Knowledge Base Community Release Notes Training Videos Request Demo

Supported Logs

Panther supports 100+ security log types across 50+ different categories

Overview

Panther has native schema support for all of the following sources, with different supported methods to ingest data depending on the log source.

If you do not see a needed source listed as supported, you can either define your own log type via a Custom Log entry or request support of a new log source.

Panther-supported log sources

Expand the block below to see which logs Panther offers built-in support for:

Panther Supported Logs

1Password Logs

Azure Logs

Apache Logs

Asana Logs

Atlassian Logs

Auditd Logs (Beta)

Auth0 Logs

AWS Logs

Bitwarden Logs

Box Logs

Carbon Black Logs (Beta)

Cisco Umbrella Logs

Cloudflare Logs

CrowdStrike Logs

Docker Logs (Beta)

Dropbox Logs

Duo Security Logs

Fastly Logs

Fluentd Logs

GCP Logs

GitHub Logs

GitLab Logs

Google Workspace Logs

Heroku Logs (Beta)

Jamf Pro Logs

Juniper Logs

Lacework Logs

Microsoft 365 Logs

Microsoft Graph Logs

MongoDB Atlas Logs

Netskope Logs (Beta)

Nginx Logs

Okta Logs

OneLogin Logs

Osquery Logs

OSSEC Logs

Salesforce Logs

SentinelOne Logs

Slack Logs

Snyk Logs

Sophos Logs

Suricata Logs

Sysdig Logs

Syslog Logs

Tailscale Logs

Teleport Logs

Tenable Vulnerability Management Logs (Beta)

Tines Logs

Windows Event Logs (Beta)

Zeek Logs

Zendesk Logs

Zoom Logs

Working with Panther-managed schemas

Testing a Panther-managed schema

The log files can be compressed using the following formats:

  • gzip

  • zstd (without dictionary)

Need to validate that a Panther-managed schema will work against your logs? You can test sample logs against the Panther-managed schema similarly to testing logs against a custom schema. Follow the steps below:

  1. In the Panther Console, go to Configure > Schemas.

  2. Click on a schema labeled Panther-managed.

  3. In the schema details page, scroll to the bottom of the page where you'll be able to upload logs.

Cloning a Panther-managed schema

It is not possible to edit a Panther-managed schema. Instead, you can clone the schema to create a copy of it, which you can edit.

To clone a schema:

  1. Log in to the Panther Console.

  2. Click Configure > Schemas in the left sidebar.

  3. Click on a schema in the list.

  4. On the schema's details page, click Clone in the upper right corner.

For information on editing a custom schema, see the Custom Logs documentation.

Troubleshooting supported logs

Visit the Panther Knowledge Base to view articles about supported log sources that answer frequently asked questions and help you resolve common errors and issues.

PreviousData Sources & TransportsNext1Password Logs

Last updated

Change request #1924: [don't merge until ~Oct] Notion Logs (Beta)