Quick Start

Get started with your new Panther account
Get started with Panther by signing up for a free trial!
Welcome to Panther!
This guide will walk you through:
  • Your initial login and how to invite other users to your Panther Console
  • Setting up a destination where you will receive alerts
  • Onboarding logs you want to monitor
  • Setting up detections to alert you against common security threats


Overview Video

Tour video of getting started in the Panther Console

Using Panther

You can manage your account and workflows in the Panther Console or using Panther Developer Workflows.

Panther Console

The Panther Console is Panther's web-based UI where Panther admins manage their account.
Check out the Overview video above or the Panther Product Tour for a preview of the Panther Console.

Panther Developer Workflows

Panther Developer Workflows are non-console workflows you can use to interact with your Panther account, including CI/CD, API, and the Panther Analysis Tool (PAT).


Panther's Glossary introduces common cloud-native, security, and Panther-specific terminology. Refer to the Glossary for extra context and clarity on terms found throughout the Documentation site.

Getting Started in Panther

Initial Login

To access your Panther Console, you need an instance. An instance is created when the Panther team provisions your account.
Once your account has been provisioned, you will receive an invitation email from [email protected] with your temporary Panther Console login credentials. If you don't see it, be sure to check your spam folder or reach out to your customer support team.
After the initial console login with the provided credentials, you will need to update your password and set up MFA.
Panther requires a strong password:
  • Password must contain at least 12 characters
  • Password must contain at least 1 uppercase character
  • Password must contain at least 1 lowercase character
  • Password must contain at least 1 symbol
  • Password must contain at least 1 number

Trial Considerations

Once you have successfully logged into your trial account, look for the Panther Guide in the upper-right corner of the Console. The guide will walk you through a list of tasks to set up your account and begin detecting security threats:
  1. 1.
    Onboarding a data source (like AWS or Okta) to normalize data and run detections against your logs. If you need sample data to test with, please contact our Support Team using the Intercom Messenger in the bottom-right corner of the Panther Console.
  2. 2.
    Configuring an alert destination (such as Slack or PagerDuty) where you will get notified outside of the Panther Console when alerts are triggered.
  3. 3.
    Enabling a Detection Pack (like the Panther Core AWS Pack) to trigger alerts from Panther-written detections for common security issues.
The trial offers support for a limited selection of log sources with a total ingestion limit of 500 GB. Cloud Security Scanning is not available to trial users. To request moving to an unrestricted, assisted trial instead, use the Intercom Messenger.

Inviting Users

After you have successfully logged in, you can invite more users to the platform by navigating to Settings > Users. You may also set up SAML integration.
We strongly recommend having at least two users with Admin role set up. This will help your organization regain access to the Panther Console if needed.
It is also recommended to routinely audit the users who have access to your Panther Console.

Alert Destinations

The first recommended step after initial login to the Panther Console is to configure destinations to receive alerts in notification systems such as Slack, PagerDuty, or automation platforms like Tines with a custom webhook. You can quickly set up a destination by following the steps below:
  1. 1.
    In the Panther Console, go to Configure > Alert Destinations.
  2. 2.
    Click +Add your first Destination.
  3. 3.
    Click a destination you would like to configure:
See Panther's Destinations documentation for configuration steps specific to each service.

Data Onboarding

Next up is to onboard data sources for data normalization, which will also allow you to query the logs in the data lake and perform real-time analysis with Python.
This Quick Start guide provides the general steps required to onboard data. To view instructions for specific integrations, please see the documentation on Data Sources & Transports.

Create a new log source

To start onboarding data, navigate to Configure > Log Sources and click Create New. Here you can choose from a list of services we currently support.
The most common data source methods are ingesting data from an Amazon S3 bucket or directly pulling the logs from a supported SaaS service. For more information on each method, visit the links below:
If the log source you want to ingest is not natively supported yet, visit the Custom Log Types documentation to upload logs and infer a schema.
After following the onboarding steps, your data will begin to be ingested into Panther. Your logs will be checked against the built-in Python detections and will be searchable within the Data Explorer. You can now query Indicator Search for investigations on common indicators for your various data sources.

Set Up Detections and Cloud Compliance

Panther comes with built-in detections that alert against common security events and monitoring of cloud infrastructure. Building on these built-in detections is easy; use Panther to create custom detections that address your organizational needs. Use the documentation below to guide you through setting up detections and cloud compliance:

Next Steps: Plan your Panther onboarding

Once you're up and running in the Panther Console, it's time to make the most of everything Panther has to offer. We have created a checklist to help you plan your full onboarding and track feature adoption. This guided checklist, Success Schema: Enable, Configure and Detect with Panther, will walk you through planning and completing your Panther onboarding.