Sold by: Panther
Deployed on AWS
Panther is a modern Security Information and Event Management (SIEM) tool that solves the challenges of security operations at scale.
4.7
Overview
Note: Listing is specific to Panther's Cloud Connected deployment model, which requires the customer to own AWS and Snowflake infrastructure and associated costs. For custom pricing, SaaS deployment options, EULA, private contract, or private offers please contact sales@panther.com .
The shift to the cloud has resulted in an explosion of data that security teams need to collect, analyze, and retain to detect threats. However, traditional security monitoring tools were never built with cloud-scale in mind and cannot meet the demands of today's modern workloads. Panther is an AWS cloud-native threat detection platform that transforms terabytes of raw logs per day into a structured security data lake to power real-time detection, swift incident response, and thorough investigations.
With detection-as-code in Python and out-of-the-box integrations for critical log sources including S3, CloudTrail, VPC Flow Logs and more - Panther solves the challenges of security operations at scale.
Highlights
- Detect threats immediately by analyzing logs as soon as they are ingested, giving you the fastest possible time to detection.
- Answer security questions quickly with the ability to immediately query months of data in minutes and efficiently search for IoCs across all logs.
- Reduce SIEM costs dramatically while gaining lightning-fast query speeds, with an efficient, highly scalable data lake architecture.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Panther - 1TB/Month | Panther Cloud Connected - 1TB of Monthly Ingestion - 1 Year Data Retention | $50,000.00 |
Dimension | Cost/unit |
|---|---|
Details of overage can be found in EULA | $1.00 |
Vendor refund policy
Please reference EULA for refund policy
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Panther support has been continuously praised by customers. See the SLA's page attached for further insight. support@panther.io
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Panther
By IBM Security
By CrowdStrike
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Real-time Threat Detection
Analyzes logs immediately upon ingestion to detect threats with minimal time to detection latency.
Detection-as-Code Framework
Supports detection rules written in Python programming language for flexible and customizable threat detection logic.
Cloud-Native Data Lake Architecture
Transforms terabytes of raw logs daily into a structured security data lake optimized for scalability and query performance.
Multi-Source Log Integration
Provides out-of-the-box integrations for critical cloud log sources including S3, CloudTrail, and VPC Flow Logs.
Historical Data Query Capability
Enables querying of months of historical log data within minutes and supports efficient searching for Indicators of Compromise across all logs.
Security Information and Event Management
Real-time monitoring and visibility for threat detection including ransomware, insider threats, and cloud attacks with security analytics for rapid investigation and prioritization of critical threats.
Incident Response Automation and Orchestration
Automation and orchestration of incident response workflows with consistent, optimized, and measurable process execution.
Enterprise-Grade AI and Automation
Embedded artificial intelligence and automation capabilities designed to increase analyst productivity and accelerate incident lifecycle management.
Multi-Source Data Correlation
Correlation of data across users, networks, and cloud-native services to identify threats including cloud misconfigurations, policy changes, and suspicious user activity with alert deduplication.
Hybrid and Cloud Environment Integration
Centralized visibility across hybrid cloud and on-premises environments with deep integrations to AWS security services including Security Hub, CloudTrail, GuardDuty, Network Firewall, WAF, Detective, CloudWatch, and VPC Flow Logs.
Cloud Native Application Protection Platform
Adversary-focused Cloud Native Application Protection Platform with holistic intelligence providing end-to-end protection from host to cloud
Multi-Cloud Threat Detection and Response
Threat detection and response capabilities across AWS, Azure, and GCP with industry-fastest threat detection and response mechanisms
Container and Kubernetes Security
Container and Kubernetes protection with container image security, runtime protection, and support for on-premises, hybrid, and multi-cloud environments
Cloud Security Posture Management
Continuous posture management with discovery, visibility, and compliance monitoring across cloud infrastructure with automated misconfigurations detection
Workload Runtime Protection
Workload runtime protection with automated discovery, EDR for cloud workloads and containers, and managed threat hunting on a single lightweight agent
Standard contract
No
No
No
Customer reviews
Health, Wellness and Fitness
Purpose-Built SIEM for SecOps at Scale with a Delightful Search and Top-Tier AI SOC
Reviewed on Jan 28, 2026
Review provided by G2
What do you like best about the product?
Built for what matters in SecOps, detection and response at scale. Panther does not waste time on useless features as everything has purpose and meaning. Their search function has 3 modes, with PantherFlow being very much like KQL and a delight to use. The DAC concepts are top notch and .. their AI SOC functions actually work, Panther AI may be one of the best on the market right now.
What do you dislike about the product?
I’d prefer if it also supported self-hosting in Azure, in addition to AWS. That said, AWS works perfectly fine for me—it’s really just a matter of personal preference.
What problems is the product solving and how is that benefiting you?
Complex analysis of Cyber, Fraud, and Product Security events, with AI analysis and assistance to support investigations. Detections as code helps standardize and maintain detection logic in a clear, repeatable way.
Alejandro V.
Great Alert Context and a Clear Development Pipeline
Reviewed on Jan 21, 2026
Review provided by G2
What do you like best about the product?
Context for alerts, easy easy log source integration and clear development pipeline
What do you dislike about the product?
Raw log view without a basic summary of each alert unless AI triage is run
What problems is the product solving and how is that benefiting you?
The alert context is very useful for false positives detection, noise reduction and rule tuning
Daichi H.
Reliable SIEM with Strong Support and AI-Powered Efficient Operations
Reviewed on Jan 21, 2026
Review provided by G2
What do you like best about the product?
The support team is responsive and provides detailed guidance when we need help.
The platform is easy to implement and operate, even with a small team. Through its intuitive interface and AI capabilities, a small security team can work as effectively as larger ones.
Cost predictability is a significant advantage. Panther's cost structure allows us to forecast our security budget accurately, which is important for planning.
The MCP (Model Context Protocol) integration lets us build custom detection rules that combine Panther's data with our local data sources for tailored threat detection. MCP and PantherAI also help non-native English speakers quickly understand complex security information, reducing language barriers across our team.
The platform is easy to implement and operate, even with a small team. Through its intuitive interface and AI capabilities, a small security team can work as effectively as larger ones.
Cost predictability is a significant advantage. Panther's cost structure allows us to forecast our security budget accurately, which is important for planning.
The MCP (Model Context Protocol) integration lets us build custom detection rules that combine Panther's data with our local data sources for tailored threat detection. MCP and PantherAI also help non-native English speakers quickly understand complex security information, reducing language barriers across our team.
What do you dislike about the product?
I don't have any significant concerns or areas where I feel Panther needs improvement.
What problems is the product solving and how is that benefiting you?
As a small team implementing our first SIEM solution, we needed a platform that we could implement and manage without requiring extensive resources. During our POC, we evaluated Panther alongside two other solutions, and Panther proved to be the most effective in both implementation and operation, solving this challenge most smoothly.
The predictable cost structure was also crucial for getting approval from our leadership team, making the approval process straightforward.
The predictable cost structure was also crucial for getting approval from our leadership team, making the approval process straightforward.
Mark H.
Detection as Code and AI Triage Make Panther a Standout
Reviewed on Jan 13, 2026
Review provided by G2
What do you like best about the product?
Detection as code is handy for version control and creating an alert lifecycle (dev/staging/prod) Panther AI Triage is a game changer! Add in Panther MCP and GitHub Co-Pilot and we are on the cusp of fully automating a lot of our work!
What do you dislike about the product?
Alert pipeline includes unnecessary checks (via yaml and the test cases) that are really perfunctory and don't actually test the logic of the rule in question. Also fits unit testing approach which aligns more with software development than security.
What problems is the product solving and how is that benefiting you?
Panther is solving the noisy alert/alert fatigue challenge via Panther AI Triage. We can leverage it's insights to then tune our alerts better and narrow down the behaviors we want to protect and alert against. Not to mention we can off load analysis for signals we trust are lower in severity while still allowing a human-in-the-loop to review complex and higher severity alerts. This in turn is allowing our team to scale in ways not previously imagined (essentially being able to do more with less headcount).
Adam B.
Reliable Log Retention and Helpful Signals, But UI Can Be Slow
Reviewed on Oct 24, 2025
Review provided by G2
What do you like best about the product?
The log retention feature is reliable, and querying the logs is straightforward. I also find the signals provided to be quite helpful.
What do you dislike about the product?
The User Interface can be slow to load at times.
What problems is the product solving and how is that benefiting you?
Log retention, detection as code, operationalization of detection and response.