Data Lakes
For more information on the Snowflake and Athena backends, please see the documentation:
SnowflakeAthenaAvailable Databases
The following databases are available for analyzing in Panther:
panther_logs
All data sent via Log Analysis, organized by log type. This is the main Panther database, holding parsed records of all the onboarded log types. The number and size of the tables here will vary depending on the sources you onboard.
panther_rule_matches
Events for all triggered alerts, organized by log type. For every onboarded source that appears in a rule match, Panther creates a row in the corresponding table in the rule matches database. This allows for an easy historical view of what rules are firing and why.
panther_rule_errors
Events for all errors from rules (e.g., Python tracebacks) The rule errors tables keep track of events for easy debugging, such as errors in code, permissions issues, rules returning errors, and rules that do not run successfully.
panther_views
Standardized fields across all logs and rule matches.
panther_cloudsecurity
Panther cloud security scanning data.
panther_monitor
(Snowflake only)
Panther data loader self-monitoring. Panther Monitor contains information about the data load process into Panther's Snowflake database itself. See the Snowflake Backend page for more details.
Panther Views
Panther Views bring together common data fields that enable you to search across multiple data sources at once.
The following views are available:
panther_views.all_databases
Search all data (logs, rule matches and errors)
panther_views.all_logs
Search all log data
panther_views.all_cloudsecurity
Search all cloud security data. The Panther Cloud Security Database stores AWS configuration information and changes detected from the scans on the monitored environments.
panther_views.all_rule_matches
Search all events matching rules
panther_views.all_rule_errors
Search all events causing rule errors
Last updated