panther v1.0 releases: cloud-native SIEM for threat detection, cloud security, and data analytics
What is Panther?
Panther was founded by the core architect of StreamAlert, a cloud-native solution for automated log analysis open-sourced by Airbnb.
Panther is the next step for security teams who need a modern alternative to traditional SIEMs. We designed Panther for a massive scale, with a rich and intuitive user experience, in-browser Python rule editing, and first-class AWS support.
Our mission is to provide an open platform to effectively protect businesses from cybersecurity threats.
Panther is a powerful, open-source, cloud-native SIEM designed to be:
Flexible: Python-based detections and alerting support for PagerDuty, Slack, MS Teams, and more
Scalable: Built on serverless technologies for cost and operational efficiency at scale
Fast: Near real-time rules analysis, alerting, and automatic remediation
Integrated: Analyze both security logs and cloud resources for total visibility
Automated: Fast and simple deployments with AWS CloudFormation
Secure: Least-privilege and encrypted infrastructure that you control
Panther’s use-cases include:
Log Analysis: Centralize and analyze log data with Rules for threats and suspicious activity
Incident Response: Perform historical queries with SQL over long-term data for analytics, log correlation, and forensics.
Cloud Compliance: Detect misconfigured cloud infrastructure and enforce best practices.
Auto Remediation: Automatically correct non-compliance infrastructure
Panther analyzes all security data generated by your clouds, networks, applications, and hosts to power threat detection, compliance, and security investigations. Panther provides flexible detection logic, a secure deployment within your AWS cloud, support for common security tools, and automation for painless deployments. Common uses include:
- Detect Unauthorized Access: Analyze logs to identify unauthorized access into systems
- Threat Hunting: Quickly search logs for matches against indicators of compromise with Panther’s standardized data fields
- Achieve Compliance: Use built-in detections as controls for SOC/PCI/HIPAA compliance
- Secure Your Cloud Resources: Automatically fix misconfigurations that could cause severe damage if exploited
Check out our announcement blog post to learn more.
- Low-latency log analysis for AWS, open source security tools, and more
- Real-time AWS infrastructure monitoring for improving your cloud security posture
- Historical data search across your logs and alert matches with standardized fields and specialized views
- Powerful UI for writing, deploying, and tuning detections along with system overview and configuration
- 150+ detections included for AWS and osquery data
- Alert destination support for Slack, PagerDuty, MS Teams, and more
- Automatic remediation of misconfigured resources
Changelog (from v0.3.0)
- The web app is organized more intuitively, showcasing a homepage, cloud security, and log analysis in separate sections
- CloudWatch alarms and dashboards monitor the health of your Panther deployment
- Cloud security policies can lookup other related resources
- Log analysis rules support custom titles and deduplication logic
- Panther automatically onboards its own AWS account for cloud security and log analysis
- Added a teardown command to completely remove an existing deployment
And of course many bug fixes, improved documentation, and more. See all the changes in the associated milestone.
Panther’s CloudFormation stacks and IAM roles have been reorganized, which means any deployment v0.3.0 or earlier will need to remove everything and start over.
Going forward, v1.x deployments will always maintain backward compatibility – we won’t introduce breaking changes without also providing an automated migration path.
Copyright (C) 2020 panther-labs