Knowledge BaseRelease NotesRequest Demo

Schemas

Panther GraphQL API schema operations

Overview

The Panther API supports the following schema operations:

  • Creating or updating a custom schema

  • Listing schemas

You can invoke Panther's API by using your Console's API Playground, or the GraphQL-over-HTTP API. Learn more about these methods on Panther API.

See Custom Logs to learn more about custom schemas in Panther.

Required API token permissions

Before starting to make API calls, ensure your API token has the necessary permissions attached:

  • View Log Sources: Required for all schema operations.

  • Manage Log Sources: Required for the schema management operations that are mutations (i.e., CreateOrUpdateSchema).

  • Read User Info: Required if you would like to retrieve integration fields related to an actor, such as createdBy.

An "Integrations" header is above four checkboxes: View Cloud Security Sources, Manage Cloud Security Sources, View Log Sources, and Manage Log Sources.

Common schema operations

Creating a custom schema

Listing schemas

This query lists all schemas, including custom and Panther-managed schemas.

Pagination is not currently supported by schemas—all schemas will be returned in the first page of results. The cursor field in the input object, below, is a placeholder for when pagination is eventually supported.

PreviousMetricsNextToken Rotation

Last updated

Was this helpful?