# Panther Docs

## English

- [Overview](https://docs.panther.com/readme.md): Panther is a cloud-native, code-driven detection and response platform
- [Quick Start](https://docs.panther.com/quick-start.md): Get started with your new Panther account
- [Onboarding Guide](https://docs.panther.com/quick-start/onboarding-guide.md): Set up your Panther environment
- [Data Sources & Transports](https://docs.panther.com/data-onboarding.md): Onboard your data sources into Panther to normalize and retain logs
- [Supported Logs](https://docs.panther.com/data-onboarding/supported-logs.md): Panther supports 100+ security log types across 50+ different categories
- [1Password Logs](https://docs.panther.com/data-onboarding/supported-logs/1password.md): Panther supports pulling logs directly from 1Password
- [Anthropic Claude Code Telemetry (Beta)](https://docs.panther.com/data-onboarding/supported-logs/claude-code.md): Monitor Claude Code usage, cost, and tool activity via OpenTelemetry (OTLP)
- [Anthropic Claude Cowork Telemetry (Beta)](https://docs.panther.com/data-onboarding/supported-logs/claude-cowork.md): Monitor Claude Cowork usage, cost, and activity via OpenTelemetry (OTLP)
- [Anthropic Compliance Logs (Beta)](https://docs.panther.com/data-onboarding/supported-logs/anthropic-compliance.md): Panther supports pulling logs directly from Anthropic
- [Apache Logs](https://docs.panther.com/data-onboarding/supported-logs/apache.md): Connecting Apache logs to your Panther Console
- [AppOmni Logs](https://docs.panther.com/data-onboarding/supported-logs/appomni.md): Connecting AppOmni logs to your Panther Console
- [Asana Logs](https://docs.panther.com/data-onboarding/supported-logs/asana.md): Panther supports pulling logs directly from Asana
- [Atlassian Logs](https://docs.panther.com/data-onboarding/supported-logs/atlassian.md): Panther supports pulling logs directly from Atlassian
- [Auditd Logs](https://docs.panther.com/data-onboarding/supported-logs/auditd-logs.md): Stream auditd logs directly to Panther over HTTPS
- [Auth0 Logs](https://docs.panther.com/data-onboarding/supported-logs/auth0.md): Panther supports receiving Auth0 logs directly via webhook
- [AWS Logs](https://docs.panther.com/data-onboarding/supported-logs/aws.md): Connecting AWS logs to your Panther Console
- [AWS ALB](https://docs.panther.com/data-onboarding/supported-logs/aws/alb.md): Connecting AWS ALB logs to your Panther Console
- [AWS Aurora](https://docs.panther.com/data-onboarding/supported-logs/aws/rds.md): Connecting AWS Aurora MySQL Relational Database Service (RDS) logs to your Panther Console
- [Amazon Bedrock Model Invocation](https://docs.panther.com/data-onboarding/supported-logs/aws/bedrock-model-invocation.md): Connecting Amazon Bedrock model invocation logs to your Panther Console
- [AWS CloudFront](https://docs.panther.com/data-onboarding/supported-logs/aws/cloudfront.md): Connecting AWS CloudFront standard logs to Panther
- [AWS CloudTrail](https://docs.panther.com/data-onboarding/supported-logs/aws/cloudtrail.md): Connecting AWS CloudTrail logs to your Panther Console
- [AWS CloudWatch](https://docs.panther.com/data-onboarding/supported-logs/aws/cloudwatch.md): Connecting AWS CloudWatch logs to your Panther Console
- [AWS Config](https://docs.panther.com/data-onboarding/supported-logs/aws/config.md): Connecting AWS Configuration logs to your Panther Console
- [AWS EKS](https://docs.panther.com/data-onboarding/supported-logs/aws/eks.md): Connecting AWS EKS logs to your Panther Console
- [AWS GuardDuty](https://docs.panther.com/data-onboarding/supported-logs/aws/guardduty.md): Connecting AWS GuardDuty to your Panther Console
- [AWS NLB](https://docs.panther.com/data-onboarding/supported-logs/aws/nlb.md): Connecting AWS NLB logs to your Panther Console
- [AWS Security Hub](https://docs.panther.com/data-onboarding/supported-logs/aws/security-hub.md): Connecting AWS Security Hub logs to your Panther Console
- [Amazon Security Lake](https://docs.panther.com/data-onboarding/supported-logs/aws/security-lake.md): Connecting Amazon Security Lake logs to your Panther Console
- [AWS S3](https://docs.panther.com/data-onboarding/supported-logs/aws/s3.md): Connecting AWS S3 Access logs to your Panther Console
- [AWS Transit Gateway](https://docs.panther.com/data-onboarding/supported-logs/aws/transit-gateway.md): Connecting Transit Gateway Flow logs to your Panther Console
- [AWS VPC](https://docs.panther.com/data-onboarding/supported-logs/aws/vpc.md): Connecting AWS VPC logs to your Panther Console
- [AWS WAF](https://docs.panther.com/data-onboarding/supported-logs/aws/waf.md): Connecting AWS WAF logs to your Panther Console
- [Axonius Logs](https://docs.panther.com/data-onboarding/supported-logs/axonius.md): Connecting Axonius logs in your Panther Console
- [Azure Monitor Logs](https://docs.panther.com/data-onboarding/supported-logs/azure-monitor.md): Connecting Azure Monitor logs to your Panther Console
- [Bitwarden Logs](https://docs.panther.com/data-onboarding/supported-logs/bitwarden.md): Panther supports pulling logs directly from Bitwarden
- [Box Logs](https://docs.panther.com/data-onboarding/supported-logs/box.md): Panther supports pulling logs directly from Box
- [Carbon Black Logs](https://docs.panther.com/data-onboarding/supported-logs/carbon-black.md): Connecting Carbon Black logs in your Panther Console
- [Cisco Umbrella Logs](https://docs.panther.com/data-onboarding/supported-logs/ciscoumbrella.md): Connecting Cisco Umbrella logs to your Panther Console
- [Cloudflare Logs](https://docs.panther.com/data-onboarding/supported-logs/cloudflare.md): Connecting Cloudfare logs to your Panther Console
- [CrowdStrike Logs](https://docs.panther.com/data-onboarding/supported-logs/crowdstrike.md): Connecting CrowdStrike logs to your Panther Console
- [CrowdStrike Falcon Data Replicator](https://docs.panther.com/data-onboarding/supported-logs/crowdstrike/falcon-data-replicator.md): Connecting CrowdStrike logs to your Panther Console
- [CrowdStrike Event Streams](https://docs.panther.com/data-onboarding/supported-logs/crowdstrike/event-streams.md): Panther supports connecting to CrowdStrike's Event Streams API
- [Cursor Logs (Beta)](https://docs.panther.com/data-onboarding/supported-logs/cursor.md): Connecting Cursor logs to your Panther Console
- [Databricks Audit Logs](https://docs.panther.com/data-onboarding/supported-logs/databricks.md): Panther supports ingesting Databricks audit logs via AWS S3
- [Docker Logs](https://docs.panther.com/data-onboarding/supported-logs/docker.md): Stream Docker event logs directly to Panther over HTTPS
- [Docusign Logs](https://docs.panther.com/data-onboarding/supported-logs/docusign.md): Panther supports ingesting Docusign Connect webhook events
- [Dropbox Logs](https://docs.panther.com/data-onboarding/supported-logs/dropbox.md): Connecting Dropbox logs to your Panther Console
- [Duo Security Logs](https://docs.panther.com/data-onboarding/supported-logs/duo.md): Panther supports pulling logs directly from Duo
- [Envoy Logs](https://docs.panther.com/data-onboarding/supported-logs/envoy.md): Stream Envoy logs directly to Panther over HTTPS
- [Fastly Logs](https://docs.panther.com/data-onboarding/supported-logs/fastly.md): Connecting Fastly logs to your Panther Console
- [Fluentd Logs](https://docs.panther.com/data-onboarding/supported-logs/fluentd.md): Connecting Fluentd logs to your Panther Console
- [GCP Logs](https://docs.panther.com/data-onboarding/supported-logs/gcp.md): Connecting GCP logs to your Panther Console
- [GitHub Logs](https://docs.panther.com/data-onboarding/supported-logs/github.md): Panther supports pulling GitHub logs directly and audit log streaming
- [GitLab Logs](https://docs.panther.com/data-onboarding/supported-logs/gitlab.md): Connecting GitLab logs to your Panther Console
- [Google Workspace Logs](https://docs.panther.com/data-onboarding/supported-logs/googleworkspace.md): Panther supports pulling logs directly from Google Workspace
- [Heroku Logs](https://docs.panther.com/data-onboarding/supported-logs/heroku.md): Panther supports receiving Heroku logs directly via webhook
- [Hex Logs](https://docs.panther.com/data-onboarding/supported-logs/hex.md): Panther supports ingesting audit logs from Hex via webhook
- [Iru Logs](https://docs.panther.com/data-onboarding/supported-logs/iru.md): Connecting Iru logs to your Panther Console
- [Island Logs](https://docs.panther.com/data-onboarding/supported-logs/island-logs.md): Panther supports ingesting Island Enterprise Browser logs via AWS S3
- [Jamf Pro Logs](https://docs.panther.com/data-onboarding/supported-logs/jamfpro.md): Connecting Jamf Pro logs to your Panther Console
- [Juniper Logs](https://docs.panther.com/data-onboarding/supported-logs/juniper.md): Connecting Juniper logs to your Panther Console
- [Lacework Logs](https://docs.panther.com/data-onboarding/supported-logs/lacework.md): Connecting Lacework logs to your Panther Console
- [Lacework Alert Channel Webhook](https://docs.panther.com/data-onboarding/supported-logs/lacework/webhook.md): Panther supports receiving Lacework Event logs via webhook
- [Lacework Export](https://docs.panther.com/data-onboarding/supported-logs/lacework/export.md): Export Lacework logs to Panther via S3, Google Cloud Storage, or Azure
- [Material Security Logs](https://docs.panther.com/data-onboarding/supported-logs/material-security.md): Connecting Material Security logs in your Panther Console
- [Microsoft 365 Logs](https://docs.panther.com/data-onboarding/supported-logs/microsoft365.md): Panther supports pulling logs directly from Microsoft 365
- [Microsoft Defender XDR Logs (Beta)](https://docs.panther.com/data-onboarding/supported-logs/microsoft-defender-xdr.md): Connecting Microsoft Defender XDR logs to your Panther Console
- [Microsoft Entra ID Audit Logs](https://docs.panther.com/data-onboarding/supported-logs/entra-id-audit.md): Connecting Microsoft Entra ID Audit logs to your Panther Console
- [Microsoft Graph Logs](https://docs.panther.com/data-onboarding/supported-logs/microsoftgraph.md): Panther supports pulling logs directly from Microsoft Graph API
- [Microsoft Intune Logs (Beta)](https://docs.panther.com/data-onboarding/supported-logs/microsoft-intune.md): Connecting Microsoft Intune logs to your Panther Console
- [MongoDB Atlas Logs](https://docs.panther.com/data-onboarding/supported-logs/mongodb.md): Panther supports pulling logs directly from MongoDB Atlas
- [Netskope Logs](https://docs.panther.com/data-onboarding/supported-logs/netskope.md): Panther supports pulling logs directly from Netskope
- [Nginx Logs](https://docs.panther.com/data-onboarding/supported-logs/nginx.md): Connecting Nginx logs to your Panther Console
- [Notion Logs](https://docs.panther.com/data-onboarding/supported-logs/notion.md): Panther supports receiving Notion logs directly via webhook
- [Okta Logs](https://docs.panther.com/data-onboarding/supported-logs/okta.md): Panther supports pulling logs directly from Okta
- [OneLogin Logs](https://docs.panther.com/data-onboarding/supported-logs/onelogin.md): Panther supports pulling logs directly from OneLogin
- [OpenAI Logs](https://docs.panther.com/data-onboarding/supported-logs/openai.md): Panther supports pulling logs directly from OpenAI
- [Orca Security Logs](https://docs.panther.com/data-onboarding/supported-logs/orca-security.md): Connecting Orca Security logs in your Panther Console
- [Osquery Logs](https://docs.panther.com/data-onboarding/supported-logs/osquery.md): Connecting Osquery logs to your Panther Console
- [OSSEC Logs](https://docs.panther.com/data-onboarding/supported-logs/ossec.md): Connecting OSSEC logs to your Panther Console
- [Palo Alto Next-Generation Firewall Logs](https://docs.panther.com/data-onboarding/supported-logs/paloaltongfw.md): Connecting Palo Alto Next Generation Firewall logs to your Panther instance
- [Panther Audit Logs](https://docs.panther.com/data-onboarding/supported-logs/panther-audit-logs.md): Logs for audited activity in your Panther instance
- [Querying and Writing Detections for Panther Audit Logs](https://docs.panther.com/data-onboarding/supported-logs/panther-audit-logs/querying-and-writing-detections-for-panther-audit-logs.md): Monitor your Panther audit logs
- [Panther Audit Log Actions](https://docs.panther.com/data-onboarding/supported-logs/panther-audit-logs/panther-audit-log-actions.md)
- [Proofpoint Logs](https://docs.panther.com/data-onboarding/supported-logs/proofpoint.md): Panther supports pulling logs directly from Proofpoint
- [Push Security Logs](https://docs.panther.com/data-onboarding/supported-logs/push-security.md): Connecting Push Security logs in your Panther Console
- [Rapid7 Logs](https://docs.panther.com/data-onboarding/supported-logs/rapid7.md): Connecting Rapid7 logs to your Panther Console
- [Salesforce Logs](https://docs.panther.com/data-onboarding/supported-logs/salesforce.md): Ingest Salesforce logs to your Panther Console
- [Salesforce Real-Time Events](https://docs.panther.com/data-onboarding/supported-logs/salesforce/real-time-events.md): Panther supports ingesting Salesforce Real-Time events via EventBridge
- [Salesforce Event Monitoring](https://docs.panther.com/data-onboarding/supported-logs/salesforce/event-monitoring.md): Panther supports pulling logs directly from Salesforce
- [SentinelOne Logs](https://docs.panther.com/data-onboarding/supported-logs/sentinel-one.md): Connecting SentinelOne Cloud Funnel logs to your Panther Console
- [Slack Logs](https://docs.panther.com/data-onboarding/supported-logs/slack.md): Panther supports pulling logs directly from Slack
- [Snowflake Audit Logs](https://docs.panther.com/data-onboarding/supported-logs/snowflake.md): Panther supports pulling Audit Logs directly from Snowflake's ACCOUNT\_USAGE schema
- [Snyk Logs](https://docs.panther.com/data-onboarding/supported-logs/snyk.md): Panther supports pulling logs directly from Snyk
- [SOCRadar Logs](https://docs.panther.com/data-onboarding/supported-logs/socradar.md): Panther supports ingesting SOCRadar threat intelligence via webhook
- [Sophos Logs](https://docs.panther.com/data-onboarding/supported-logs/sophos.md): Connecting Sophos logs to your Panther Console
- [Sublime Security Logs](https://docs.panther.com/data-onboarding/supported-logs/sublime-security.md): Connecting Sublime Security logs in your Panther Console
- [Suricata Logs](https://docs.panther.com/data-onboarding/supported-logs/suricata.md): Connecting Suricata logs to your Panther Console
- [Sysdig Logs](https://docs.panther.com/data-onboarding/supported-logs/sysdig.md): Panther supports pulling logs directly from Sysdig
- [Syslog Logs](https://docs.panther.com/data-onboarding/supported-logs/syslog.md): Connecting Syslog logs to your Panther Console
- [Tailscale Logs](https://docs.panther.com/data-onboarding/supported-logs/tailscale.md): Panther supports receiving Tailscale logs directly via webhook
- [Teleport Logs](https://docs.panther.com/data-onboarding/supported-logs/teleport.md): Connecting Teleport logs to your Panther Console
- [Tenable Vulnerability Management Logs](https://docs.panther.com/data-onboarding/supported-logs/tenable.md): Connecting Tenable Vulnerability Management logs in your Panther Console
- [Thinkst Canary Logs](https://docs.panther.com/data-onboarding/supported-logs/thinkst-canary.md): Connecting Thinkst Canary logs in your Panther Console
- [Tines Logs](https://docs.panther.com/data-onboarding/supported-logs/tines.md): Panther supports pulling logs directly from Tines
- [Tracebit Logs](https://docs.panther.com/data-onboarding/supported-logs/tracebit.md): Connecting Tracebit logs in your Panther Console
- [Upwind Logs](https://docs.panther.com/data-onboarding/supported-logs/upwind.md): Connecting Upwind logs to your Panther Console
- [Vercel Logs](https://docs.panther.com/data-onboarding/supported-logs/vercel.md): Connecting Vercel logs to your Panther Console
- [Windows Event Logs](https://docs.panther.com/data-onboarding/supported-logs/windows-event-logs.md): Stream Windows Event Logs directly to Panther over HTTPS
- [Wiz Logs](https://docs.panther.com/data-onboarding/supported-logs/wiz.md): Connecting Wiz logs to your Panther Console
- [Wiz API](https://docs.panther.com/data-onboarding/supported-logs/wiz/api.md): Panther supports pulling logs directly from Wiz API
- [Wiz Webhook](https://docs.panther.com/data-onboarding/supported-logs/wiz/wiz-webhook.md): Panther supports receiving logs from Wiz webhooks
- [Zeek Logs](https://docs.panther.com/data-onboarding/supported-logs/zeek.md): Connecting Zeek logs to your Panther Console
- [Zendesk Logs](https://docs.panther.com/data-onboarding/supported-logs/zendesk.md): Panther supports pulling logs directly from Zendesk
- [Zoom Logs](https://docs.panther.com/data-onboarding/supported-logs/zoom.md): Panther supports pulling logs directly from Zoom
- [Zscaler Logs](https://docs.panther.com/data-onboarding/supported-logs/zscaler.md): Connecting Zscaler logs to your Panther Console
- [Zscaler ZIA](https://docs.panther.com/data-onboarding/supported-logs/zscaler/zia.md): Connecting Zscaler ZIA logs to your Panther Console
- [Zscaler ZPA](https://docs.panther.com/data-onboarding/supported-logs/zscaler/zpa.md): Connecting ZPA logs to your Panther Console
- [Custom Logs](https://docs.panther.com/data-onboarding/custom-log-types.md): Define, write, and manage custom schemas
- [Log Schema Reference](https://docs.panther.com/data-onboarding/custom-log-types/reference.md)
- [Transformations](https://docs.panther.com/data-onboarding/custom-log-types/transformations.md): Mutate data structure upon ingest
- [Script Log Parser](https://docs.panther.com/data-onboarding/custom-log-types/script-parser.md): Parse incoming logs with script defined in Starlark configuration language
- [Fastmatch Log Parser](https://docs.panther.com/data-onboarding/custom-log-types/fastmatch-parser.md)
- [Regex Log Parser](https://docs.panther.com/data-onboarding/custom-log-types/regex-parser.md)
- [CSV Log Parser](https://docs.panther.com/data-onboarding/custom-log-types/csv-parser.md)
- [Data Transports](https://docs.panther.com/data-onboarding/data-transports.md): Panther integrates with various common data transport log ingestion sources
- [HTTP Source](https://docs.panther.com/data-onboarding/data-transports/http.md): Onboarding an HTTP (webhook) source for log ingestion in Panther
- [Log Forwarder Source (Beta)](https://docs.panther.com/data-onboarding/data-transports/log-forwarder.md): Creating a Log Forwarder source in the Panther Console for use with the Panther Log Forwarder agent
- [AWS Sources](https://docs.panther.com/data-onboarding/data-transports/aws.md): Use an AWS service to ingest custom logs into Panther
- [S3 Source](https://docs.panther.com/data-onboarding/data-transports/aws/s3.md): Onboarding AWS S3 as a Data Transport log source in the Panther Console
- [CloudWatch Logs Source](https://docs.panther.com/data-onboarding/data-transports/aws/cloudwatch.md): Onboarding CloudWatch as a Data Transport log source in the Panther Console
- [SQS Source](https://docs.panther.com/data-onboarding/data-transports/aws/sqs.md): Onboarding AWS SQS Logs as a Data Transport log source in the Panther Console
- [SNS Source](https://docs.panther.com/data-onboarding/data-transports/aws/sqs/sns.md): Onboarding SNS Logs as a Data Transport log source in the Panther Console
- [EventBridge](https://docs.panther.com/data-onboarding/data-transports/aws/eventbridge.md): Routing your Amazon EventBridge data to Panther for advanced monitoring and detection
- [Google Cloud Sources](https://docs.panther.com/data-onboarding/data-transports/google.md): Use a Google Cloud service to ingest custom logs into Panther
- [Cloud Storage (GCS) Source](https://docs.panther.com/data-onboarding/data-transports/google/cloud-storage.md): Onboarding GCS as a Data Transport log source in the Panther Console
- [Pub/Sub Source](https://docs.panther.com/data-onboarding/data-transports/google/pubsub.md): Onboarding Google Cloud Pub/Sub as a Data Transport log source in the Panther Console
- [Azure Sources](https://docs.panther.com/data-onboarding/data-transports/azure.md): Use an Azure service to ingest custom logs into Panther
- [Blob Storage Source](https://docs.panther.com/data-onboarding/data-transports/azure/blob-storage.md): Onboarding Azure Blob Storage as a Data Transport log source in the Panther Console
- [Event Hub Source](https://docs.panther.com/data-onboarding/data-transports/azure/event-hub.md): Onboarding Azure Event Hub as a Data Transport log source in the Panther Console
- [Panther Log Forwarder (Beta)](https://docs.panther.com/data-onboarding/panther-log-forwarder.md): Forward logs from your on-premises devices to Panther using the Panther Log Forwarder
- [Monitoring Log Sources](https://docs.panther.com/data-onboarding/monitoring-log-sources.md): How to monitor data metrics, log source health, and schemas for individual log sources.
- [Field Discovery](https://docs.panther.com/data-onboarding/field-discovery.md): Capture unexpected fields in evolving log data
- [Ingestion Filters](https://docs.panther.com/data-onboarding/ingestion-filters.md): Drop incoming data either before or after it's parsed by a schema
- [Raw Event Filters](https://docs.panther.com/data-onboarding/ingestion-filters/raw-event.md): Filter out events before they're parsed by a log schema
- [Normalized Event Filters](https://docs.panther.com/data-onboarding/ingestion-filters/normalized-event.md): Filter out events after they're parsed by a log schema
- [Other Data Pipeline Tools](https://docs.panther.com/data-onboarding/data-pipeline-tools.md): Panther integrates with third-party tools to help transform and transport data.
- [Chronosphere Onboarding Guide](https://docs.panther.com/data-onboarding/data-pipeline-tools/chronosphere.md): Forward logs directly to Panther using Chronosphere Telemetry Pipeline
- [Cribl Onboarding Guide](https://docs.panther.com/data-onboarding/data-pipeline-tools/cribl.md): How to redact sensitive log data using AWS S3, Cribl, and Panther
- [Fluent Bit Onboarding Guide](https://docs.panther.com/data-onboarding/data-pipeline-tools/fluent-bit-onboarding-guide.md): Forward logs directly to Panther using Fluent Bit
- [Fluent Bit Configuration Examples](https://docs.panther.com/data-onboarding/data-pipeline-tools/fluent-bit-onboarding-guide/fluent-bit-configuration-examples.md)
- [Fluentd Onboarding Guide](https://docs.panther.com/data-onboarding/data-pipeline-tools/fluentd.md): Guide to getting started using Fluentd with Panther
- [General log forwarding via Fluentd](https://docs.panther.com/data-onboarding/data-pipeline-tools/fluentd/general-log-forwarding-via-fluentd.md): Deliver raw logs from files to S3 using Fluentd
- [MacOS System Logs to S3 via Fluentd](https://docs.panther.com/data-onboarding/data-pipeline-tools/fluentd/macos-system-logs-to-s3-via-fluentd.md)
- [Syslog to S3 via Fluentd](https://docs.panther.com/data-onboarding/data-pipeline-tools/fluentd/syslog-to-s3-via-fluentd.md)
- [Windows Event Logs to S3 via Fluentd (Legacy)](https://docs.panther.com/data-onboarding/data-pipeline-tools/fluentd/windows-event-logging-via-fluentd.md)
- [GCP Audit to S3 via Fluentd](https://docs.panther.com/data-onboarding/data-pipeline-tools/fluentd/gcp-audit-to-s3-via-fluentd.md)
- [Realm Onboarding Guide](https://docs.panther.com/data-onboarding/data-pipeline-tools/realm.md)
- [Tarsal Onboarding Guide](https://docs.panther.com/data-onboarding/data-pipeline-tools/tarsal.md): Forward logs to Panther using Tarsal
- [Tech Partner Log Source Integrations](https://docs.panther.com/data-onboarding/tech-partner.md): Integrate your product with Panther as a Tech Partner
- [Detections](https://docs.panther.com/detections.md): Use detections to analyze data and trigger alerts on suspicious behavior
- [Using Panther-managed Detections](https://docs.panther.com/detections/panther-managed.md): Enable prewritten detections, with the option to customize
- [Detection Packs](https://docs.panther.com/detections/panther-managed/packs.md): Use Packs to group detections and enable updates via the Panther Console
- [Content Catalog (Beta)](https://docs.panther.com/detections/panther-managed/content-catalog.md): Browse, install, and update individual Panther-managed analysis items from the Panther Console
- [Browsing and installing Catalog items](https://docs.panther.com/detections/panther-managed/content-catalog/browsing-and-installing-catalog-items.md): Discover Panther-managed content and install items into your Panther environment
- [Updating Catalog items](https://docs.panther.com/detections/panther-managed/content-catalog/updating-catalog-items.md): Update installed Content Catalog items to the latest version available.
- [Rules and Scheduled Rules](https://docs.panther.com/detections/rules.md): Rules and scheduled rules detect suspicious activity in logs, then generate alerts
- [AI Detection Builder (Beta)](https://docs.panther.com/detections/rules/ai-builder.md): Describe the rule you'd like to create in plain language
- [Writing Python Detections](https://docs.panther.com/detections/rules/python.md): Construct Python detections in the Console or CLI workflow
- [Python Rule Caching](https://docs.panther.com/detections/rules/python/caching.md)
- [Data Models](https://docs.panther.com/detections/rules/python/data-models.md): Data Models provide a way to configure a set of unified fields across all log types
- [Global Helper Functions](https://docs.panther.com/detections/rules/python/globals.md)
- [Modifying Detections with Inline Filters](https://docs.panther.com/detections/rules/inline-filters.md): Modify an existing rule without writing code
- [Derived Detections](https://docs.panther.com/detections/rules/derived.md): Create one or more Derived Detections from a single Base Detection in Panther
- [Using Derived Detections to Avoid Merge Conflicts](https://docs.panther.com/detections/rules/derived/using-derived-detections-to-avoid-merge-conflicts.md): A workflow that could produce merge conflicts is reimagined using detection derivation
- [Using the Simple Detection Builder](https://docs.panther.com/detections/rules/simple-detection-builder.md): Create and edit detections without code
- [Writing Simple Detections](https://docs.panther.com/detections/rules/writing-simple-detections.md): Construct YAML detections in the CLI workflow
- [Simple Detection Match Expression Reference](https://docs.panther.com/detections/rules/writing-simple-detections/match-expression.md): Construct match expressions to define logic
- [Simple Detection Error Codes](https://docs.panther.com/detections/rules/writing-simple-detections/simple-detection-error-codes.md): Troubleshoot Simple Detections errors
- [Correlation Rules (Beta)](https://docs.panther.com/detections/correlation-rules.md): Correlation rules establish correlations across logs, identify anomalies, and model complex attack behavior, then generate alerts
- [Correlation Rule Reference](https://docs.panther.com/detections/correlation-rules/correlation-rule-reference.md): Construct YAML correlation rules in either the Console or the CLI workflow
- [Signals](https://docs.panther.com/detections/signals.md): A signal is created when there's a match on a rule, scheduled rule, or correlation rule
- [Policies](https://docs.panther.com/detections/policies.md): Scan and evaluate cloud infrastructure configurations
- [Testing](https://docs.panther.com/detections/testing.md): Use unit tests to ensure your detections are working as expected
- [Data Replay (Beta)](https://docs.panther.com/detections/testing/data-replay.md): Preview the outcome of a rule against real data before enabling it
- [Framework Mapping and MITRE ATT\&CK® Matrix](https://docs.panther.com/detections/report-mapping.md): Map detections to compliance frameworks in Panther
- [Cloud Security Scanning](https://docs.panther.com/cloud-scanning.md): Panther Cloud Security Scanning uses policies to detect misconfigurations in AWS resources
- [Cloud Resource Attributes](https://docs.panther.com/cloud-scanning/cloud-resource-attributes.md): Attributes that can be referenced in a policy in Panther
- [AWS](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws.md)
- [ACM Certificate](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/acm-certificate.md): This page provides an overview of the basics of AWS Certificate Manager (ACM) Certificate.
- [CloudFormation Stack](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/cloudformation-stack.md)
- [CloudWatch Log Group](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/cloudwatch-log-group.md)
- [CloudTrail](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/cloudtrail.md)
- [CloudTrail Meta](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/cloudtrail-meta.md)
- [Config Recorder](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/config-recorder.md)
- [Config Recorder Meta](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/config-recorder-meta.md)
- [DynamoDB Table](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/dynamodb-table.md)
- [EC2 AMI](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/ec2-ami.md): Amazon Machine Image
- [EC2 Instance](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/ec2-instance.md)
- [EC2 Network ACL](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/ec2-network-acl.md): Elastic Compute Cloud (EC2) Virtual Private Cloud (VPC) Network ACL
- [EC2 SecurityGroup](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/ec2-securitygroup.md): Elastic Compute Cloud (EC2) Virtual Private Cloud (VPC) SecurityGroup
- [EC2 Volume](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/ec2-volume.md): Elastic Compute Cloud (EC2) Volume
- [EC2 VPC](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/ec2-vpc.md): Elastic Compute Cloud (EC2) Virtual Private Cloud (VPC)
- [ECS Cluster](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/ecs-cluster.md): Amazon Elastic Container Service Cluster
- [EKS Cluster](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/eks-cluster.md): Amazon Elastic Kubernetes Service Cluster
- [ELBV2 Application Load Balancer](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/elbv2-application-load-balancer.md): Elastic Load Balancer Version 2 (ELBV2) Application Load Balancer
- [GuardDuty Detector](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/guardduty-detector.md)
- [GuardDuty Detector Meta](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/guardduty-detector-meta.md)
- [IAM Group](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/iam-group.md): Identity and Access Management (IAM) Group
- [IAM Policy](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/iam-policy.md): Identity and Access Management (IAM) Policy
- [IAM Role](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/iam-role.md): Identity and Access Management (IAM) Role
- [IAM Root User](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/iam-root-user.md): Identity and Access Management (IAM) root User
- [IAM User](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/iam-user.md): Identity and Access Management (IAM) User
- [KMS Key](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/kms-key.md): Key Management Service (KMS) Key
- [Lambda Function](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/lambda-function.md)
- [Password Policy](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/password-policy.md)
- [RDS Instance](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/rds-instance.md): Relational Database Service (RDS) Instance
- [Redshift Cluster](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/redshift-cluster.md)
- [Route 53 Domains](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/route-53-domains.md)
- [Route 53 Hosted Zone](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/route-53-hosted-zone.md)
- [S3 Bucket](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/s3-bucket.md): Simple Storage Service (S3) Bucket
- [WAF Web ACL](https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/waf-web-acl.md): Web Application Firewall (WAF) Web Access Control List (ACL)
- [Alerts & Destinations](https://docs.panther.com/alerts.md): Panther detections trigger alerts on suspicious behavior
- [Alert Destinations](https://docs.panther.com/alerts/destinations.md): Destinations are integrations that receive alerts from rules and policies in Panther
- [Amazon SNS Destination](https://docs.panther.com/alerts/destinations/sns.md): Configuring Amazon SNS as an alert destination in your Panther Console
- [Amazon SQS Destination](https://docs.panther.com/alerts/destinations/sqs.md): Configuring Amazon SQS as an alert destination in your Panther Console
- [Asana Destination](https://docs.panther.com/alerts/destinations/asana.md): Configuring Asana as an alert destination in your Panther Console
- [Blink Ops Destination](https://docs.panther.com/alerts/destinations/blink-ops.md): Configuring Blink Ops as an alert destination in your Panther Console
- [Custom Webhook Destination](https://docs.panther.com/alerts/destinations/custom_webhook.md): Configuring a Custom Webhook as an alert destination in your Panther Console
- [Discord Destination](https://docs.panther.com/alerts/destinations/discord.md): Configuring Discord as an alert destination in your Panther Console
- [Expel Destination](https://docs.panther.com/alerts/destinations/expel.md): Configuring Expel as an alert destination in your Panther Console
- [GitHub Destination](https://docs.panther.com/alerts/destinations/github.md): Configuring Github as an alert destination in your Panther Console
- [Google Pub/Sub Destination](https://docs.panther.com/alerts/destinations/pubsub.md): Configuring Google Pub/Sub as an alert destination in your Panther Console
- [Incident.io Destination](https://docs.panther.com/alerts/destinations/incident.io.md): Configuring incident.io as an alert destination in your Panther Console
- [Jira Cloud Destination](https://docs.panther.com/alerts/destinations/jira.md): Configuring Jira Cloud as an alert destination in your Panther Console
- [Jira Data Center Destination](https://docs.panther.com/alerts/destinations/jira-data-center.md): Configuring Jira Data Center as an alert destination in your Panther Console
- [Microsoft Teams Destination](https://docs.panther.com/alerts/destinations/microsoft-teams.md): Configuring Microsoft Teams as an alert destination in your Panther Console
- [Mindflow Destination](https://docs.panther.com/alerts/destinations/mindflow.md): Configuring Mindflow as an alert destination in your Panther Console
- [OpsGenie Destination](https://docs.panther.com/alerts/destinations/opsgenie.md): Configuring OpsGenie as an alert destination in your Panther Console
- [PagerDuty Destination](https://docs.panther.com/alerts/destinations/pagerduty.md): Configuring PagerDuty as an alert destination in your Panther Console
- [Rapid7 Destination](https://docs.panther.com/alerts/destinations/rapid7.md): Configuring a Rapid7 workflow as an alert destination in your Panther Console
- [ServiceNow Destination (Custom Webhook)](https://docs.panther.com/alerts/destinations/servicenow.md): Set up ServiceNow alerts using Panther's custom webhook option
- [Slack Bot Destination](https://docs.panther.com/alerts/destinations/slack-bot.md): Configuring Panther's Slack Bot as an alert destination in your Panther Console
- [Slack Destination (Webhook)](https://docs.panther.com/alerts/destinations/slack.md): Configuring Slack as an alert destination in your Panther Console
- [Splunk Destination](https://docs.panther.com/alerts/destinations/splunk.md): Configuring Splunk as an alert destination in your Panther Console
- [Tines Destination](https://docs.panther.com/alerts/destinations/tines.md): Configuring Tines as an alert destination in your Panther Console
- [Torq Destination](https://docs.panther.com/alerts/destinations/torq.md): Configuring Torq as an alert destination in your Panther Console
- [Assigning and Managing Alerts](https://docs.panther.com/alerts/alert-management.md): Manage Alerts in the Panther Console
- [Managing Alerts in Slack](https://docs.panther.com/alerts/alert-management/slack.md): View and manage alerts from Slack
- [Alert Runbooks](https://docs.panther.com/alerts/alert-runbooks.md): Recommended steps to investigate and reconcile an alert
- [Tech Partner Alert Destination Integrations](https://docs.panther.com/alerts/tech-partner.md): Integrate your product with Panther as a Tech Partner
- [Investigations & Search](https://docs.panther.com/search.md): Using Panther's search tools to run queries and search your normalized log data
- [Threat Hunting in Panther](https://docs.panther.com/search/threat-hunting.md): You've received a Panther alert—now what?
- [Search](https://docs.panther.com/search/search-tool.md): Construct a data query without writing SQL
- [Search Filter Operators](https://docs.panther.com/search/search-tool/filter-operators.md): Supported operators for Panther's Search tool
- [Data Explorer](https://docs.panther.com/search/data-explorer.md): Use Panther's Data Explorer to view normalized data and perform SQL queries
- [Data Explorer SQL Search Examples](https://docs.panther.com/search/data-explorer/example-queries.md)
- [CloudTrail logs queries](https://docs.panther.com/search/data-explorer/example-queries/cloudtrail-logs-queries.md)
- [GitHub Audit logs queries](https://docs.panther.com/search/data-explorer/example-queries/github-audit-logs-queries.md)
- [GuardDuty logs queries](https://docs.panther.com/search/data-explorer/example-queries/guardduty-logs-queries.md)
- [Nginx and ALB Access logs queries](https://docs.panther.com/search/data-explorer/example-queries/nginx-and-alb-access-logs-queries.md)
- [Okta logs queries](https://docs.panther.com/search/data-explorer/example-queries/okta-logs-queries.md): This page contains example Panther queries for Okta log data
- [S3 Access logs queries](https://docs.panther.com/search/data-explorer/example-queries/s3-access-logs-queries.md)
- [VPC logs queries](https://docs.panther.com/search/data-explorer/example-queries/vpc-flow-logs-queries.md)
- [Visualization and Dashboards](https://docs.panther.com/search/visualization-and-dashboards.md): Visualize your data inside Panther, and using additional tools
- [Custom Dashboards (Beta)](https://docs.panther.com/search/visualization-and-dashboards/custom.md): Build custom dashboards to visualize and track important data in Panther
- [Panther-Managed Dashboards](https://docs.panther.com/search/visualization-and-dashboards/panther-managed.md): Use the Panther Console overview dashboard to quickly identify and act on alerts
- [Standard Fields](https://docs.panther.com/search/panther-fields.md): Panther's log analysis applies normalization fields to all log records
- [Saved and Scheduled Searches](https://docs.panther.com/search/scheduled-searches.md): Save and optionally schedule searches
- [Templated Searches](https://docs.panther.com/search/scheduled-searches/templated-searches.md): Export collections of paramaterized SQL expressions for reuse
- [Behavioral Analytics and Anomaly Detection Template Macros](https://docs.panther.com/search/scheduled-searches/templated-searches/anomaly-detection-macros.md): Detect outliers with Panther-managed macros for behavioral analytics and anomaly detection
- [Scheduled Search Examples](https://docs.panther.com/search/scheduled-searches/examples.md)
- [Search History](https://docs.panther.com/search/search-history.md): Monitor search status and stop running searches
- [Data Lakes](https://docs.panther.com/search/backend.md)
- [Snowflake](https://docs.panther.com/search/backend/snowflake.md)
- [Snowflake Configuration for Optimal Search Performance](https://docs.panther.com/search/backend/snowflake/configuration.md): Learn how Panther leverages Snowflake settings to optimize search performance
- [Databricks](https://docs.panther.com/search/backend/databricks.md)
- [PantherFlow (Beta)](https://docs.panther.com/pantherflow.md): PantherFlow is Panther's pipelined query language
- [PantherFlow Quick Reference](https://docs.panther.com/pantherflow/quick-reference.md): Overview of PantherFlow functionality
- [PantherFlow Best Practices](https://docs.panther.com/pantherflow/best-practices.md): Optimize your PantherFlow queries
- [PantherFlow Statements](https://docs.panther.com/pantherflow/statements.md): There are two types of PantherFlow query statements
- [PantherFlow Operators](https://docs.panther.com/pantherflow/operators.md): Use these operators in your PantherFlow query statements
- [Datatable Operator](https://docs.panther.com/pantherflow/operators/datatable.md): Provide sample data with PantherFlow's datatable operator
- [Extend Operator](https://docs.panther.com/pantherflow/operators/extend.md)
- [Join Operator](https://docs.panther.com/pantherflow/operators/join.md)
- [Limit Operator](https://docs.panther.com/pantherflow/operators/limit.md)
- [Project Operator](https://docs.panther.com/pantherflow/operators/project.md)
- [Range Operator](https://docs.panther.com/pantherflow/operators/range.md)
- [Sort Operator](https://docs.panther.com/pantherflow/operators/sort.md)
- [Search Operator](https://docs.panther.com/pantherflow/operators/search.md)
- [Summarize Operator](https://docs.panther.com/pantherflow/operators/summarize.md)
- [Union Operator](https://docs.panther.com/pantherflow/operators/union.md)
- [Visualize Operator](https://docs.panther.com/pantherflow/operators/visualize.md)
- [Where Operator](https://docs.panther.com/pantherflow/operators/where.md)
- [PantherFlow Data Types](https://docs.panther.com/pantherflow/data-types.md): These data types are supported in PantherFlow query statements
- [PantherFlow Expressions](https://docs.panther.com/pantherflow/expressions.md): Use these expressions in your PantherFlow query statements
- [PantherFlow Functions](https://docs.panther.com/pantherflow/functions.md): Use these functions in your PantherFlow query statements
- [Aggregation Functions](https://docs.panther.com/pantherflow/functions/aggregation.md): PantherFlow aggregation functions
- [Date/time Functions](https://docs.panther.com/pantherflow/functions/date-time.md): PantherFlow date/time functions
- [String Functions](https://docs.panther.com/pantherflow/functions/string.md): PantherFlow string functions
- [Array Functions](https://docs.panther.com/pantherflow/functions/array.md): PantherFlow array functions
- [Math Functions](https://docs.panther.com/pantherflow/functions/math.md): PantherFlow math functions
- [Control Flow Functions](https://docs.panther.com/pantherflow/functions/control-flow.md): PantherFlow control flow functions
- [Regular Expression Functions](https://docs.panther.com/pantherflow/functions/regular-expression.md): PantherFlow regular expression functions
- [Snowflake Functions](https://docs.panther.com/pantherflow/functions/snowflake.md): PantherFlow Snowflake functions
- [Databricks Functions](https://docs.panther.com/pantherflow/functions/databricks-functions.md): PantherFlow Databricks functions
- [Data Type Functions](https://docs.panther.com/pantherflow/functions/data-type.md): PantherFlow data type functions
- [Other Functions](https://docs.panther.com/pantherflow/functions/other.md): PantherFlow miscellaneous functions
- [PantherFlow Example Queries](https://docs.panther.com/pantherflow/example-queries.md)
- [PantherFlow Examples: Threat Hunting Scenarios](https://docs.panther.com/pantherflow/example-queries/threat-hunting.md)
- [PantherFlow Examples: SOC Operations](https://docs.panther.com/pantherflow/example-queries/soc-operations.md)
- [PantherFlow Examples: Panther Audit Logs](https://docs.panther.com/pantherflow/example-queries/panther-audit-logs.md)
- [Enrichment](https://docs.panther.com/enrichment.md): Supplement your log data in Panther with context from additional sources
- [Custom Enrichments](https://docs.panther.com/enrichment/custom.md): Enrich events with your own stored data
- [Custom Enrichment Examples](https://docs.panther.com/enrichment/custom/examples.md)
- [Using Custom Enrichments: 1Password UUIDs](https://docs.panther.com/enrichment/custom/examples/1password-uuids.md): Using Panther's custom enrichments to translate 1Password UUIDs to friendly names
- [Custom Enrichment Specification Reference](https://docs.panther.com/enrichment/custom/lookup-table-specification-reference.md)
- [Anomali ThreatStream](https://docs.panther.com/enrichment/anomali-threatstream.md): Enrich incoming events with Anomali ThreatStream data
- [Google Workspace Profiles](https://docs.panther.com/enrichment/google-workspace.md): Fetch and store Google Workspace user data to use in detections and search
- [Google Threat Intelligence](https://docs.panther.com/enrichment/google-threat-intelligence.md): Enrich incoming events with the Google Threat Intelligence IoC Stream
- [GreyNoise](https://docs.panther.com/enrichment/greynoise.md): Enrich incoming events with GreyNoise threat intelligence data
- [IPinfo](https://docs.panther.com/enrichment/ipinfo.md)
- [MISP Warning Lists](https://docs.panther.com/enrichment/misp.md): Enrich incoming events with indicator context from MISP warning lists
- [Okta Profiles](https://docs.panther.com/enrichment/okta.md): Fetch and store Okta user and device data to use in detections and search
- [Open Threat Exchange (OTX)](https://docs.panther.com/enrichment/otx.md): Enrich incoming events with OTX context
- [Snowflake Enrichment (Beta)](https://docs.panther.com/enrichment/snowflake.md): Fetch and store Snowflake data to use in detections and search
- [Tor Exit Nodes](https://docs.panther.com/enrichment/tor-exit-nodes.md)
- [TrailDiscover](https://docs.panther.com/enrichment/traildiscover.md): Enrich incoming CloudTrail events with TrailDiscover data
- [Panther AI](https://docs.panther.com/ai.md)
- [MCP](https://docs.panther.com/ai/mcp.md)
- [Panther Remote MCP (Beta)](https://docs.panther.com/ai/mcp/panther-remote-mcp.md): Connect MCP-compatible AI clients directly to your Panther instance over OAuth
- [Panther Local MCP Server](https://docs.panther.com/ai/mcp/mcp-server.md): Run the mcp-panther server locally for CI pipelines, scripted agents, and custom internal tooling
- [MCP Integrations (Beta)](https://docs.panther.com/ai/mcp/mcp-integrations.md): Connect remote MCP servers to Panther AI
- [Atlassian MCP Server](https://docs.panther.com/ai/mcp/mcp-integrations/atlassian-mcp-server.md)
- [GitHub MCP Server](https://docs.panther.com/ai/mcp/mcp-integrations/github-mcp-server.md)
- [Notion MCP Server](https://docs.panther.com/ai/mcp/mcp-integrations/notion-mcp-server.md)
- [PagerDuty MCP Server](https://docs.panther.com/ai/mcp/mcp-integrations/pagerduty-mcp-server.md)
- [Slack MCP Server](https://docs.panther.com/ai/mcp/mcp-integrations/slack-mcp-server.md)
- [Using Panther AI](https://docs.panther.com/ai/using-panther-ai.md)
- [AI Usage Dashboard (Beta)](https://docs.panther.com/ai/using-panther-ai/ai-usage-dashboard.md): Track your AI Usage for your current contract term
- [Scheduled AI Prompts (Beta)](https://docs.panther.com/ai/using-panther-ai/scheduled-ai-prompts.md)
- [Managing Panther AI Response History](https://docs.panther.com/ai/using-panther-ai/managing-ai-response-history.md): View, rename, pin, save, unsave, and delete previous AI responses
- [Send Panther AI Findings to Slack](https://docs.panther.com/ai/using-panther-ai/send-panther-ai-findings-to-slack.md): Use Panther AI to send Slack messages directly to a Slack channel from within an investigation.
- [Private AI Conversations (Beta)](https://docs.panther.com/ai/using-panther-ai/private-ai-conversations-beta.md): Control the visibility of Panther AI conversations with private and shared modes
- [Panther AI and Alerts](https://docs.panther.com/ai/using-panther-ai/panther-ai-and-alerts.md): Using Panther AI with alerts
- [Risk Scoring and Classification Framework](https://docs.panther.com/ai/risk-scoring-and-classification-framework.md)
- [Panther AI Workflow Examples](https://docs.panther.com/ai/examples.md): Videos and images of Panther AI in action
- [Panther AI Tools](https://docs.panther.com/ai/panther-ai-tools.md)
- [System Configuration](https://docs.panther.com/system-configuration.md)
- [Role-Based Access Control](https://docs.panther.com/system-configuration/rbac.md)
- [Identity & Access Integrations](https://docs.panther.com/system-configuration/saml.md)
- [Azure Active Directory SSO](https://docs.panther.com/system-configuration/saml/azure.md): Set up Azure Active Directory SSO to log into the Panther Console
- [Duo SSO](https://docs.panther.com/system-configuration/saml/duo-sso.md): Set up Duo SSO to log in to the Panther Console
- [G Suite SSO](https://docs.panther.com/system-configuration/saml/gsuite.md): Set up G Suite SSO to log in to the Panther Console
- [Okta SSO](https://docs.panther.com/system-configuration/saml/okta.md): Set up Okta SSO to log in to the Panther Console
- [Okta SCIM](https://docs.panther.com/system-configuration/saml/okta/okta-scim.md): Manage Panther users via SCIM using Okta
- [OneLogin SSO](https://docs.panther.com/system-configuration/saml/onelogin.md): Set up OneLogin SSO to log in to the Panther Console
- [Generic SSO](https://docs.panther.com/system-configuration/saml/generic.md): Integrating a generic SAML IdP with Panther
- [Notifications and Errors](https://docs.panther.com/system-configuration/notifications.md): Get real-time notifications for crucial information about your Panther instance
- [System Errors](https://docs.panther.com/system-configuration/notifications/system-errors.md): Panther's System Errors alert you if the Panther platform is not functioning as expected
- [Panther Deployment Types](https://docs.panther.com/system-configuration/panther-deployment-types.md): Panther deployment options for AWS and Snowflake
- [SaaS](https://docs.panther.com/system-configuration/panther-deployment-types/saas.md): Panther SaaS deployments
- [Cloud Connected](https://docs.panther.com/system-configuration/panther-deployment-types/cloud-connected.md): Panther Cloud Connected deployments
- [Setting Up a Cloud Connected Panther Instance](https://docs.panther.com/system-configuration/panther-deployment-types/cloud-connected/set-up.md): Using the panther-cloud-connected-setup CLI tool
- [Configuring Databricks for Panther](https://docs.panther.com/system-configuration/panther-deployment-types/cloud-connected/databricks.md)
- [Legacy Configurations](https://docs.panther.com/system-configuration/panther-deployment-types/legacy-configurations.md): Panther legacy configurations
- [Cloud Connected Setup Without CLI Tool (Legacy)](https://docs.panther.com/system-configuration/panther-deployment-types/legacy-configurations/cloud-connected-setup-without-cli-tool-legacy.md)
- [Configuring Snowflake for Cloud Connected (Legacy)](https://docs.panther.com/system-configuration/panther-deployment-types/legacy-configurations/cloud-connected-setup-without-cli-tool-legacy/configuring-snowflake-for-cloud-connected-legacy.md)
- [Configuring AWS for Cloud Connected (Legacy)](https://docs.panther.com/system-configuration/panther-deployment-types/legacy-configurations/cloud-connected-setup-without-cli-tool-legacy/configuring-aws-for-cloud-connected-legacy.md)
- [Pre-Deployment Tools (Legacy)](https://docs.panther.com/system-configuration/panther-deployment-types/legacy-configurations/cloud-connected-setup-without-cli-tool-legacy/pre-deployment-tools-legacy.md)
- [Snowflake Connected (Legacy)](https://docs.panther.com/system-configuration/panther-deployment-types/legacy-configurations/snowflake-setup.md)
- [Customer-configured Snowflake Integration (Legacy)](https://docs.panther.com/system-configuration/panther-deployment-types/legacy-configurations/customer-managed-snowflake.md)
- [Self-Hosted Deployments (Legacy)](https://docs.panther.com/system-configuration/panther-deployment-types/legacy-configurations/self-hosted-deployments.md): Manage self-hosted deployments in Panther
- [Runtime Environment](https://docs.panther.com/system-configuration/panther-deployment-types/legacy-configurations/self-hosted-deployments/run-time.md)
- [Panther Developer Workflows Overview](https://docs.panther.com/panther-developer-workflows/overview.md): Panther Developer Workflows are non-Panther Console workflows you can use to interact with your Panther account
- [Using panther-analysis](https://docs.panther.com/panther-developer-workflows/detections-repo.md): Leverage Panther-managed security content
- [Panther Analysis Tool](https://docs.panther.com/panther-developer-workflows/detections-repo/pat.md): Using Panther Analysis Tool to test and upload locally managed detections
- [Install, Configure, and Authenticate with the Panther Analysis Tool](https://docs.panther.com/panther-developer-workflows/detections-repo/pat/install-configure-and-authenticate-with-pat.md): Get up and running with PAT
- [Panther Analysis Tool Commands](https://docs.panther.com/panther-developer-workflows/detections-repo/pat/pat-commands.md): Use PAT to manage your Panther content
- [Managing Enrichment Providers with the Panther Analysis Tool](https://docs.panther.com/panther-developer-workflows/detections-repo/pat/managing-enrichment.md): Configure custom and Panther-managed enrichments using PAT
- [Managing Scheduled Prompts with the Panther Analysis Tool](https://docs.panther.com/panther-developer-workflows/detections-repo/pat/managing-scheduled-prompts.md): Manage Panther AI scheduled prompts as code using PAT
- [Setting Up Your Panther Content Repository](https://docs.panther.com/panther-developer-workflows/detections-repo/setup.md)
- [Deprecated Management Flows](https://docs.panther.com/panther-developer-workflows/detections-repo/setup/deprecated.md)
- [Private Clone](https://docs.panther.com/panther-developer-workflows/detections-repo/setup/deprecated/private-cloned-repo.md)
- [Public Fork](https://docs.panther.com/panther-developer-workflows/detections-repo/setup/deprecated/public-fork.md)
- [Setting Up the Panther GitHub App (Beta)](https://docs.panther.com/panther-developer-workflows/detections-repo/github-app.md): Register and install the Panther GitHub App on your detection content repository
- [CI/CD for Panther Content](https://docs.panther.com/panther-developer-workflows/detections-repo/ci-cd.md)
- [Deployment Workflows Using Panther Analysis Tool](https://docs.panther.com/panther-developer-workflows/detections-repo/ci-cd/deployment-workflows.md)
- [Managing Panther Content via CircleCI](https://docs.panther.com/panther-developer-workflows/detections-repo/ci-cd/deployment-workflows/circle-ci.md): Manage detection content in Panther with a CI/CD workflow using CircleCI
- [Managing Panther Content via GitHub Actions](https://docs.panther.com/panther-developer-workflows/detections-repo/ci-cd/deployment-workflows/github-actions.md): Manage detections and schemas in Panther with a CI/CD workflow using GitHub Actions
- [Migrating to a CI/CD Workflow](https://docs.panther.com/panther-developer-workflows/detections-repo/ci-cd/migrating-to-a-ci-cd-workflow.md): Transition from managing detection content in the Console to a CI/CD workflow
- [Panther API](https://docs.panther.com/panther-developer-workflows/api.md): Interact with Panther entities using the REST and GraphQL APIs
- [REST API](https://docs.panther.com/panther-developer-workflows/api/rest.md): Use the Panther REST API to interact with your Panther entities
- [Alerts](https://docs.panther.com/panther-developer-workflows/api/rest/alerts.md): REST API operations for alerts
- [Alert Comments](https://docs.panther.com/panther-developer-workflows/api/rest/alert-comments.md): REST API operation for alert comments
- [Alert Context Tags](https://docs.panther.com/panther-developer-workflows/api/rest/alert-context-tags.md): REST API operations for alert context tags
- [API Tokens](https://docs.panther.com/panther-developer-workflows/api/rest/api-tokens.md): REST API operations for api tokens
- [Cloud Accounts](https://docs.panther.com/panther-developer-workflows/api/rest/cloud-accounts.md)
- [Correlation Rules](https://docs.panther.com/panther-developer-workflows/api/rest/correlation-rules.md): REST API operations for correlation rules
- [Data Models](https://docs.panther.com/panther-developer-workflows/api/rest/data-models.md): REST API operations for data models
- [Globals](https://docs.panther.com/panther-developer-workflows/api/rest/globals.md): REST API operations for globals
- [Log Sources](https://docs.panther.com/panther-developer-workflows/api/rest/log-sources.md): REST API operations for log sources
- [GCS Sources](https://docs.panther.com/panther-developer-workflows/api/rest/log-sources/gcs-sources.md)
- [HTTP Sources](https://docs.panther.com/panther-developer-workflows/api/rest/log-sources/http-sources.md)
- [Pub/Sub Sources](https://docs.panther.com/panther-developer-workflows/api/rest/log-sources/pubsub-sources.md)
- [S3 Sources](https://docs.panther.com/panther-developer-workflows/api/rest/log-sources/s3-sources.md)
- [Log Source Alarms](https://docs.panther.com/panther-developer-workflows/api/rest/log-source-alarms.md)
- [Queries](https://docs.panther.com/panther-developer-workflows/api/rest/queries.md): REST API operations for saved and scheduled queries
- [Roles](https://docs.panther.com/panther-developer-workflows/api/rest/roles.md): REST API operations for roles
- [Rules](https://docs.panther.com/panther-developer-workflows/api/rest/rules.md): REST API operations for rules
- [Scheduled Rules](https://docs.panther.com/panther-developer-workflows/api/rest/scheduled-rules.md): REST API operations for Scheduled Rules
- [Simple Rules](https://docs.panther.com/panther-developer-workflows/api/rest/simple-rules.md): REST API operations for Simple/YAML Rules
- [Policies](https://docs.panther.com/panther-developer-workflows/api/rest/policies.md): REST API operations for policies
- [Users](https://docs.panther.com/panther-developer-workflows/api/rest/users.md): REST API operations for users
- [GraphQL API](https://docs.panther.com/panther-developer-workflows/api/graphql.md): Use the Panther GraphQL API to interact with your Panther entities
- [Alerts & Errors](https://docs.panther.com/panther-developer-workflows/api/graphql/alerts-and-errors.md): Panther API alert operations
- [Cloud Account Management](https://docs.panther.com/panther-developer-workflows/api/graphql/cloud-account.md): Panther API cloud account management operations
- [Data Lake Queries](https://docs.panther.com/panther-developer-workflows/api/graphql/data-lake-queries.md): Panther API search operations
- [Log Source Management](https://docs.panther.com/panther-developer-workflows/api/graphql/log-source.md): Panther API log source management operations
- [Metrics](https://docs.panther.com/panther-developer-workflows/api/graphql/metrics.md): Panther API user data for measuring ingestion and alert metrics
- [Schemas](https://docs.panther.com/panther-developer-workflows/api/graphql/schemas.md): Panther GraphQL API schema operations
- [Token Rotation](https://docs.panther.com/panther-developer-workflows/api/graphql/token-rotation.md): Panther API token rotation operation
- [User & Role Management](https://docs.panther.com/panther-developer-workflows/api/graphql/user-management.md): Panther API user and role management operations
- [API Playground](https://docs.panther.com/panther-developer-workflows/api/api-playground.md)
- [Terraform](https://docs.panther.com/panther-developer-workflows/terraform.md): Define your Panther infrastructure as code with Terraform
- [Managing AWS Cloud Accounts with Terraform](https://docs.panther.com/panther-developer-workflows/terraform/cloud-accounts.md): Manage AWS Cloud Accounts as code in Terraform
- [Managing AWS S3 Log Sources with Terraform](https://docs.panther.com/panther-developer-workflows/terraform/s3.md): Manage S3 log sources as code in Terraform
- [Managing Google Cloud Pub/Sub Log Sources with Terraform](https://docs.panther.com/panther-developer-workflows/terraform/pubsub.md): Manage Google Cloud Pub/Sub log sources as code in Terraform
- [Managing Google Cloud Storage (GCS) Log Sources with Terraform](https://docs.panther.com/panther-developer-workflows/terraform/gcs.md): Manage GCS log sources as code in Terraform
- [Managing HTTP Log Sources with Terraform](https://docs.panther.com/panther-developer-workflows/terraform/http.md): Manage HTTP log sources as code in Terraform
- [Managing Log Source Alarms with Terraform](https://docs.panther.com/panther-developer-workflows/terraform/log-source-alarms.md): Manage log source drop-off alarms as code in Terraform
- [pantherlog Tool](https://docs.panther.com/panther-developer-workflows/pantherlog.md): pantherlog is a CLI tool to help you work with custom logs
- [Converting Sigma Rules](https://docs.panther.com/panther-developer-workflows/converting-sigma-rules.md): Convert Sigma rules to Panther Detections
- [Panther AI Best Practices](https://docs.panther.com/best-practices/panther-ai-best-practices.md)
- [Help](https://docs.panther.com/resources/help.md): Get help on issues or questions you have while using Panther
- [Operations](https://docs.panther.com/resources/help/operations.md)
- [Security and Privacy](https://docs.panther.com/resources/help/security-privacy.md)
- [Security Without AWS External ID](https://docs.panther.com/resources/help/security-privacy/security-without-aws-external-id.md)
- [Glossary](https://docs.panther.com/resources/help/glossary.md): This Glossary introduces common cloud-native, security, and Panther-specific terminology.
- [Legal](https://docs.panther.com/resources/help/legal.md): Third-party terms applicable to our use of third-party software
- [Panther System Architecture](https://docs.panther.com/resources/panther-architecture.md): Diagrams and explanations of the Panther system architecture


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on a page URL with the `ask` query parameter:
```
GET https://docs.panther.com/readme.md?ask=<question>
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
