Data Lakes

For more information on the Snowflake and Athena backends, please see the documentation:

Available Databases

The following databases are available for analyzing in Panther:

Database Description of Database

Database	Description of Database
`panther_logs`	All data sent via Log Analysis, organized by log type. This is the main Panther database, holding parsed records of all the onboarded log types. The number and size of the tables here will vary depending on the sources you onboard.
`panther_rule_matches`	Events for all triggered alerts, organized by log type. For every onboarded source that appears in a rule match, Panther creates a row in the corresponding table in the rule matches database. This allows for an easy historical view of what rules are firing and why.
`panther_rule_errors`	Events for all errors from rules (e.g., Python tracebacks) The rule errors tables keep track of events for easy debugging, such as errors in code, permissions issues, rules returning errors, and rules that do not run successfully.
`panther_views`	Standardized fields across all logs and rule matches.
`panther_cloudsecurity`	Panther cloud security scanning data.
`panther_monitor` (Snowflake only)	Panther data loader self-monitoring. Panther Monitor contains information about the data load process into Panther's Snowflake database itself. See the Snowflake Backend page for more details.

panther_logs

All data sent via Log Analysis, organized by log type. This is the main Panther database, holding parsed records of all the onboarded log types. The number and size of the tables here will vary depending on the sources you onboard.

panther_rule_matches

Events for all triggered alerts, organized by log type. For every onboarded source that appears in a rule match, Panther creates a row in the corresponding table in the rule matches database. This allows for an easy historical view of what rules are firing and why.

panther_rule_errors

Events for all errors from rules (e.g., Python tracebacks) The rule errors tables keep track of events for easy debugging, such as errors in code, permissions issues, rules returning errors, and rules that do not run successfully.

panther_views

Standardized fields across all logs and rule matches.

panther_cloudsecurity

Panther cloud security scanning data.

panther_monitor (Snowflake only)

Panther data loader self-monitoring. Panther Monitor contains information about the data load process into Panther's Snowflake database itself. See the Snowflake Backend page for more details.

Panther Views

Panther Views bring together common data fields that enable you to search across multiple data sources at once.

The following views are available:

View Description of Panther Views

View	Description of Panther Views
`panther_views.all_databases`	Search all data (logs, rule matches and errors)
`panther_views.all_logs`	Search all log data
`panther_views.all_cloudsecurity`	Search all cloud security data. The Panther Cloud Security Database stores AWS configuration information and changes detected from the scans on the monitored environments.
`panther_views.all_rule_matches`	Search all events matching rules
`panther_views.all_rule_errors`	Search all events causing rule errors

panther_views.all_databases

Search all data (logs, rule matches and errors)

panther_views.all_logs

Search all log data

panther_views.all_cloudsecurity

Search all cloud security data. The Panther Cloud Security Database stores AWS configuration information and changes detected from the scans on the monitored environments.

panther_views.all_rule_matches

Search all events matching rules

panther_views.all_rule_errors

Search all events causing rule errors

PreviousSearch History NextSnowflake

Last updated 1 year ago