Panther Audit Log Actions

Panther Audit Logs is a feature available in versions 1.34 and newer.

Below you'll find a list of all the available actions that Panther tracks as part of its audit logs:

  • ADD_ENRICHMENT

  • ADD_MITRE_REPORT_MAPPING

  • AI_INFERENCE_STREAM

  • AI_SUMMARIZE_LOG_EVENTS

  • AUTODETECT_INDICATOR_FILTERS

  • BATCH_INFER_JOBS

  • CACHED_AI_SUMMARY_DATA

  • CANCEL_DATA_LAKE_QUERY

  • CANCEL_LOG_SOURCE_JOB

  • CANCEL_UBER_SEARCH

  • CHECK_LOOKUP_TABLE_IMPORT_STATUS

  • CHECK_LOOKUP_TABLE_SYNC_STATUS

  • CREATE_ALERT_DESTINATION

  • CREATE_API_TOKEN

  • CREATE_BOOMERANG

  • CREATE_CLOUD_ACCOUNT

  • CREATE_COMMENT

  • CREATE_DATA_MODEL

  • CREATE_DETECTION_FILTER

  • CREATE_DETECTION_PACK_SOURCE

  • CREATE_GLOBAL_HELPER

  • CREATE_LOG_SOURCE

  • CREATE_LOG_SOURCE_ALARM

  • CREATE_LOOKUP_TABLE

  • CREATE_OR_UPDATE_SCHEMA

  • CREATE_PERF_TEST

  • CREATE_POLICY

  • CREATE_REPLAY

  • CREATE_RULE

  • CREATE_SAVED_DATA_LAKE_QUERY

  • CREATE_SOURCE_REQUEST

  • CREATE_USER

  • CREATE_USER_ROLE

  • DELETE_ALERT_DESTINATION

  • DELETE_API_TOKEN

  • DELETE_CLOUD_ACCOUNT

  • DELETE_DATA_MODEL

  • DELETE_DETECTION

  • DELETE_DETECTION_FILTER

  • DELETE_DETECTION_PACK_SOURCE

  • DELETE_ENRICHMENT

  • DELETE_GLOBAL_HELPER

  • DELETE_LOG_SOURCE

  • DELETE_LOG_SOURCE_ALARM

  • DELETE_LOOKUP_TABLE

  • DELETE_SAVED_DATA_LAKE_QUERY

  • DELETE_USER

  • DELETE_USER_ROLE

  • DETECTION_ENTITIES_UPLOAD_STATUS

  • DOWNLOAD_DATA_LAKE_QUERY

  • DOWNLOAD_DETECTIONS

  • DOWNLOAD_UBER_SEARCH_QUERY

  • EXECUTE_DATA_LAKE_QUERY

  • EXECUTE_INDICATOR_SEARCH_QUERY

  • EXECUTE_SIMPLE_SEARCH_QUERY

  • EXECUTE_UBER_SEARCH

  • EXECUTE_UBER_SEARCH_PROPERTY_SUMMARY

  • GENERATE_CUSTOM_SCHEMA_SAMPLE

  • GENERATE_CUSTOM_SCHEMA_SAMPLE_UPLOAD_URL

  • GENERATE_DATA_LAKE_SQL_QUERY_SNIPPET

  • GENERATE_ENRICHED_EVENT

  • GENERATE_LOOKUP_TABLE_IMPORT_URL

  • GENERATE_SIMPLE_SEARCH_QUERY

  • GENERATE_UBER_SEARCH_QUERY

  • GET_ACTOR_INFO

  • GET_ALERT

  • GET_ALERT_DESTINATION

  • GET_ALERT_METRIC_DATA

  • GET_ALL_DATA_LAKE_TABLES

  • GET_API_TOKEN

  • GET_CHECKLISTS

  • GET_CLOUD_ACCOUNT

  • GET_CLOUD_RESOURCE

  • GET_CORRELATION_RULE

  • GET_CUSTOM_SCHEMA

  • GET_DATA_LAKE_DATABASE

  • GET_DATA_LAKE_QUERY

  • GET_DATA_LAKE_QUERY_SUMMARY

  • GET_DATA_LAKE_TABLE

  • GET_DATA_MODEL

  • GET_DETECTION_FILTER

  • GET_DETECTION_PACK

  • GET_DETECTION_PACK_SOURCE

  • GET_ENRICHMENT

  • GET_FEATURE_FLAGS

  • GET_GENERAL_SETTINGS

  • GET_GLOBAL_HELPER

  • GET_HOLDING_TANK_SOURCE_RUNNING_TASK

  • GET_INGESTION_GOVERNOR_STATE

  • GET_INGESTION_MONITORING_METRICS

  • GET_LOG_SCHEMA_TEST_RESULTS

  • GET_LOG_SOURCE

  • GET_LOG_SOURCE_JOB

  • GET_LOG_SOURCE_RAW_DATA

  • GET_LOOKUP_TABLE

  • GET_MITRE_MATRIX

  • GET_MITRE_MATRIX_TREE

  • GET_MITRE_TACTIC_AND_TECHNIQUE

  • GET_NOTIFICATIONS

  • GET_NOTIFICATION_PREFERENCES

  • GET_ORGANIZATION_COMPLIANCE_STATS

  • GET_ORGANIZATION_METRICS

  • GET_POLICY

  • GET_REPLAY

  • GET_REPLAY_ALERT

  • GET_REPLAY_PREVIEW

  • GET_REPORT_SETTING

  • GET_RULE

  • GET_SAML_SETTINGS

  • GET_SAVED_DATA_LAKE_QUERY

  • GET_SOURCE_METRICS

  • GET_SOURCE_STATISTICS

  • GET_SUPPORTED_LOG_PROVIDER

  • GET_SUPPORT_LOGIN_CONFIG

  • GET_THREAT_INTEL

  • GET_TRIAL_INGESTION_METRICS

  • GET_UBER_SEARCH

  • GET_UNIVERSAL_SETTINGS

  • GET_USER

  • GET_USER_ROLE

  • IMPORT_LOOKUP_TABLE_DATA

  • INFER_CUSTOM_SCHEMA

  • INFER_SCHEMA_FROM_BUCKET_DATA

  • INFER_SCHEMA_FROM_RAW_DATA

  • ISSUE_ALERT_SUMMARY_QUERIES

  • JIRA_EVENT

  • LIST_ALERTS

  • LIST_ALERT_DESTINATIONS

  • LIST_API_TOKENS

  • LIST_CLOUD_ACCOUNTS

  • LIST_CLOUD_RESOURCES

  • LIST_DATA_LAKE_DATABASES

  • LIST_DATA_LAKE_PROPERTIES

  • LIST_DATA_LAKE_QUERIES

  • LIST_DATA_MODELS

  • LIST_DETECTIONS

  • LIST_DETECTION_PACKS

  • LIST_DETECTION_PACK_SOURCES

  • LIST_FILTER_FIELDS

  • LIST_FILTER_FIELDS_FLAT

  • LIST_GLOBAL_HELPERS

  • LIST_HOLDING_TANK_TASKS

  • LIST_JIRA_TRANSITION_STATUSES

  • LIST_LOG_SOURCES

  • LIST_LOG_TYPES

  • LIST_LOOKUP_TABLES

  • LIST_POLICIES

  • LIST_REPLAYS

  • LIST_REPLAY_ALERTS

  • LIST_RESOURCES

  • LIST_SAVED_DATA_LAKE_QUERIES

  • LIST_SCHEMAS

  • LIST_SOURCE_BUCKET_KEYS

  • LIST_SUPPORTED_LOG_PROVIDERS

  • LIST_USERS

  • LIST_USER_ROLES

  • LOOKUP_TABLE_ENRICH

  • MARK_ALL_NOTIFICATIONS_AS_READ

  • MARK_NOTIFICATION_AS_READ

  • PUT_CORRELATION_RULE

  • PUT_NOTIFICATION_PREFERENCES

  • RESET_USER_PASSWORD

  • RESOLVE_SOURCE_ALARM

  • RETRY_ALERT_DELIVERY

  • ROTATE_API_TOKEN

  • RULE_PYTHON_BODY

  • SEND_TEST_ALERT

  • SEND_USER_FEEDBACK

  • SIGN_IN

  • STOP_REPLAY

  • SUMMARIZE_DATA_LAKE_QUERY

  • SUPPRESS_POLICY

  • SYNC_LOOKUP_TABLE_DATA

  • TEST_CUSTOM_SCHEMA

  • TEST_FILTER_EVENT

  • TEST_LOG_SCHEMA_WITH_RAW_DATA

  • TEST_POLICY

  • TEST_RULE

  • TRANSPILE_FILTERS

  • TRANSPILE_SIMPLE_DETECTIONS_TO_PYTHON

  • UBER_SEARCH_COLUMN_SUMMARY

  • UBER_SEARCH_PROPERTY_SUMMARY

  • UBER_SEARCH_TABLES

  • UPDATE_ALERT_ASSIGNEE

  • UPDATE_ALERT_DESTINATION

  • UPDATE_ALERT_STATUS

  • UPDATE_API_TOKEN

  • UPDATE_BOOMERANG

  • UPDATE_CLOUD_ACCOUNT

  • UPDATE_CUSTOM_SCHEMA_STATE

  • UPDATE_DATA_MODEL

  • UPDATE_DETECTION_FILTER

  • UPDATE_DETECTION_PACK_SOURCE

  • UPDATE_DETECTION_PACK_STATE

  • UPDATE_DETECTION_STATE

  • UPDATE_GENERAL_SETTINGS

  • UPDATE_GLOBAL_HELPER

  • UPDATE_LOG_SOURCE

  • UPDATE_LOG_SOURCE_FILTERS

  • UPDATE_LOOKUP_TABLE

  • UPDATE_MITRE_REPORT_SETTING

  • UPDATE_NOTIFICATION

  • UPDATE_POLICY

  • UPDATE_RULE_AND_FILTER

  • UPDATE_SAML_SETTINGS

  • UPDATE_SAVED_DATA_LAKE_QUERY

  • UPDATE_SUPPORT_LOGIN_SETTINGS

  • UPDATE_USER

  • UPDATE_USER_NOTIFICATIONS

  • UPDATE_USER_ROLE

  • UPLOAD_DETECTION_ENTITIES

  • UPLOAD_DETECTION_ENTITIES_ASYNC

  • VALIDATE_BULK_UPLOAD

  • VALIDATE_BULK_UPLOAD_STATUS

  • VIEW_SOURCE_BUCKET_DATA

  • VIEW_SOURCE_PARSED_EVENTS

Last updated