AWS Logs

Connecting AWS logs to your Panther Console

Overview
Panther supports log ingestion from the following Amazon Web Services (AWS) services:
AWS CloudTrail​
​AWS ALB​
​AWS Aurora​
​AWS Config​
​AWS CloudWatch​
​AWS EKS​
​AWS GuardDuty​
​AWS S3​
​AWS Transit Gateway​
​AWS VPC​
​AWS WAF​
Beyond these natively supported AWS log sources, Panther also supports log ingestion from any other services via our AWS data transports: S3 Source, SQS Source, and CloudWatch Logs Source.
In addition to log monitoring, we recommend using Panther's Cloud Security Scanning to detect misconfigurations in your AWS environment.
Panther-built detections
See Panther's prewritten AWS rules in the panther-analysis Github repository.
Querying logs in Data Explorer
See example SQL queries, for use in Panther's Data Explorer, on the following pages:
​CloudTrail logs queries​
​GuardDuty logs queries​
​S3 Access logs queries​
​VPC Flow logs queries​
Cloud Security Scanning for AWS resources
Beyond monitoring your AWS logs, we recommend onboarding your AWS environment as a Cloud Account for Cloud Security Scanning. Cloud Security Scanning checks your cloud resources against policies you've defined to identify and alert you to vulnerabilities in your AWS environment. Panther also comes with several built-in policies based on common cloud infrastructure misconfigurations. 
To learn more about how to set up Cloud Security Scanning for AWS, see Onboarding the Cloud Account in Panther.

Auth0 Logs (Beta)

AWS CloudTrail

Last modified 1mo ago