AWS Logs
Connecting AWS logs to your Panther Console
Overview
Panther supports log ingestion from the following Amazon Web Services (AWS) services: AWS CloudTrail
Beyond these natively supported AWS log sources, Panther also supports log ingestion from any other services via our AWS data transports: S3 Source, SQS Source, and CloudWatch Logs Source.
In addition to log monitoring, we recommend using Panther's Cloud Security Scanning to detect misconfigurations in your AWS environment.
Panther-built detections
See Panther's prewritten AWS rules in the panther-analysis Github repository.
Querying logs in Data Explorer
See example SQL queries, for use in Panther's Data Explorer, on the following pages:
Cloud Security Scanning for AWS resources
Beyond monitoring your AWS logs, we recommend onboarding your AWS environment as a Cloud Account for Cloud Security Scanning. Cloud Security Scanning checks your cloud resources against policies you've defined to identify and alert you to vulnerabilities in your AWS environment. Panther also comes with several built-in policies based on common cloud infrastructure misconfigurations.
To learn more about how to set up Cloud Security Scanning for AWS, see Onboarding the Cloud Account in Panther.
Last updated