System Configuration

Overview

Use Panther's system configuration settings to configure your Panther Console and overall Panther deployment to best meet your organization's needs.

The gear icon in the upper right corner of the Panther Console is expanded and a drop-down menu is visible.

General settings

To access your General settings, click the gear icon in the upper right corner of your Panther Console. The General settings include the following tabs:

Only users with the Read Settings & SAML Preferences permission can view the configurations on this page, and only those with Edit Settings & SAML Preferences can make changes.

The footer on the Settings > General page displays your Panther instance's AWS Account ID, Panther Version, AWS Region, and Gateway Public IP:

The footer shows values for AWS Account ID, Version, AWS Region, and Gateway Public IP.

Main Information

In this section, you can configure the following fields:

Company Information
- Company Name
- Email
Preferences
- Send Product Analytics
  - This anonymized data helps us improve Panther.
- Enable Panther Audit Logs
  - Panther audit logs provide a read-only history of activity in your Panther deployment. You can write detections on your audit logs, or query for them in your data lake, the same way you would with any other security events ingested by Panther.
  - For more information, see Panther Audit Logs.

Identity & Access

You can integrate with SAML Identity Providers (IdPs) to enable user login to the Panther Console via SSO. After setting up a SSO integration, you can optionally enforce its use for logging in. Panther integrates with the following providers:

Panther also supports integrating with any SAML IdP via the Generic SSO integration.

For more information, see SAML/SSO Integration.

Data Lake

Panther is configured to write processed log data to an AWS-based Snowflake database cluster. Using Panther with Snowflake enables Panther data to both integrate with your given Business Intelligence tools and to perform assessments of your organization's security posture. For more information, see Snowflake Integration.

This section in the Panther Console Settings also includes the ability to make LIMIT clauses required for scheduled queries. See the scheduled query documentation for more information.

Developer Workflow

Click the toggle next to We use the Panther Analysis Tool to manage our detections if you want to prevent users from enabling Panther Packs in the Panther Console. This helps prevent update conflicts between the Console and CI/CD workflows.

The "Developer Workflow" is also known as the CLI workflow.

Panther AI

On the Panther AI tab, you can enable and configure Panther AI:

Enable Panther AI: Must be set to ON to use Panther AI. Additional steps may be required to use Panther AI—see Enabling Panther AI.
Customer Profile: Add an optional static prompt to all AI analyses. You can provide organization-specific context and direction in the text box to enhance AI-powered threat analysis.
Auto-run AI Triage on Alerts: When set to ON, when an alert is generated, AI alert triage is automatically run—meaning you don't have to run it yourself and wait for results. Learn more in Auto-run AI alert triage.
Auto-run AI triage is in closed beta starting with Panther version 1.113. Please share any bug reports and feature requests with your Panther support team.
Auto-run AI triage is only available to Cloud Connected customers and SaaS customers with pass-through billing.
- Alert Severities: If one or more alert severities is selected, Panther AI will only auto-run alert triage for alerts with those severities. Note that the INFO severity is excluded from this list, as Panther does not allow auto-run AI triage on INFO-level alerts.
- Detection Tags: If one or more tags is entered, Panther AI will only auto-run alert triage for alerts triggered by detections with at least one of those tags.

If both the Alert Severities and Detection Tags fields contain values, AI triage will only be auto-run if an alert meets both criteria, i.e., has one of the specified severities and its associated detection has one of the specified tags.

Under a "Panther AI" tab, there are two toggles: Enable Panther AI and Auto-run AI Triage on Alerts. At the bottom there is a Save Changes button.

User settings

View, delete, and invite users

Under Settings > Users, users with the View Users permission can view a list of all users in your Panther account. A user with the Manage Users permission can delete and invite users.

Inviting a user to Panther

To invite a new user to Panther:

In the upper-right corner of your Panther Console, click the gear icon, then Users.
Click Invite User.
Fill in the form, providing the user's email address, first name, last name, and role.
Click Invite.
- If the invitation is sent successfully, you will see a pop-up:
- The invited user must follow the flow outlined in Initial login, below.

When you invite a new user to your Panther instance, they receive an email with temporary credentials that they can use to sign in to the platform.

After a user's initial login, they are required to update their password and set up MFA.

Panther requires a strong password:

Password must contain at least 1 number
Password must contain at least 1 symbol
Password must contain at least 1 lowercase character
Password must contain at least 1 uppercase character
Password must contain at least 12 characters

User role settings

Configure Role-Based Access Control

Under Settings > User Roles, you can configure Role-Based Access Control (RBAC). This gives Panther deployments granular access control for its user accounts. All roles, including the three default Panther roles, are customizable by any user with UserModify permissions.

For more information, see Role-Based Access Control.

API Tokens and Playground

Under Settings > API Tokens, view a list of API tokens that have been created for your account. You can also create a new API Token.

Under Settings > API Playground, access Panther's API Playground to try out API operations.

Profile Settings

Profile Settings is in open beta starting with Panther version 1.115, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.

To configure settings for your profile in Panther, click your initials in the top right-hand corner of the Console. Then, click Profile Settings. You will see the following four tabs:

Profile
Account Security
Preferences
Notifications

Profile

In the Profile tab, you can set account information, such as first and last name. If you have signed in using SSO, the fields on this page will be disabled.

Account Security

In the Account Security tab, you can manage your password settings. If you have signed in using SSO, the fields on this page will be disabled.

Preferences

In the Preferences tab, you can choose if you want time zones to display in UTC. If toggled OFF, times and dates will be shown in your local time across the Console.

Notifications

In the Notifications tab, you can choose if you want to receive an email when an alert is assigned to you. This page does not control your in-Console notification preferences.

Other Panther Console features

System Health Notifications

Panther's System Health Notifications alert you with a "System Error" when a part of the Panther platform is not functioning correctly. This includes the following types of notifications:

Log source health notifications
Log classification errors
Alert delivery failures
Cloud security scanning failures

For more information, see System Health Notifications.

Troubleshooting System Configuration

Visit the Panther Knowledge Base to view articles about system configuration that answer frequently asked questions and help you resolve common errors and issues.

PreviousPanther AI Workflow Examples NextRole-Based Access Control

Last updated 1 day ago

Was this helpful?