Panther - Cloud Connected
PantherExternal reviews
43 reviews
from
External reviews are not included in the AWS star rating for the product.
Great Alert Context and a Clear Development Pipeline
What do you like best about the product?
Context for alerts, easy easy log source integration and clear development pipeline
What do you dislike about the product?
Raw log view without a basic summary of each alert unless AI triage is run
What problems is the product solving and how is that benefiting you?
The alert context is very useful for false positives detection, noise reduction and rule tuning
Reliable SIEM with Strong Support and AI-Powered Efficient Operations
What do you like best about the product?
The support team is responsive and provides detailed guidance when we need help.
The platform is easy to implement and operate, even with a small team. Through its intuitive interface and AI capabilities, a small security team can work as effectively as larger ones.
Cost predictability is a significant advantage. Panther's cost structure allows us to forecast our security budget accurately, which is important for planning.
The MCP (Model Context Protocol) integration lets us build custom detection rules that combine Panther's data with our local data sources for tailored threat detection. MCP and PantherAI also help non-native English speakers quickly understand complex security information, reducing language barriers across our team.
The platform is easy to implement and operate, even with a small team. Through its intuitive interface and AI capabilities, a small security team can work as effectively as larger ones.
Cost predictability is a significant advantage. Panther's cost structure allows us to forecast our security budget accurately, which is important for planning.
The MCP (Model Context Protocol) integration lets us build custom detection rules that combine Panther's data with our local data sources for tailored threat detection. MCP and PantherAI also help non-native English speakers quickly understand complex security information, reducing language barriers across our team.
What do you dislike about the product?
I don't have any significant concerns or areas where I feel Panther needs improvement.
What problems is the product solving and how is that benefiting you?
As a small team implementing our first SIEM solution, we needed a platform that we could implement and manage without requiring extensive resources. During our POC, we evaluated Panther alongside two other solutions, and Panther proved to be the most effective in both implementation and operation, solving this challenge most smoothly.
The predictable cost structure was also crucial for getting approval from our leadership team, making the approval process straightforward.
The predictable cost structure was also crucial for getting approval from our leadership team, making the approval process straightforward.
Detection as Code and AI Triage Make Panther a Standout
What do you like best about the product?
Detection as code is handy for version control and creating an alert lifecycle (dev/staging/prod) Panther AI Triage is a game changer! Add in Panther MCP and GitHub Co-Pilot and we are on the cusp of fully automating a lot of our work!
What do you dislike about the product?
Alert pipeline includes unnecessary checks (via yaml and the test cases) that are really perfunctory and don't actually test the logic of the rule in question. Also fits unit testing approach which aligns more with software development than security.
What problems is the product solving and how is that benefiting you?
Panther is solving the noisy alert/alert fatigue challenge via Panther AI Triage. We can leverage it's insights to then tune our alerts better and narrow down the behaviors we want to protect and alert against. Not to mention we can off load analysis for signals we trust are lower in severity while still allowing a human-in-the-loop to review complex and higher severity alerts. This in turn is allowing our team to scale in ways not previously imagined (essentially being able to do more with less headcount).
Reliable Log Retention and Helpful Signals, But UI Can Be Slow
What do you like best about the product?
The log retention feature is reliable, and querying the logs is straightforward. I also find the signals provided to be quite helpful.
What do you dislike about the product?
The User Interface can be slow to load at times.
What problems is the product solving and how is that benefiting you?
Log retention, detection as code, operationalization of detection and response.
Exceptional Customer Focus and Agile, Tailored Solutions
What do you like best about the product?
Panther works closely with customers to resolve issues efficiently and deliver agile solutions tailored to their needs.
What do you dislike about the product?
Panther would benefit from having additional custom script–based log collectors to improve flexibility and coverage.
What problems is the product solving and how is that benefiting you?
Panther delivers comprehensive detection coverage across varied log sources — from cloud infrastructure to application data.
Efficient Code-Driven Alert Management
What do you like best about the product?
Code-driven alert management! Wide range of pre-built alerts. Solid support. Straightforward integration with AWS and anything that can write to AWS S3.
What do you dislike about the product?
Full `git` integration with a consistent deployment pipeline is challenging to set up and requires a lot of custom workflow implementation and legwork to get fully working. Incomplete story around temporary access credentials and avoiding static/durable credentials.
What problems is the product solving and how is that benefiting you?
Proactively identify risks and risky behavior, alert on suspicious behavior, perform retrospective analysis to understand causal factors for issues and perform forensics.
Great Value and Support, But Needs Better Security Dashboards and RBAC
What do you like best about the product?
Ease of use and value for money. Excellent customer support and engagement team.
What do you dislike about the product?
Lack of comprehensive, out of the box, dashboards that focus on security leadership. Additionally, a lack of internal RBAC to create silos of access based on audit log source.
What problems is the product solving and how is that benefiting you?
Full, cross cloud audit log with scaleability and access that allows rapid triaging of alerts and issues.
Effortless SIEM with Powerful Integrations
What do you like best about the product?
I appreciate Panther for precisely meeting our needs and offering great value. Setting up Panther was smooth and easy, and the onboarding mentoring was super helpful. The Terraform interface is very nice for its supported features. Panther closed a critical gap by centralizing security event logs from various systems, simplifying incident investigation and correlation. PantherAI has been a significant help, taking the guesswork out of security incidents and enabling quicker issue identification. The UI is easy to use and navigate, and the alert investigation tools are intuitive.
What do you dislike about the product?
I would like to see greater Terraform support and the ability to manage rules as code outside of the Panther Analysis repository mechanism.
What problems is the product solving and how is that benefiting you?
Panther closes critical gaps by centralizing security logs from various systems, enabling easier incident investigation and correlation, and enhancing our ability to identify true positives.
Best SIEM on the market
What do you like best about the product?
If you have a threat hunting culture or have security in your DNA Panther is the product for you. As a Solution Architect implementing SIEM\ SOAR systems, I work with 10 different SIEM products every day. Not only is it the only platform where I write my best detections\ correlations in both the GUI and IDE - but where I also see daily, continued engagement from the D&R and InfoSec teams. Companies that buy Panther are more secure than those that do not as a result. Also their support is miles ahead of any other product on the market.
What do you dislike about the product?
I would like them to develop dashboards further and export their excellent AI analysis to alert destinations
What problems is the product solving and how is that benefiting you?
Detection as code
The most intuitive and practical SIEM, designed for modern security teams.
What do you like best about the product?
Panther is flexible, intuitive and practical. I have used Panther's Console (UI) and their Panther Analysis repository for detection as code quite frequently.
The Panther Console is intuitive and configuring integrations was straightforward.
I also used Panther quite frequently for Detection as code. One of the ways I like using it is creating new detections that are derived from Panther's detections and adding any custom logic that's needed for my organization.
What I like best:
- Support for Detection as Code, i.e. version control, validation, CI/CD etc.).
- Integrations with popular alert destinations, log sources, etc.
- Ease of Implementation / Ease of Integration
Bonus:
- I found Panther's customer support to be highly responsive and helpful. They were great at assisting my team and I, whether I had a simple technical question or a complex challenge unique to my organization.
- Good Documentation and examples within the documentation
The Panther Console is intuitive and configuring integrations was straightforward.
I also used Panther quite frequently for Detection as code. One of the ways I like using it is creating new detections that are derived from Panther's detections and adding any custom logic that's needed for my organization.
What I like best:
- Support for Detection as Code, i.e. version control, validation, CI/CD etc.).
- Integrations with popular alert destinations, log sources, etc.
- Ease of Implementation / Ease of Integration
Bonus:
- I found Panther's customer support to be highly responsive and helpful. They were great at assisting my team and I, whether I had a simple technical question or a complex challenge unique to my organization.
- Good Documentation and examples within the documentation
What do you dislike about the product?
Nothing that I necessarily dislike, usually anything that's missing or needed has been added as a feature.
One issue came up when using the Panther analysis repository. Merge conflicts can occur when syncing from the upstream panther-analysis repository but a custom workflow can be built as a workaround for that.
One issue came up when using the Panther analysis repository. Merge conflicts can occur when syncing from the upstream panther-analysis repository but a custom workflow can be built as a workaround for that.
What problems is the product solving and how is that benefiting you?
Panther solves problems related to alert fatigue, slow detection times, and the complexity of managing security at cloud scale. Reduces complexity of security operations.
It's benefiting me because I can use Panther's out of the box detections and further customize them with extra logic tailored to my organization. Overall it helps reduce the complexity of security operations and does not take a lot of time to onboard new log sources or configure integrations.
It's benefiting me because I can use Panther's out of the box detections and further customize them with extra logic tailored to my organization. Overall it helps reduce the complexity of security operations and does not take a lot of time to onboard new log sources or configure integrations.
showing 1 - 10