Panther Audit Log Actions
Panther Audit Logs is a feature available in versions 1.34 and newer.
Below you'll find a list of all the available actions that Panther tracks as part of its audit logs:
- ADD_MITRE_REPORT_MAPPING
- CANCEL_DATA_LAKE_QUERY
- CANCEL_LOG_SOURCE_JOB
- CHECK_LOOKUP_TABLE_IMPORT_STATUS
- CHECK_LOOKUP_TABLE_SYNC_STATUS
- COMPUTE_REPLAY
- CREATE_ALERT_DESTINATION
- CREATE_API_TOKEN
- CREATE_BOOMERANG
- CREATE_CLOUD_ACCOUNT
- CREATE_COMMENT
- CREATE_DATA_MODEL
- CREATE_DETECTION_FILTER
- CREATE_DETECTION_PACK_SOURCE
- CREATE_GLOBAL_HELPER
- CREATE_LOG_PROVIDER_REQUEST
- CREATE_LOG_SOURCE
- CREATE_LOG_SOURCE_ALARM
- CREATE_LOOKUP_TABLE
- CREATE_OR_UPDATE_SCHEMA
- CREATE_POLICY
- CREATE_REPLAY
- CREATE_RULE
- CREATE_SAVED_DATA_LAKE_QUERY
- CREATE_USER
- CREATE_USER_ROLE
- DELETE_ALERT_DESTINATION
- DELETE_API_TOKEN
- DELETE_CLOUD_ACCOUNT
- DELETE_DATA_MODEL
- DELETE_DETECTION
- DELETE_DETECTION_FILTER
- DELETE_DETECTION_PACK_SOURCE
- DELETE_GLOBAL_HELPER
- DELETE_LOG_SOURCE
- DELETE_LOG_SOURCE_ALARM
- DELETE_LOOKUP_TABLE
- DELETE_SAVED_DATA_LAKE_QUERY
- DELETE_USER
- DELETE_USER_ROLE
- DOWNLOAD_DATA_LAKE_QUERY
- DOWNLOAD_DETECTIONS
- EXECUTE_DATA_LAKE_QUERY
- EXECUTE_INDICATOR_SEARCH_QUERY
- EXECUTE_SIMPLE_SEARCH_QUERY
- GENERATE_CUSTOM_SCHEMA_SAMPLE
- GENERATE_CUSTOM_SCHEMA_SAMPLE_UPLOAD_URL
- GENERATE_DATA_LAKE_SQL_QUERY_SNIPPET
- GENERATE_LOOKUP_TABLE_IMPORT_URL
- GENERATE_SIMPLE_SEARCH_QUERY
- GET_ALERT
- GET_ALERT_DESTINATION
- GET_ALERT_METRIC_DATA
- GET_API_TOKEN
- GET_CHECKLISTS
- GET_CLOUD_ACCOUNT
- GET_CLOUD_RESOURCE
- GET_CUSTOM_SCHEMA
- GET_DATA_LAKE_DATABASE
- GET_DATA_LAKE_QUERY
- GET_DATA_LAKE_QUERY_SUMMARY
- GET_DATA_LAKE_TABLE
- GET_DATA_MODEL
- GET_DETECTION_FILTER
- GET_DETECTION_PACK
- GET_DETECTION_PACK_SOURCE
- GET_GENERAL_SETTINGS
- GET_GLOBAL_HELPER
- GET_HOLDING_TANK_SOURCE_RUNNING_TASK
- GET_INGESTION_GOVERNOR_STATE
- GET_LOG_SCHEMA_TEST_RESULTS
- GET_LOG_SOURCE
- GET_LOG_SOURCE_JOB
- GET_LOG_SOURCE_RAW_DATA
- GET_LOOKUP_TABLE
- GET_MITRE_MATRIX
- GET_MITRE_MATRIX_TREE
- GET_ORGANIZATION_COMPLIANCE_STATS
- GET_ORGANIZATION_METRICS
- GET_POLICY
- GET_REPLAY
- GET_REPLAY_ALERT
- GET_REPLAY_PREVIEW
- GET_REPORT_SETTING
- GET_RULE
- GET_SAML_SETTINGS
- GET_SAVED_DATA_LAKE_QUERY
- GET_SOURCE_METRICS
- GET_SUPPORTED_LOG_PROVIDER
- GET_THREAT_INTEL
- GET_TRIAL_INGESTION_METRICS
- GET_UNIVERSAL_SETTINGS
- GET_USER
- GET_USER_ROLE
- IMPORT_LOOKUP_TABLE_DATA
- INFER_CUSTOM_SCHEMA
- INFER_SCHEMA_FROM_RAW_DATA
- ISSUE_ALERT_SUMMARY_QUERIES
- LIST_ALERTS
- LIST_ALERT_DESTINATIONS
- LIST_API_TOKENS
- LIST_CLOUD_ACCOUNTS
- LIST_CLOUD_RESOURCES
- LIST_DATA_LAKE_DATABASES
- LIST_DATA_LAKE_QUERIES
- LIST_DATA_MODELS
- LIST_DETECTIONS
- LIST_DETECTION_PACKS
- LIST_DETECTION_PACK_SOURCES
- LIST_FILTER_FIELDS
- LIST_GLOBAL_HELPERS
- LIST_HOLDING_TANK_TASKS
- LIST_JIRA_TRANSITION_STATUSES
- LIST_LOG_SOURCES
- LIST_LOG_TYPES
- LIST_LOOKUP_TABLES
- LIST_POLICIES
- LIST_REPLAYS
- LIST_REPLAY_ALERTS
- LIST_RESOURCES
- LIST_SAVED_DATA_LAKE_QUERIES
- LIST_SCHEMAS
- LIST_SUPPORTED_LOG_PROVIDERS
- LIST_USERS
- LIST_USER_ROLES
- RESET_USER_PASSWORD
- RESOLVE_SOURCE_ALARM
- RETRY_ALERT_DELIVERY
- SEND_TEST_ALERT
- SEND_USER_FEEDBACK
- SIGN_IN
- STOP_REPLAY
- SUMMARIZE_DATA_LAKE_QUERY
- SUPPRESS_POLICY
- SYNC_LOOKUP_TABLE_DATA
- TEST_CUSTOM_SCHEMA
- TEST_LOG_SCHEMA_WITH_RAW_DATA
- TEST_POLICY
- TEST_RULE
- UPDATE_ALERT_ASSIGNEE
- UPDATE_ALERT_DESTINATION
- UPDATE_ALERT_STATUS
- UPDATE_API_TOKEN
- UPDATE_BOOMERANG
- UPDATE_CLOUD_ACCOUNT
- UPDATE_CUSTOM_SCHEMA_STATE
- UPDATE_DATA_MODEL
- UPDATE_DETECTION_FILTER
- UPDATE_DETECTION_PACK_SOURCE
- UPDATE_DETECTION_PACK_STATE
- UPDATE_DETECTION_STATE
- UPDATE_GENERAL_SETTINGS
- UPDATE_GLOBAL_HELPER
- UPDATE_LOG_SOURCE
- UPDATE_LOOKUP_TABLE
- UPDATE_MITRE_REPORT_SETTING
- UPDATE_POLICY
- UPDATE_RULE
- UPDATE_SAML_SETTINGS
- UPDATE_SAVED_DATA_LAKE_QUERY
- UPDATE_USER
- UPDATE_USER_ROLE
- UPLOAD_DETECTION_ENTITIES