Panther Audit Log Actions

Panther Audit Logs is a feature available in versions 1.34 and newer.

Below you'll find a list of all the available actions that Panther tracks as part of its audit logs:

ADD_ENRICHMENT
ADD_MITRE_REPORT_MAPPING
AI_INFERENCE_STREAM
AI_INFERENCE_STREAM_EDIT
AI_INFERENCE_STREAM_METADATA
AI_SUMMARIZE_ALERT
AI_SUMMARIZE_LOG_EVENTS
ALL_DATALAKE_SCHEMA_ENTITIES
AUTODETECT_INDICATOR_FILTERS
BATCH_INFER_JOBS
BULK_UPLOAD_DETECTIONS
CANCEL_DASHBOARD_QUERIES
CANCEL_DATA_LAKE_QUERY
CANCEL_LOG_SOURCE_JOB
CANCEL_UBER_SEARCH
CHECK_LOOKUP_TABLE_IMPORT_STATUS
CHECK_LOOKUP_TABLE_SYNC_STATUS
CREATE_AI_CONVERSATION
CREATE_ALERT_DESTINATION
CREATE_API_TOKEN
CREATE_BOOMERANG
CREATE_CLOUD_ACCOUNT
CREATE_COMMENT
CREATE_DASHBOARD
CREATE_DATA_MODEL
CREATE_DETECTION_FILTER
CREATE_DETECTION_PACK_SOURCE
CREATE_GLOBAL_HELPER
CREATE_LOG_SOURCE
CREATE_LOG_SOURCE_ALARM
CREATE_LOOKUP_TABLE
CREATE_OR_UPDATE_SCHEMA
CREATE_PERF_TEST
CREATE_POLICY
CREATE_REPLAY
CREATE_RSA_KEY
CREATE_RULE
CREATE_RULE_V2
CREATE_SAVED_DATA_LAKE_QUERY
CREATE_SOURCE_REQUEST
CREATE_USER
CREATE_USER_ROLE
DELETE_ALERT_DESTINATION
DELETE_API_TOKEN
DELETE_CLOUD_ACCOUNT
DELETE_DASHBOARD
DELETE_DATA_MODEL
DELETE_DETECTION
DELETE_DETECTION_FILTER
DELETE_DETECTION_PACK_SOURCE
DELETE_ENRICHMENT
DELETE_GLOBAL_HELPER
DELETE_LOG_SOURCE
DELETE_LOG_SOURCE_ALARM
DELETE_LOOKUP_TABLE
DELETE_RULE_V2
DELETE_SAVED_DATA_LAKE_QUERY
DELETE_USER
DELETE_USER_ROLE
DETECTION_ENTITIES_UPLOAD_STATUS
DETECTION_STATS
DOWNLOAD_DATA_LAKE_QUERY
DOWNLOAD_DETECTIONS
DOWNLOAD_UBER_SEARCH_QUERY
EXECUTE_ALERT_ACTOR_PROFILE_QUERY
EXECUTE_DATA_LAKE_QUERY
EXECUTE_INDICATOR_SEARCH_QUERY
EXECUTE_SIMPLE_SEARCH_QUERY
EXECUTE_UBER_SEARCH
EXECUTE_UBER_SEARCH_PROPERTY_SUMMARY
GENERATE_CUSTOM_SCHEMA_SAMPLE
GENERATE_CUSTOM_SCHEMA_SAMPLE_UPLOAD_URL
GENERATE_DATA_LAKE_SQL_QUERY_SNIPPET
GENERATE_ENRICHED_EVENT
GENERATE_LOOKUP_TABLE_IMPORT_URL
GENERATE_SIMPLE_SEARCH_QUERY
GENERATE_UBER_SEARCH_QUERY
GET_ACTOR_INFO
GET_ALERT
GET_ALERT_DESTINATION
GET_ALERT_METRIC_DATA
GET_ALL_DATA_LAKE_TABLES
GET_API_TOKEN
GET_APP_CONFIG
GET_BULK_UPLOAD_DETECTIONS_STATUS
GET_BULK_UPLOAD_PRESIGNED_URL
GET_CLOUD_ACCOUNT
GET_CLOUD_RESOURCE
GET_CORRELATION_RULE
GET_CUSTOM_SCHEMA
GET_DASHBOARD
GET_DATA_LAKE_DATABASE
GET_DATA_LAKE_QUERY
GET_DATA_LAKE_QUERY_SUMMARY
GET_DATA_LAKE_TABLE
GET_DATA_MODEL
GET_DETECTION
GET_DETECTION_ALERT_METRICS
GET_DETECTION_FILTER
GET_DETECTION_PACK
GET_DETECTION_PACK_SOURCE
GET_ENRICHMENT
GET_FEATURE_FLAGS
GET_GENERAL_SETTINGS
GET_GLOBAL_HELPER
GET_HOLDING_TANK_SOURCE_RUNNING_TASK
GET_INGESTION_MONITORING_METRICS
GET_JIRA_ORG_METADATA
GET_LOG_SCHEMA_TEST_RESULTS
GET_LOG_SOURCE
GET_LOG_SOURCE_JOB
GET_LOG_SOURCE_RAW_DATA
GET_LOOKUP_TABLE
GET_MITRE_MATRIX
GET_MITRE_MATRIX_TREE
GET_MITRE_TACTIC_AND_TECHNIQUE
GET_NOTIFICATIONS
GET_NOTIFICATION_PREFERENCES
GET_ORGANIZATION_COMPLIANCE_STATS
GET_ORGANIZATION_METRICS
GET_POLICY
GET_PYPANTHER_VERSION
GET_REPLAY
GET_REPLAY_ALERT
GET_REPLAY_PREVIEW
GET_REPORT_SETTING
GET_RULE
GET_RULE_V2
GET_SAML_SETTINGS
GET_SAVED_DATA_LAKE_QUERY
GET_SOURCE_METRICS
GET_SOURCE_STATISTICS
GET_SUPPORTED_LOG_PROVIDER
GET_SUPPORT_LOGIN_CONFIG
GET_THREAT_INTEL
GET_UBER_SEARCH
GET_UBER_SEARCH_VISUALIZATION
GET_UNIVERSAL_SETTINGS
GET_USER
GET_USER_ROLE
IMPORT_LOOKUP_TABLE_DATA
INFER_CUSTOM_SCHEMA
INFER_SCHEMA_FROM_BUCKET_DATA
INFER_SCHEMA_FROM_RAW_DATA
ISSUE_ALERT_SUMMARY_QUERIES
JIRA_EVENT
LIST_ALERTS
LIST_ALERT_DESTINATIONS
LIST_API_TOKENS
LIST_CLOUD_ACCOUNTS
LIST_CLOUD_RESOURCES
LIST_DASHBOARDS
LIST_DATA_LAKE_DATABASES
LIST_DATA_LAKE_PROPERTIES
LIST_DATA_LAKE_QUERIES
LIST_DATA_MODELS
LIST_DETECTIONS
LIST_DETECTION_PACKS
LIST_DETECTION_PACK_SOURCES
LIST_FILTER_FIELDS
LIST_FILTER_FIELDS_FLAT
LIST_GLOBAL_HELPERS
LIST_HOLDING_TANK_TASKS
LIST_LOG_SOURCES
LIST_LOG_TYPES
LIST_LOOKUP_TABLES
LIST_POLICIES
LIST_REPLAYS
LIST_REPLAY_ALERTS
LIST_RESOURCES
LIST_SAVED_DATA_LAKE_QUERIES
LIST_SCHEMAS
LIST_SOURCE_BUCKET_KEYS
LIST_SUPPORTED_LOG_PROVIDERS
LIST_USERS
LIST_USER_ROLES
LOOKUP_TABLE_ENRICH
MARK_ALL_NOTIFICATIONS_AS_READ
MARK_NOTIFICATION_AS_READ
PUT_CORRELATION_RULE
PUT_NOTIFICATION_PREFERENCES
RESET_USER_PASSWORD
RESOLVE_SOURCE_ALARM
RESTORE_DASHBOARD
RETRY_ALERT_DELIVERY
ROTATE_API_TOKEN
RULE_PYTHON_BODY
SEND_TEST_ALERT
SEND_USER_FEEDBACK
SIGN_IN
STOP_REPLAY
SUMMARIZE_DATA_LAKE_QUERY
SUPPRESS_POLICY
SYNC_LOOKUP_TABLE_DATA
TEST_CORRELATION_RULE
TEST_CORRELATION_RULE_YAML
TEST_CUSTOM_SCHEMA
TEST_FILTER_EVENT
TEST_LOG_SCHEMA_WITH_RAW_DATA
TEST_POLICY
TEST_RULE
TRANSPILE_FILTERS
TRANSPILE_SIMPLE_DETECTIONS_TO_PYTHON
UBER_SEARCH_COLUMN_SUMMARY
UBER_SEARCH_PROPERTY_SUMMARY
UBER_SEARCH_TABLES
UPDATE_ALERT_ASSIGNEE
UPDATE_ALERT_DESTINATION
UPDATE_ALERT_STATUS
UPDATE_API_TOKEN
UPDATE_BOOMERANG
UPDATE_CLOUD_ACCOUNT
UPDATE_CUSTOM_SCHEMA_STATE
UPDATE_DASHBOARD
UPDATE_DATA_MODEL
UPDATE_DETECTION_FILTER
UPDATE_DETECTION_PACK_SOURCE
UPDATE_DETECTION_PACK_STATE
UPDATE_DETECTION_STATE
UPDATE_GENERAL_SETTINGS
UPDATE_GLOBAL_HELPER
UPDATE_LOG_SOURCE
UPDATE_LOG_SOURCE_FILTERS
UPDATE_LOOKUP_TABLE
UPDATE_MITRE_REPORT_SETTING
UPDATE_NOTIFICATION
UPDATE_POLICY
UPDATE_RULE_AND_FILTER
UPDATE_RULE_V2
UPDATE_SAML_SETTINGS
UPDATE_SAVED_DATA_LAKE_QUERY
UPDATE_SUPPORT_LOGIN_SETTINGS
UPDATE_USER
UPDATE_USER_NOTIFICATIONS
UPDATE_USER_ROLE
UPLOAD_DETECTION_ENTITIES
UPLOAD_DETECTION_ENTITIES_ASYNC
VALIDATE_BULK_UPLOAD
VALIDATE_BULK_UPLOAD_STATUS
VIEW_SOURCE_BUCKET_DATA
VIEW_SOURCE_PARSED_EVENTS

PreviousQuerying and Writing Detections for Panther Audit Logs NextNotifications and Errors (Beta)

Last updated 1 month ago

Was this helpful?