panther v1.3 releases: cloud-native SIEM for threat detection, cloud security, and data analytics
What is Panther?
Panther was founded by the core architect of StreamAlert, a cloud-native solution for automated log analysis open-sourced by Airbnb.
Panther is the next step for security teams who need a modern alternative to traditional SIEMs. We designed Panther for a massive scale, with a rich and intuitive user experience, in-browser Python rule editing, and first-class AWS support.
Our mission is to provide an open platform to effectively protect businesses from cybersecurity threats.
Panther is a powerful, open-source, cloud-native SIEM designed to be:
Flexible: Python-based detections and alerting support for PagerDuty, Slack, MS Teams, and more
Scalable: Built on serverless technologies for cost and operational efficiency at scale
Fast: Near real-time rules analysis, alerting, and automatic remediation
Integrated: Analyze both security logs and cloud resources for total visibility
Automated: Fast and simple deployments with AWS CloudFormation
Secure: Least-privilege and encrypted infrastructure that you control
Panther’s use-cases include:
Log Analysis: Centralize and analyze log data with Rules for threats and suspicious activity
Incident Response: Perform historical queries with SQL over long-term data for analytics, log correlation, and forensics.
Cloud Compliance: Detect misconfigured cloud infrastructure and enforce best practices.
Auto Remediation: Automatically correct non-compliance infrastructure
Panther analyzes all security data generated by your clouds, networks, applications, and hosts to power threat detection, compliance, and security investigations. Panther provides flexible detection logic, a secure deployment within your AWS cloud, support for common security tools, and automation for painless deployments. Common uses include:
- Detect Unauthorized Access: Analyze logs to identify unauthorized access into systems
- Threat Hunting: Quickly search logs for matches against indicators of compromise with Panther’s standardized data fields
- Achieve Compliance: Use built-in detections as controls for SOC/PCI/HIPAA compliance
- Secure Your Cloud Resources: Automatically fix misconfigurations that could cause severe damage if exploited
- Added support for multiple Python global packages supported for rules and policies
- Apache Access logs (common and combined) are now supported
- Rule tags are now stored in Athena/Snowflake tables
- A simple key-value store can be used to track integer counters and string sets across multiple rules and policies
- (#903) Support for Key/Val Table in Rules
- (#899) Added support for multiple Python global packages supported for Rules
- (#853) Added titles to all Panther UI pages
- (#869) Apache Access (common and combined)
- (#920) Rule tags are now stored in Athena/Snowflake tables
- (#876) Validate all AWS Account ID before extracting
- (#888 hardening
- (#887, #879) Some CloudWatch alarms are now managed by custom resources (the next release will have all alarms managed this way)
- (#872) Metric filters are now implemented as a custom resource
- (#861) The web image is now parameterized rather than being created on each deployment.
- (#868) Conform UI to latest Pounce version
Copyright (C) 2020 panther-labs