Enrichment
Panther's Enrichment features, including Lookup Tables and GreyNoise Threat Intelligence
Panther's Enrichment capabilities allow security teams to cut through background noise, improve alert fidelity, speed up analyst workflows and ensure prioritization of the most critical alerts.
Lookup Tables allow you to add important context to your detections and alerts for improved investigation workflows. Using Lookup Tables saves time by enhancing detections, reducing alert noise, and speeding up investigations
GreyNoise helps security analysts save time by revealing which events and alerts they can ignore, by curating data on IPs that saturate security tools with noise. Using GreyNoise can reduce false positives, while helping security teams feel more confident in their ability to protect their organizations.
- Convert IPs to asset/user names, or geolocation details
- Group IPs by type (development vs. production for ex.)
- Append context to AWS Account IDs
- Modify an alert's severity depending on whether GreyNoise reports that an IP is malicious or benign
- Reduce alert noise and fatigue if an IP is known to belong to a common business service that is most definitely not being used to attack your services
- Enrich Panther alert context with GreyNoise data points
Visit the Panther Knowledge Base to view articles about enrichment that answer frequently asked questions and help you resolve common errors and issues.
Last modified 2mo ago