Quick Start
Get started with your new Panther account
Get started with Panther by scheduling a demo!
Welcome to Panther!
This guide will walk you through:
  • Your initial login and how to invite other users to your Panther Console
  • Setting up a destination where you will receive alerts
  • Onboarding logs you want to monitor
  • Setting up detections to alert you against common security threats


Overview Video

Tour of getting started in the Panther Console

Using Panther

You can manage your account and workflows in the Panther Console or using Panther Developer Workflows.

Panther Console

The Panther Console is Panther's web-based UI where Panther admins manage their account.

Panther Developer Workflows

Panther Developer Workflows are non-console workflows you can use to interact with your Panther account, including CI/CD, API, and the Panther Analysis Tool (PAT).

Getting Started in Panther

Initial Login

To access your Panther Console, you need an instance. An instance is created when the Panther team provisions your account.
Once your account has been provisioned, you will receive an invitation email from [email protected] with your temporary Panther Console login credentials. If you don't see it, be sure to check your spam folder or reach out to your customer support team.
After the initial console login with the provided credentials, you will need to update your password and set up MFA.
Login Screen

Inviting Users

After you have successfully logged in, you can invite more users to the platform by navigating to Settings > Users. You may also set up SAML integration.
We strongly recommend having at least two users with Admin role set up. This will help your organization regain access to the Panther Console if needed.
It is also recommended to routinely audit the users who have access to your Panther Console.

Alert Destinations

The first recommended step after initial login to the Panther Console is to configure destinations to receive alerts in notification systems such as Slack, PagerDuty, or automation platforms like Tines with a custom webhook. You can quickly set up a destination by following the steps below:
  1. 1.
    In the Panther Console, go to Integrations > Alert Destinations.
  2. 2.
    Click +Add your first Destination.
  3. 3.
    Click a destination you would like to configure:
See Panther's Destinations documentation for configuration steps specific to each service.

Data Onboarding

Next up is to onboard data sources for data normalization, which will also allow you to query the logs in the data lake and perform real-time analysis with Python.
This Quick Start guide provides the general steps required to onboard data. To view instructions for specific integrations, please see the Data Onboarding documentation.

Create a new log source

To start onboarding data, navigate to Integrations > Log Sources and click Onboard your logs.
Here you will be able to choose from a list of services we currently support (or select Custom Onboarding on the left to view the available transport methods.)
The most common data source methods are ingesting data from an Amazon S3 bucket or directly pulling the logs from a supported SaaS service. For more information on each transport method visit the links below:
If the log source you want to ingest is not natively supported yet, visit the Custom Log Types documentation to upload logs and infer a schema.
After following the onboarding steps, your data will begin to be ingested into Panther. Your logs will be checked against the built-in Python detections and will be searchable within the Data Explorer. You can now query Indicator Search for investigations on common indicators for your various data sources.

Set Up Detections and Cloud Compliance

Panther comes with built-in detections that alert against common security events and monitoring of cloud infrastructure. Building on these built-in detections is easy; use Panther to create custom detections that address your organizational needs. Use the documentation below to guide you through setting up detections and cloud compliance: