Data Sources & Transports
Onboard your data sources into Panther to normalize and retain logs
Last updated
Was this helpful?
Onboard your data sources into Panther to normalize and retain logs
Last updated
Was this helpful?
Panther offers built-in integrations for common data sources and data mapping for custom log sources. This page describes available , how to , how to , and how to .
For information on ingesting Panther Console audit logs, see the page.
On the final step of configuring your log source with Panther, you have the option to create an alarm in case the source does not process any events within a configurable period of time. For example, if you configure the threshold to 15 minutes, then you will receive an alert if no events are processed in 15 minutes.
If you do not see the log source you want within the list at Integrations > Log Sources, you can request support of a new log source:
Log in to your Panther Console.
Navigate to Configure > Log Sources.
Click Create New.
Enter the Log Source name you want to request and the use case it will address.
Click Create Request.
You can create an HTTP (webhook) source, or leverage cloud services like S3 buckets, CloudWatch, SQS, SNS, Azure Blob Storage, or Google Cloud Storage (GCS) to push data to Panther. For more information, see .
Panther supports pulling logs from vendors via direct integrations that query the API and via AWS EventBridge. In addition, Panther supports pushing logs to common Data Transport sources to ingest logs that have supported schemas but not a direct API integration. For a full list of supported vendors, see the page.
In addition to onboarding AWS as a log source to configure Detections and receive alerts, we recommend configuring Cloud Security Scanning for your AWS account. Cloud Security Scanning works by scanning AWS accounts, modeling the Resources within them, and using Policies to detect misconfigurations. For more information, see .
Panther allows you to generate a custom schema if you have a log type that is not yet supported. Panther gives you the ability to build custom schemas, which inform Panther how to parse events correctly. For more information, see
When your log source is onboarded in Panther, you can monitor its individual data processing metrics and health within the log source's operations page, attach new schemas, and view raw data associated with the log source. You can also monitor overall log source ingestion metrics on the Log Source Overview page. For more information, see .
Raw event filters allow you to filter your log data ingested into Panther, using regex expressions or substrings patterns. Filtering helps you realize the value of your high-volume logs and use logs that were previously cost-prohibitive when connected with Panther. For more information, see .
For instructions, see .
Scroll to the bottom of the page and click the Request it here hyperlink.
Visit the Panther Knowledge Base to that answer frequently asked questions and help you resolve common errors and issues.
