microsoft 365

Microsoft Entra ID Audit

Microsoft Graph

MongoDB Atlas

Netskope

Nginx

Notion

Okta

OneLogin

Orca Security

Osquery

OSSEC

Proofpoint

Push Security

Salesforce

SentinelOne

Slack

Snowflake Audit

Snyk

Sophos

Sublime Security

Suricata

Sysdig

Syslog

Tailscale

Teleport

Tenable Vulnerability Management

Thinkst Canary

Tines

Tracebit

Windows Event

Wiz

Zeek

Zendesk

Zoom

Zscaler

Troubleshooting supported logs

Visit the Panther Knowledge Base to view articles about supported log sources that answer frequently asked questions and help you resolve common errors and issues.

PreviousData Sources & Transports Next1Password Logs

Last updated 2 months ago

Was this helpful?