Supported Logs
Panther supports 100+ security log types across 50+ different categories
Last updated
Panther supports 100+ security log types across 50+ different categories
Last updated
Panther has native schema support for all of the following sources, with different supported methods to ingest data depending on the log source.
If you do not see a needed source listed as supported, you can either define your own log type via a Custom Log entry or request support of a new log source.
Expand the block below to see which logs Panther offers built-in support for:
On the "Add New Source" page in the Panther Console, you can choose a service from the list or use the search bar to find a source.
The log files can be compressed using the following formats:
gzip
zstd (without dictionary)
Need to validate that a Panther-managed schema will work against your logs? You can test sample logs against the Panther-managed schema similarly to testing logs against a custom schema. Follow the steps below:
In the Panther Console, go to Configure > Schemas.
Click on a schema labeled Panther-managed.
In the schema details page, scroll to the bottom of the page where you'll be able to upload logs.
It is not possible to edit a Panther-managed schema. Instead, you can clone the schema to create a copy of it, which you can edit.
To clone a schema:
Log in to the Panther Console.
Click Configure > Schemas in the left sidebar.
Click on a schema in the list.
On the schema's details page, click Clone in the upper right corner.
For information on editing a custom schema, see the Custom Logs documentation.
Visit the Panther Knowledge Base to view articles about supported log sources that answer frequently asked questions and help you resolve common errors and issues.
