Panther - Cloud Connected

My main use case for Panther is real-time monitoring of alerts, where we triage incidents that occur for our on-call duties. Panther is one of the major sources from which we receive alerts in real-time.

I use Panther for real-time monitoring by integrating it with Teams and other applications that we use frequently. Whenever an alert comes up, based on the logs and integrations we have set up with Panther, we receive alerts that we triage for further investigation to determine whether they are false positives or not. Panther's AI feature specifically helps us a lot by simplifying our work, providing context on the findings and alerts it processes, and aiding us in understanding whether an activity could be benign or malicious.

We receive Panther alerts since we have integrated many network components with it. Currently, we are utilizing the AI Triage feature, which offers significant clarity on issues and whether they might be false positives or not, allowing us to focus more on suspicious findings. Sometimes what I observe is that an alert could be a false positive, yet it could also be a true positive. However, AI Triage significantly aids us, and we still need to verify if we are genuinely affected or not.

The best features Panther offers are AI Triage, the ability to comment on our activities, and seamless integration with other communication sources such as PagerDuty, Microsoft Teams, and potentially Slack, showcasing the flexibility we have in using this tool.

The most valuable feature for my team is definitely AI Triage, which helps save a lot of time by eliminating the need for manual research regarding patterns that may be repeated, making our work easier and more efficient.

Panther has positively impacted my organization as it serves as one of the main sources for triaging real-time incidents. Panther definitely plays a key role in the work that we do.

Specific outcomes that show how Panther has helped our organization include saving a lot of time, especially since the AI Triage feature reduces the necessity to reach out to others for clarity, which it occasionally accomplishes on its own. To be honest, it does lack some aspects. For example, if it could access our organizational knowledge, including the Jira database, it might better analyze incidents and determine whether they are false positives or not by using more contextual data.

Panther could be improved by adding a feature that allows it to access organizational data, which would help produce better-tuned outputs with fewer false positives and alerts, making our jobs easier. Additionally, a feature in the alert section that enables users to create rules, perhaps using AI, to whitelist or blacklist certain patterns would also be useful.

The only thing that comes to mind right now as an improvement is having greater organizational knowledge integration and fine-tuning the alerts we receive, along with better triage capabilities.

I have been using Panther for more than one year.

Based on my experience, Panther is definitely stable.

Panther's scalability is good. We have not encountered any scalability issues, as it handles whatever alerts arise appropriately.

Customer support for Panther is good, although we have not needed to utilize it much. I believe they have a solid support system in place.

Panther is the first solution we have used, and we are now considering the Wiz option. I have not switched from any other solution previously.

I believe we have seen a return on investment from using Panther, especially given our large infrastructure and network, which generates many alerts. Panther helps us in triaging and fine-tuning these alerts, saving a significant amount of time. The AI Triage feature frequently allows us to bypass manual triaging, contributing to our ROI from Panther.

I am not aware of the pricing, setup cost, and licensing details, as I handle the usage of Panther and not the setup process.

I am not sure if other options were evaluated before choosing Panther because I joined the team only within the last year. Thus, I cannot provide details on what others may have considered.

On a scale of one to ten, I would rate Panther an eight out of ten.

I give it an eight out of ten because, although it is a good tool, we are currently exploring Wiz as an option, which sometimes provides more detailed insights compared to Panther. Ultimately, both tools are similar, but we are still in the discovery phase as we consider our options.

Panther is a reputed tool in terms of AI governance and security. We base our confidence on the trust it has garnered and its security certifications along with risk assessments, so we feel comfortable with the data it handles.

Regarding Panther's accuracy and reliability of output, I would rate it at 70 percent since, at times, it identifies findings as valid when they may actually be false positives, which we have experienced in a few cases.

My advice for those looking to use Panther is that if you are aiming to reduce time, resources, and enhance efficiency, Panther's AI Triage is an excellent option. If it had the capability to scale with additional organizational knowledge, it would be an even more effective tool for triaging alerts.

I believe Panther is a good tool. The AI Triage feature saves a considerable amount of time, and if it were to incorporate organizational knowledge, it could provide finer-tuned results. For instance, if it can relate incidents, such as identifying a port scan, to our Jira data, it could determine whether it was likely a false positive based on existing knowledge. If it could integrate diverse contextual data, it would enhance its effectiveness considerably. My overall rating for this product is eight out of ten.

Public Cloud

Amazon Web Services (AWS)

What do you like best about the product?

What I like best about Panther is how quickly it helps us move from alert to action. It’s powerful and highly automated, with strong native integrations that made setup and onboarding easy across teams. Features like enrichment and AI-assisted analysis make SOC investigations much faster and simpler, and the support team is consistently responsive whenever we need help.

What do you dislike about the product?

At the moment, I don’t have any major dislikes. Our experience with Panther has been smooth so far, from onboarding to daily SOC operations.

What problems is the product solving and how is that benefiting you?

Panther is helping us solve the biggest SIEM challenge: turning large volumes of security data into fast, actionable investigation workflows. It centralizes signals from multiple tools through native integrations, enriches alerts with useful context, and uses AI-assisted analysis to reduce manual triage time.

The benefit for us is a faster and more efficient SOC process. Our team can investigate and respond more quickly, onboarding across teams is easier, and we spend less time on repetitive analysis and more time on real risk reduction.

Day-to-day, we use Panther AI SOC in-house for centralized SOC monitoring for cloud threat detection. Panther assists security analysts by analyzing security telemetry from the cloud, gathering logs from endpoints, identity, and infrastructure sources such as firewalls, endpoints, and DLP. The AI-assisted detection helps in prioritizing and investigating suspicious activity.

One example of Panther's efficiency is when investigating unusual authentication behavior. It correlated telemetry data and provided better context around suspicious patterns, speeding up investigation with enriched context rather than manual log correlation.

Panther is integrated with the broader SOC workflow alongside cloud telemetry such as IAM logs and infrastructure events, enhancing the AI-assisted analysis.

Panther integrates multiple sources for AI-assisted SOC visibility and investigation support, providing contextual investigation and better signal correlation. Due to its centralized telemetry and AI-driven support, it is essential in cloud-heavy environments.

A useful aspect is better prioritization of suspicious behavior, as AI assists with higher confidence signals, reducing manual alert validation time.

From an operational standpoint, Panther has matured our investigations, as analysts focus more on risk validation and response rather than stitching logs.

Panther offers robust AI-assisted SOC visibility and investigation support, integrating multiple sources. Instead of generating alerts, Panther helps analysts with contextual investigation and better signal correlation. In today's cloud-heavy environments, centralized telemetry, coupled with AI-driven investigation support, becomes incredibly useful.

Operationally, Panther has improved investigation maturity. Analysts spend less time manually stitching logs and focus more on risk validation and response. From a SOC perspective, investigation quality has improved as the AI assistance makes context easier to understand.

An improvement area could be reporting flexibility and dashboard customization for enterprise-level reporting since larger organizations may want deeper workflow customization based on internal governance requirements. As we use multiple SIEMs, improvements in these aspects would be beneficial.

Another potential enhancement is having AI recommendations become more contextual over time, especially in reducing false positives and tuning prioritization for organization-specific environments. Training the AI will hone alerts and incidents' accuracy.

I started evaluating and using Panther within our SOC since 2024, providing POCs to end clients. Panther is a cloud security tool focused on workflow, initially emphasizing visibility and centralized detection, and we have leveraged its AI-driven investigation capabilities for better alert context and faster triage.

Panther has been stable in our experience, offering reliable cloud-native monitoring and security analytic workflows without downtime or reliability issues.

Panther's scalability has kept up with our growth, efficiently handling our cloud environment and increasing telemetry data as our monitoring requirements expand based on customer needs.

I have reached out to Panther customer support via email and engaged directly with the TAM. They have assisted us well, especially during customer onboarding issues, providing a positive experience.

Previously, we used Seceon aiSIEM, but the AI capability was not as mature compared to Panther, prompting us to switch after evaluating several SIEM platforms and products.

We have seen a return on investment measured primarily through SOC efficiency and productivity improvements. The return is operational, with teams observing a twenty to thirty-five percent improvement in investigation efficiency depending on the environment and product maturity.

In terms of pricing, it generally depends on the ingestion scale, telemetry volume, integration, and specific enterprise requirements as we onboard multiple customers. Our evaluation of Panther was based on our SOC efficiency gains and investigation maturity, with decisions typically made by our leadership or the salesperson.

We evaluated other options before choosing Panther, including Seceon and multiple AI platforms with integration capabilities, based on our cloud visibility needs.

My advice for others looking into using Panther is first to understand their requirements. If an organization has both cloud and on-prem environments, Panther becomes even more valuable, especially for those with extensive cloud data and analysts spending significant time investigating or correlating logs, as Panther's AI SOC workflow helps enhance operational efficiency.

Panther's output has been consistent in terms of accuracy and reliability, depending on relevant alerts and use cases. We trained their AI platform based on our logs, significantly reducing issues, allowing our team to focus on specific alert parts or incidents.

Practically speaking, Panther commonly integrates with AWS in our environment and can connect with Azure and other cloud-native services depending on the architecture, leveraging AWS-related telemetry visibilities.

Panther is integrated within our cloud-centric SOC environments, connecting to multiple telemetry sources throughout our enterprise.

We purchased Panther directly from sales, not through the AWS Marketplace, and our company acts as a reseller for Panther based on my prior experience.

I would rate this review an eight out of ten.

Public Cloud

Amazon Web Services (AWS)

What do you like best about the product?

Panther is a compact, powerful SIEM with AI Analytics that are currently evolving by the day. Each category is easy to browse and use, there are several integrations that can be requested, the price is very competitive with other tools on the market, and the custom rule builder is very well designed.

What do you dislike about the product?

The tool is still in its infancy, however as it continues to grow and reaches action parity with larger, more advanced SIEMs, it will be world class

What problems is the product solving and how is that benefiting you?

Adapting an AI ruleset builder + detection triage helper can really help small teams fill the skill gap found in a SOC. A well built AI helper inside of a SIEM like this, when additional OSINT and context is added, could get an entire operation up and running in a matter of weeks without bloating a team to cover skills.

What do you like best about the product?

The most useful feature is the Panther AI which helps to quickly skim through your logs, create search queries and also queries for creating the dashboard

What do you dislike about the product?

At times, I run into UI issues with Panther AI when fetching results, and I think this part of the experience could be improved.

What problems is the product solving and how is that benefiting you?

Visibility and monitoring all the possible areas in our organisation

What do you like best about the product?

Detection as code is awesome. Also, the mcp allows me to work through investigations super quickly.

What do you dislike about the product?

Not all services are supported, in line with what you'd expect from a new product.

What problems is the product solving and how is that benefiting you?

It helps speed up D&R as a whole. And with AI getting smarter, DaaC makes a lot of sense

What do you like best about the product?

Built for what matters in SecOps, detection and response at scale. Panther does not waste time on useless features as everything has purpose and meaning. Their search function has 3 modes, with PantherFlow being very much like KQL and a delight to use. The DAC concepts are top notch and .. their AI SOC functions actually work, Panther AI may be one of the best on the market right now.

What do you dislike about the product?

I’d prefer if it also supported self-hosting in Azure, in addition to AWS. That said, AWS works perfectly fine for me—it’s really just a matter of personal preference.

What problems is the product solving and how is that benefiting you?

Complex analysis of Cyber, Fraud, and Product Security events, with AI analysis and assistance to support investigations. Detections as code helps standardize and maintain detection logic in a clear, repeatable way.

What do you like best about the product?

Context for alerts, easy easy log source integration and clear development pipeline

What do you dislike about the product?

Raw log view without a basic summary of each alert unless AI triage is run

What problems is the product solving and how is that benefiting you?

The alert context is very useful for false positives detection, noise reduction and rule tuning

What do you like best about the product?

The support team is responsive and provides detailed guidance when we need help.
The platform is easy to implement and operate, even with a small team. Through its intuitive interface and AI capabilities, a small security team can work as effectively as larger ones.
Cost predictability is a significant advantage. Panther's cost structure allows us to forecast our security budget accurately, which is important for planning.
The MCP (Model Context Protocol) integration lets us build custom detection rules that combine Panther's data with our local data sources for tailored threat detection. MCP and PantherAI also help non-native English speakers quickly understand complex security information, reducing language barriers across our team.

What do you dislike about the product?

I don't have any significant concerns or areas where I feel Panther needs improvement.

What problems is the product solving and how is that benefiting you?

As a small team implementing our first SIEM solution, we needed a platform that we could implement and manage without requiring extensive resources. During our POC, we evaluated Panther alongside two other solutions, and Panther proved to be the most effective in both implementation and operation, solving this challenge most smoothly.
The predictable cost structure was also crucial for getting approval from our leadership team, making the approval process straightforward.

What do you like best about the product?

Detection as code is handy for version control and creating an alert lifecycle (dev/staging/prod) Panther AI Triage is a game changer! Add in Panther MCP and GitHub Co-Pilot and we are on the cusp of fully automating a lot of our work!

What do you dislike about the product?

Alert pipeline includes unnecessary checks (via yaml and the test cases) that are really perfunctory and don't actually test the logic of the rule in question. Also fits unit testing approach which aligns more with software development than security.

What problems is the product solving and how is that benefiting you?

Panther is solving the noisy alert/alert fatigue challenge via Panther AI Triage. We can leverage it's insights to then tune our alerts better and narrow down the behaviors we want to protect and alert against. Not to mention we can off load analysis for signals we trust are lower in severity while still allowing a human-in-the-loop to review complex and higher severity alerts. This in turn is allowing our team to scale in ways not previously imagined (essentially being able to do more with less headcount).