Links

AWS Logs

Connecting AWS logs to your Panther Console

Overview

Panther supports ingesting Amazon Web Services (AWS) logs from a variety of services. Use the left-side navigation or the list at the bottom of this page to view the list of all supported AWS log sources.
Beyond our natively supported AWS log sources, Panther also supports ingesting logs from any other services via our AWS transports: S3 Source, SQS Source, and CloudWatch Logs Source.

Cloud Security Scanning for AWS resources

In addition to monitoring AWS logs for active security events, incidents, and breaches, we recommend onboarding your AWS environment as a Cloud Account for Cloud Security Scanning. Cloud Security Scanning scans cloud resources in your AWS account to check for potential vulnerabilities. Panther comes with several built-in policies that will alert you to vulnerabilities in your AWS environment.
To learn more about how to set up Cloud Security Scanning for AWS, please see the documentation: Onboarding the Cloud Account in Panther.

Panther-Built Detections

See Panther's built in rules for AWS in the panther-analysis Github repository.

Querying logs in Data Explorer

To see examples of querying AWS logs in Panther's Data Explorer, see the following pages:

Supported AWS log types

Panther supports the following AWS log types: AWS CloudTrail
AWS ALB
AWS EKS
AWS S3
AWS VPC
AWS WAF