Panther Audit Log Actions
Below you'll find a list of all the available actions that Panther tracks as part of its audit logs:
  • ADD_MITRE_REPORT_MAPPING
  • CANCEL_DATA_LAKE_QUERY
  • CANCEL_LOG_SOURCE_JOB
  • CHECK_LOOKUP_TABLE_IMPORT_STATUS
  • CHECK_LOOKUP_TABLE_SYNC_STATUS
  • COMPUTE_REPLAY
  • CREATE_ALERT_DESTINATION
  • CREATE_API_TOKEN
  • CREATE_CLOUD_ACCOUNT
  • CREATE_DATA_MODEL
  • CREATE_DETECTION_FILTER
  • CREATE_DETECTION_PACK_SOURCE
  • CREATE_GLOBAL_HELPER
  • CREATE_LOG_PROVIDER_REQUEST
  • CREATE_LOG_SOURCE
  • CREATE_LOG_SOURCE_ALARM
  • CREATE_LOOKUP_TABLE
  • CREATE_OR_UPDATE_SCHEMA
  • CREATE_POLICY
  • CREATE_REPLAY
  • CREATE_RULE
  • CREATE_SAVED_DATA_LAKE_QUERY
  • CREATE_USER
  • CREATE_USER_ROLE
  • DELETE_ALERT_DESTINATION
  • DELETE_API_TOKEN
  • DELETE_CLOUD_ACCOUNT
  • DELETE_DATA_MODEL
  • DELETE_DETECTION
  • DELETE_DETECTION_FILTER
  • DELETE_DETECTION_PACK_SOURCE
  • DELETE_GLOBAL_HELPER
  • DELETE_LOG_SOURCE
  • DELETE_LOG_SOURCE_ALARM
  • DELETE_LOOKUP_TABLE
  • DELETE_SAVED_DATA_LAKE_QUERY
  • DELETE_USER
  • DELETE_USER_ROLE
  • DOWNLOAD_DATA_LAKE_QUERY
  • DOWNLOAD_DETECTIONS
  • EXECUTE_DATA_LAKE_QUERY
  • EXECUTE_INDICATOR_SEARCH_QUERY
  • GENERATE_CUSTOM_SCHEMA_SAMPLE
  • GENERATE_CUSTOM_SCHEMA_SAMPLE_UPLOAD_URL
  • GENERATE_DATA_LAKE_SQL_QUERY_SNIPPET
  • GENERATE_LOOKUP_TABLE_IMPORT_URL
  • GET_ALERT
  • GET_ALERT_DESTINATION
  • GET_API_TOKEN
  • GET_CLOUD_ACCOUNT
  • GET_CLOUD_RESOURCE
  • GET_CUSTOM_SCHEMA
  • GET_DATA_LAKE_DATABASE
  • GET_DATA_LAKE_QUERY
  • GET_DATA_LAKE_QUERY_SUMMARY
  • GET_DATA_LAKE_TABLE
  • GET_DATA_MODEL
  • GET_DETECTION_FILTER
  • GET_DETECTION_PACK
  • GET_DETECTION_PACK_SOURCE
  • GET_GENERAL_SETTINGS
  • GET_GLOBAL_HELPER
  • GET_HOLDING_TANK_SOURCE_RUNNING_TASK
  • GET_LOG_SCHEMA_TEST_RESULTS
  • GET_LOG_SOURCE
  • GET_LOG_SOURCE_JOB
  • GET_LOG_SOURCE_RAW_DATA
  • GET_LOOKUP_TABLE
  • GET_MITRE_MATRIX
  • GET_MITRE_MATRIX_TREE
  • GET_ORGANIZATION_COMPLIANCE_STATS
  • GET_ORGANIZATION_METRICS
  • GET_POLICY
  • GET_REPLAY
  • GET_REPLAY_ALERT
  • GET_REPLAY_PREVIEW
  • GET_REPORT_SETTING
  • GET_RULE
  • GET_SAML_SETTINGS
  • GET_SAVED_DATA_LAKE_QUERY
  • GET_SOURCE_METRICS
  • GET_SUPPORTED_LOG_PROVIDER
  • GET_USER
  • GET_USER_ROLE
  • IMPORT_LOOKUP_TABLE_DATA
  • INFER_CUSTOM_SCHEMA
  • INFER_SCHEMA_FROM_RAW_DATA
  • ISSUE_ALERT_SUMMARY_QUERIES
  • LIST_ALERTS
  • LIST_ALERT_DESTINATIONS
  • LIST_API_TOKENS
  • LIST_CLOUD_ACCOUNTS
  • LIST_CLOUD_RESOURCES
  • LIST_DATA_LAKE_DATABASES
  • LIST_DATA_LAKE_QUERIES
  • LIST_DATA_MODELS
  • LIST_DETECTIONS
  • LIST_DETECTION_FILTERS
  • LIST_DETECTION_PACKS
  • LIST_DETECTION_PACK_SOURCES
  • LIST_GLOBAL_HELPERS
  • LIST_HOLDING_TANK_TASKS
  • LIST_LOG_SOURCES
  • LIST_LOG_TYPES
  • LIST_LOOKUP_TABLES
  • LIST_POLICIES
  • LIST_REPLAYS
  • LIST_REPLAY_ALERTS
  • LIST_RESOURCES
  • LIST_SAVED_DATA_LAKE_QUERIES
  • LIST_SCHEMAS
  • LIST_SUPPORTED_LOG_PROVIDERS
  • LIST_USERS
  • LIST_USER_ROLES
  • RESET_USER_PASSWORD
  • RESOLVE_SOURCE_ALARM
  • RETRY_ALERT_DELIVERY
  • SEND_TEST_ALERT
  • SEND_USER_FEEDBACK
  • SIGN_IN
  • STOP_REPLAY
  • SUMMARIZE_DATA_LAKE_QUERY
  • SUPPRESS_POLICY
  • SYNC_LOOKUP_TABLE_DATA
  • TEST_CUSTOM_SCHEMA
  • TEST_LOG_SCHEMA_WITH_RAW_DATA
  • TEST_POLICY
  • TEST_RULE
  • UPDATE_ALERT_ASSIGNEE
  • UPDATE_ALERT_DESTINATION
  • UPDATE_ALERT_STATUS
  • UPDATE_API_TOKEN
  • UPDATE_CLOUD_ACCOUNT
  • UPDATE_CUSTOM_SCHEMA_STATE
  • UPDATE_DATA_MODEL
  • UPDATE_DETECTION_FILTER
  • UPDATE_DETECTION_PACK_SOURCE
  • UPDATE_DETECTION_PACK_STATE
  • UPDATE_DETECTION_STATE
  • UPDATE_GENERAL_SETTINGS
  • UPDATE_GLOBAL_HELPER
  • UPDATE_LOG_SOURCE
  • UPDATE_LOOKUP_TABLE
  • UPDATE_MITRE_REPORT_SETTING
  • UPDATE_POLICY
  • UPDATE_RULE
  • UPDATE_SAML_SETTINGS
  • UPDATE_SAVED_DATA_LAKE_QUERY
  • UPDATE_USER
  • UPDATE_USER_ROLE
  • UPLOAD_DETECTION_ENTITIES
Copy link