Panther - Cloud Connected

My main use case for Panther  is real-time monitoring of alerts, where we triage incidents that occur for our on-call duties. Panther  is one of the major sources from which we receive alerts in real-time.

I use Panther for real-time monitoring by integrating it with Teams and other applications that we use frequently. Whenever an alert comes up, based on the logs and integrations we have set up with Panther, we receive alerts that we triage for further investigation to determine whether they are false positives or not. Panther's AI feature specifically helps us a lot by simplifying our work, providing context on the findings and alerts it processes, and aiding us in understanding whether an activity could be benign or malicious.

We receive Panther alerts since we have integrated many network components with it. Currently, we are utilizing the AI Triage feature, which offers significant clarity on issues and whether they might be false positives or not, allowing us to focus more on suspicious findings. Sometimes what I observe is that an alert could be a false positive, yet it could also be a true positive. However, AI Triage significantly aids us, and we still need to verify if we are genuinely affected or not.

The best features Panther offers are AI Triage, the ability to comment on our activities, and seamless integration with other communication sources such as PagerDuty, Microsoft Teams , and potentially Slack, showcasing the flexibility we have in using this tool.

The most valuable feature for my team is definitely AI Triage, which helps save a lot of time by eliminating the need for manual research regarding patterns that may be repeated, making our work easier and more efficient.

Panther has positively impacted my organization as it serves as one of the main sources for triaging real-time incidents. Panther definitely plays a key role in the work that we do.

Specific outcomes that show how Panther has helped our organization include saving a lot of time, especially since the AI Triage feature reduces the necessity to reach out to others for clarity, which it occasionally accomplishes on its own. To be honest, it does lack some aspects. For example, if it could access our organizational knowledge, including the Jira  database, it might better analyze incidents and determine whether they are false positives or not by using more contextual data.

Panther could be improved by adding a feature that allows it to access organizational data, which would help produce better-tuned outputs with fewer false positives and alerts, making our jobs easier. Additionally, a feature in the alert section that enables users to create rules, perhaps using AI, to whitelist or blacklist certain patterns would also be useful.

The only thing that comes to mind right now as an improvement is having greater organizational knowledge integration and fine-tuning the alerts we receive, along with better triage capabilities.

I have been using Panther for more than one year.

Based on my experience, Panther is definitely stable.

Panther's scalability is good. We have not encountered any scalability issues, as it handles whatever alerts arise appropriately.

Customer support for Panther is good, although we have not needed to utilize it much. I believe they have a solid support system in place.

Panther is the first solution we have used, and we are now considering the Wiz  option. I have not switched from any other solution previously.

I believe we have seen a return on investment from using Panther, especially given our large infrastructure and network, which generates many alerts. Panther helps us in triaging and fine-tuning these alerts, saving a significant amount of time. The AI Triage feature frequently allows us to bypass manual triaging, contributing to our ROI from Panther.

I am not aware of the pricing, setup cost, and licensing details, as I handle the usage of Panther and not the setup process.

I am not sure if other options were evaluated before choosing Panther because I joined the team only within the last year. Thus, I cannot provide details on what others may have considered.

On a scale of one to ten, I would rate Panther an eight out of ten.

I give it an eight out of ten because, although it is a good tool, we are currently exploring Wiz  as an option, which sometimes provides more detailed insights compared to Panther. Ultimately, both tools are similar, but we are still in the discovery phase as we consider our options.

Panther is a reputed tool in terms of AI governance and security. We base our confidence on the trust it has garnered and its security certifications along with risk assessments, so we feel comfortable with the data it handles.

Regarding Panther's accuracy and reliability of output, I would rate it at 70 percent since, at times, it identifies findings as valid when they may actually be false positives, which we have experienced in a few cases.

My advice for those looking to use Panther is that if you are aiming to reduce time, resources, and enhance efficiency, Panther's AI Triage is an excellent option. If it had the capability to scale with additional organizational knowledge, it would be an even more effective tool for triaging alerts.

I believe Panther is a good tool. The AI Triage feature saves a considerable amount of time, and if it were to incorporate organizational knowledge, it could provide finer-tuned results. For instance, if it can relate incidents, such as identifying a port scan, to our Jira  data, it could determine whether it was likely a false positive based on existing knowledge. If it could integrate diverse contextual data, it would enhance its effectiveness considerably. My overall rating for this product is eight out of ten.

Public Cloud

Amazon Web Services  (AWS )

What do you like best about the product?

What I like best about Panther is how quickly it helps us move from alert to action. It’s powerful and highly automated, with strong native integrations that made setup and onboarding easy across teams. Features like enrichment and AI-assisted analysis make SOC investigations much faster and simpler, and the support team is consistently responsive whenever we need help.

What do you dislike about the product?

At the moment, I don’t have any major dislikes. Our experience with Panther has been smooth so far, from onboarding to daily SOC operations.

What problems is the product solving and how is that benefiting you?

Panther is helping us solve the biggest SIEM challenge: turning large volumes of security data into fast, actionable investigation workflows. It centralizes signals from multiple tools through native integrations, enriches alerts with useful context, and uses AI-assisted analysis to reduce manual triage time.

The benefit for us is a faster and more efficient SOC process. Our team can investigate and respond more quickly, onboarding across teams is easier, and we spend less time on repetitive analysis and more time on real risk reduction.

Day-to-day, we use Panther AI SOC in-house for centralized SOC monitoring for cloud threat detection. Panther assists security analysts by analyzing security telemetry from the cloud, gathering logs from endpoints, identity, and infrastructure sources such as firewalls, endpoints, and DLP . The AI-assisted detection helps in prioritizing and investigating suspicious activity.

One example of Panther's efficiency is when investigating unusual authentication behavior. It correlated telemetry data and provided better context around suspicious patterns, speeding up investigation with enriched context rather than manual log correlation.

Panther is integrated with the broader SOC workflow alongside cloud telemetry such as IAM  logs and infrastructure events, enhancing the AI-assisted analysis.

Panther integrates multiple sources for AI-assisted SOC visibility and investigation support, providing contextual investigation and better signal correlation. Due to its centralized telemetry and AI-driven support, it is essential in cloud-heavy environments.

A useful aspect is better prioritization of suspicious behavior, as AI assists with higher confidence signals, reducing manual alert validation time.

From an operational standpoint, Panther has matured our investigations, as analysts focus more on risk validation and response rather than stitching logs.

Panther offers robust AI-assisted SOC visibility and investigation support, integrating multiple sources. Instead of generating alerts, Panther helps analysts with contextual investigation and better signal correlation. In today's cloud-heavy environments, centralized telemetry, coupled with AI-driven investigation support, becomes incredibly useful.

Operationally, Panther has improved investigation maturity. Analysts spend less time manually stitching logs and focus more on risk validation and response. From a SOC perspective, investigation quality has improved as the AI assistance makes context easier to understand.

An improvement area could be reporting flexibility and dashboard customization for enterprise-level reporting since larger organizations may want deeper workflow customization based on internal governance requirements. As we use multiple SIEMs, improvements in these aspects would be beneficial.

Another potential enhancement is having AI recommendations become more contextual over time, especially in reducing false positives and tuning prioritization for organization-specific environments. Training the AI will hone alerts and incidents' accuracy.

I started evaluating and using Panther  within our SOC since 2024, providing POCs to end clients. Panther  is a cloud security tool focused on workflow, initially emphasizing visibility and centralized detection, and we have leveraged its AI-driven investigation capabilities for better alert context and faster triage.

Panther has been stable in our experience, offering reliable cloud-native monitoring and security analytic workflows without downtime or reliability issues.

Panther's scalability has kept up with our growth, efficiently handling our cloud environment and increasing telemetry data as our monitoring requirements expand based on customer needs.

I have reached out to Panther customer support via email and engaged directly with the TAM. They have assisted us well, especially during customer onboarding issues, providing a positive experience.

Previously, we used Seceon aiSIEM , but the AI capability was not as mature compared to Panther, prompting us to switch after evaluating several SIEM  platforms and products.

We have seen a return on investment measured primarily through SOC efficiency and productivity improvements. The return is operational, with teams observing a twenty to thirty-five percent improvement in investigation efficiency depending on the environment and product maturity.

In terms of pricing, it generally depends on the ingestion scale, telemetry volume, integration, and specific enterprise requirements as we onboard multiple customers. Our evaluation of Panther was based on our SOC efficiency gains and investigation maturity, with decisions typically made by our leadership or the salesperson.

We evaluated other options before choosing Panther, including Seceon and multiple AI platforms with integration capabilities, based on our cloud visibility needs.

My advice for others looking into using Panther is first to understand their requirements. If an organization has both cloud and on-prem environments, Panther becomes even more valuable, especially for those with extensive cloud data and analysts spending significant time investigating or correlating logs, as Panther's AI SOC workflow helps enhance operational efficiency.

Panther's output has been consistent in terms of accuracy and reliability, depending on relevant alerts and use cases. We trained their AI platform based on our logs, significantly reducing issues, allowing our team to focus on specific alert parts or incidents.

Practically speaking, Panther commonly integrates with AWS  in our environment and can connect with Azure  and other cloud-native services depending on the architecture, leveraging AWS-related telemetry visibilities.

Panther is integrated within our cloud-centric SOC environments, connecting to multiple telemetry sources throughout our enterprise.

We purchased Panther directly from sales, not through the AWS Marketplace , and our company acts as a reseller for Panther based on my prior experience.

I would rate this review an eight out of ten.

Public Cloud

Amazon Web Services (AWS)

What do you like best about the product?

Panther is a compact, powerful SIEM with AI Analytics that are currently evolving by the day. Each category is easy to browse and use, there are several integrations that can be requested, the price is very competitive with other tools on the market, and the custom rule builder is very well designed.

What do you dislike about the product?

The tool is still in its infancy, however as it continues to grow and reaches action parity with larger, more advanced SIEMs, it will be world class

What problems is the product solving and how is that benefiting you?

Adapting an AI ruleset builder + detection triage helper can really help small teams fill the skill gap found in a SOC. A well built AI helper inside of a SIEM like this, when additional OSINT and context is added, could get an entire operation up and running in a matter of weeks without bloating a team to cover skills.

What do you like best about the product?

The most useful feature is the Panther AI which helps to quickly skim through your logs, create search queries and also queries for creating the dashboard

What do you dislike about the product?

At times, I run into UI issues with Panther AI when fetching results, and I think this part of the experience could be improved.

What problems is the product solving and how is that benefiting you?

Visibility and monitoring all the possible areas in our organisation