Sold by: PantherÂ
Deployed on AWS
Panther is a modern Security Information and Event Management (SIEM) tool that solves the challenges of security operations at scale.
Overview
Note: Listing is specific to Panther's Cloud Connected deployment model, which requires the customer to own AWS and Snowflake infrastructure and associated costs. For custom pricing, SaaS deployment options, EULA, private contract, or private offers please contact sales@panther.com .
The shift to the cloud has resulted in an explosion of data that security teams need to collect, analyze, and retain to detect threats. However, traditional security monitoring tools were never built with cloud-scale in mind and cannot meet the demands of today's modern workloads. Panther is an AWS cloud-native threat detection platform that transforms terabytes of raw logs per day into a structured security data lake to power real-time detection, swift incident response, and thorough investigations.
With detection-as-code in Python and out-of-the-box integrations for critical log sources including S3, CloudTrail, VPC Flow Logs and more - Panther solves the challenges of security operations at scale.
Highlights
- Detect threats immediately by analyzing logs as soon as they are ingested, giving you the fastest possible time to detection.
- Answer security questions quickly with the ability to immediately query months of data in minutes and efficiently search for IoCs across all logs.
- Reduce SIEM costs dramatically while gaining lightning-fast query speeds, with an efficient, highly scalable data lake architecture.
Details
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Panther - 1TB/Month | Panther Cloud Connected - 1TB of Monthly Ingestion - 1 Year Data Retention | $50,000.00 |
Dimension | Cost/unit |
|---|---|
Details of overage can be found in EULA | $1.00 |
Vendor refund policy
Please reference EULA for refund policy
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Panther support has been continuously praised by customers. See the SLA's page attached for further insight. support@panther.ioÂ
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Panther
By IBM Security
By CrowdStrike
AI generated from product descriptions
Log Analysis
Real-time security log processing and analysis of terabytes of raw logs per day using cloud-native architecture
Detection Methodology
Detection-as-code implementation using Python programming language for threat detection rules
Cloud Log Integration
Native integrations with AWS log sources including S3, CloudTrail, and VPC Flow Logs
Security Data Lake
Transforms raw log data into structured security data lake for comprehensive threat investigation and incident response
Scalable Architecture
Highly scalable data lake infrastructure designed for processing and querying large volumes of security logs efficiently
Threat Detection and Analytics
Advanced security information and event management (SIEM) solution with real-time monitoring and threat detection capabilities
Cloud Security Integration
Deep integration with AWS security services including Security Hub, CloudTrail, GuardDuty, Network Firewall, and VPC Flow Logs
Incident Response Automation
Enterprise-grade AI and automation to orchestrate and streamline incident response workflows across security technologies
Event Correlation
Ability to correlate data across users, networks, and cloud services to provide comprehensive threat insights and minimize alert fatigue
Multi-Environment Monitoring
Unified security analytics platform supporting monitoring and visibility across cloud and on-premises infrastructure
Cloud Security Posture Management
Unified cloud security management across AWS, Azure, and GCP with continuous monitoring and configuration assessment
Threat Detection and Response
Advanced threat intelligence and detection capabilities with real-time monitoring and response mechanisms for cloud environments
Container and Kubernetes Protection
Comprehensive security for containerized applications and Kubernetes environments with runtime protection and image security
Multi-Cloud Workload Security
End-to-end protection for cloud workloads across on-premises, hybrid, and multi-cloud infrastructure with a single lightweight agent
Event-Driven Security Automation
Dynamic cloud resource protection through integration with cloud service provider event and management services
Standard contract
No
No
No
Customer reviews
0 ratings
0 AWS reviews
|
39 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Computer Software
Efficient Code-Driven Alert Management
Reviewed on Oct 17, 2025
Review provided by G2
What do you like best about the product?
Code-driven alert management! Wide range of pre-built alerts. Solid support. Straightforward integration with AWS and anything that can write to AWS S3.
What do you dislike about the product?
Full `git` integration with a consistent deployment pipeline is challenging to set up and requires a lot of custom workflow implementation and legwork to get fully working. Incomplete story around temporary access credentials and avoiding static/durable credentials.
What problems is the product solving and how is that benefiting you?
Proactively identify risks and risky behavior, alert on suspicious behavior, perform retrospective analysis to understand causal factors for issues and perform forensics.
Mike G.
Great Value and Support, But Needs Better Security Dashboards and RBAC
Reviewed on Oct 17, 2025
Review provided by G2
What do you like best about the product?
Ease of use and value for money. Excellent customer support and engagement team.
What do you dislike about the product?
Lack of comprehensive, out of the box, dashboards that focus on security leadership. Additionally, a lack of internal RBAC to create silos of access based on audit log source.
What problems is the product solving and how is that benefiting you?
Full, cross cloud audit log with scaleability and access that allows rapid triaging of alerts and issues.
Billy B.
Effortless SIEM with Powerful Integrations
Reviewed on Oct 09, 2025
Review provided by G2
What do you like best about the product?
I appreciate Panther for precisely meeting our needs and offering great value. Setting up Panther was smooth and easy, and the onboarding mentoring was super helpful. The Terraform interface is very nice for its supported features. Panther closed a critical gap by centralizing security event logs from various systems, simplifying incident investigation and correlation. PantherAI has been a significant help, taking the guesswork out of security incidents and enabling quicker issue identification. The UI is easy to use and navigate, and the alert investigation tools are intuitive.
What do you dislike about the product?
I would like to see greater Terraform support and the ability to manage rules as code outside of the Panther Analysis repository mechanism.
What problems is the product solving and how is that benefiting you?
Panther closes critical gaps by centralizing security logs from various systems, enabling easier incident investigation and correlation, and enhancing our ability to identify true positives.
Kyle Jerome T.
Best SIEM on the market
Reviewed on Jul 29, 2025
Review provided by G2
What do you like best about the product?
If you have a threat hunting culture or have security in your DNA Panther is the product for you. As a Solution Architect implementing SIEM\ SOAR systems, I work with 10 different SIEM products every day. Not only is it the only platform where I write my best detections\ correlations in both the GUI and IDE - but where I also see daily, continued engagement from the D&R and InfoSec teams. Companies that buy Panther are more secure than those that do not as a result. Also their support is miles ahead of any other product on the market.
What do you dislike about the product?
I would like them to develop dashboards further and export their excellent AI analysis to alert destinations
What problems is the product solving and how is that benefiting you?
Detection as code
Information Technology and Services
The most intuitive and practical SIEM, designed for modern security teams.
Reviewed on Jul 29, 2025
Review provided by G2
What do you like best about the product?
Panther is flexible, intuitive and practical. I have used Panther's Console (UI) and their Panther Analysis repository for detection as code quite frequently.
The Panther Console is intuitive and configuring integrations was straightforward.
I also used Panther quite frequently for Detection as code. One of the ways I like using it is creating new detections that are derived from Panther's detections and adding any custom logic that's needed for my organization.
What I like best:
- Support for Detection as Code, i.e. version control, validation, CI/CD etc.).
- Integrations with popular alert destinations, log sources, etc.
- Ease of Implementation / Ease of Integration
Bonus:
- I found Panther's customer support to be highly responsive and helpful. They were great at assisting my team and I, whether I had a simple technical question or a complex challenge unique to my organization.
- Good Documentation and examples within the documentation
The Panther Console is intuitive and configuring integrations was straightforward.
I also used Panther quite frequently for Detection as code. One of the ways I like using it is creating new detections that are derived from Panther's detections and adding any custom logic that's needed for my organization.
What I like best:
- Support for Detection as Code, i.e. version control, validation, CI/CD etc.).
- Integrations with popular alert destinations, log sources, etc.
- Ease of Implementation / Ease of Integration
Bonus:
- I found Panther's customer support to be highly responsive and helpful. They were great at assisting my team and I, whether I had a simple technical question or a complex challenge unique to my organization.
- Good Documentation and examples within the documentation
What do you dislike about the product?
Nothing that I necessarily dislike, usually anything that's missing or needed has been added as a feature.
One issue came up when using the Panther analysis repository. Merge conflicts can occur when syncing from the upstream panther-analysis repository but a custom workflow can be built as a workaround for that.
One issue came up when using the Panther analysis repository. Merge conflicts can occur when syncing from the upstream panther-analysis repository but a custom workflow can be built as a workaround for that.
What problems is the product solving and how is that benefiting you?
Panther solves problems related to alert fatigue, slow detection times, and the complexity of managing security at cloud scale. Reduces complexity of security operations.
It's benefiting me because I can use Panther's out of the box detections and further customize them with extra logic tailored to my organization. Overall it helps reduce the complexity of security operations and does not take a lot of time to onboard new log sources or configure integrations.
It's benefiting me because I can use Panther's out of the box detections and further customize them with extra logic tailored to my organization. Overall it helps reduce the complexity of security operations and does not take a lot of time to onboard new log sources or configure integrations.