Your initial login and how to invite other users to your Panther Console
Setting up a destination where you will receive alerts
Onboarding logs you want to monitor
Setting up detections to alert you against common security threats
Overview
Overview Video
Tour of getting started in the Panther Console
Using Panther
You can manage your account and workflows in the Panther Console or using Panther Developer Workflows.
Panther Console
The Panther Console is Panther's web-based UI where Panther admins manage their account.
Panther Developer Workflows
Panther Developer Workflows are non-console workflows you can use to interact with your Panther account, including CI/CD, API, and the Panther Analysis Tool (PAT).
Getting Started in Panther
Initial Login
To access your Panther Console, you need an instance. An instance is created when the Panther team provisions your account.
Once your account has been provisioned, you will receive an invitation email from [email protected] with your temporary Panther Console login credentials. If you don't see it, be sure to check your spam folder or reach out to your customer support team.
After the initial console login with the provided credentials, you will need to update your password and set up MFA.
Login Screen
Inviting Users
After you have successfully logged in, you can invite more users to the platform by navigating to Settings > Users. You may also set up SAML integration.
We strongly recommend having at least two users with Admin role set up. This will help your organization regain access to the Panther Console if needed.
It is also recommended to routinely audit the users who have access to your Panther Console.
Alert Destinations
The first recommended step after initial login to the Panther Console is to configure destinations to receive alerts in notification systems such as Slack, PagerDuty, or automation platforms like Tines with a custom webhook. You can quickly set up a destination by following the steps below:
1.
In the Panther Console, go to Integrations > Alert Destinations.
Next up is to onboard data sources for data normalization, which will also allow you to query the logs in the data lake and perform real-time analysis with Python.
This Quick Start guide provides the general steps required to onboard data. To view instructions for specific integrations, please see the Data Onboarding documentation.
Create a new log source
To start onboarding data, navigate to Integrations > Log Sources and click Onboard your logs.
Here you will be able to choose from a list of services we currently support (or select Custom Onboarding on the left to view the available transport methods.)
The most common data source methods are ingesting data from an Amazon S3 bucket or directly pulling the logs from a supported SaaS service. For more information on each transport method visit the links below:
If the log source you want to ingest is not natively supported yet, visit the Custom Log Types documentation to upload logs and infer a schema.
After following the onboarding steps, your data will begin to be ingested into Panther. Your logs will be checked against the built-in Python detections and will be searchable within the Data Explorer. You can now query Indicator Search for investigations on common indicators for your various data sources.
​
​
​
Set Up Detections and Cloud Compliance
Panther comes with built-in detections that alert against common security events and monitoring of cloud infrastructure. Building on these built-in detections is easy; use Panther to create custom detections that address your organizational needs. Use the documentation below to guide you through setting up detections and cloud compliance: