What do you like best about the product?

Panther is incredibly responsive - it's a definite partnership. The team continues to develop features with input from customers about what is most needed. The ability to write detections in Python is very helpful. New feature rollouts make creating detections and doing searches more accessible to less technical employees. The ability to truly implement detection as code is really cool, but it's not a must to implement Panther. The flexibility of ingesting anything you can get to S3 introduces some up front work, but once a process is established, custom ingestions can be done quickly.

What do you dislike about the product?

Panther lacks some functionality you expect from the typical SIEM - visualizations specifically lag, but this can be addressed with other tools. There is a fairly steep learning curve if you are not experienced with Python, SQL, and YAML. However, all SIEMs have a fairly steep learning curve. If your team has some experience with development, the languages should be familiar and easy to get the hang of how Panther uses them.

What problems is the product solving and how is that benefiting you?

Centralized monitoring, detection, and response. Ingesting data via API is straight forward and can be largely templatized for efficiency. Recent additions to ingestion options (like webhooks) will continue to make ingestions more efficient. The ability to work in code is a major benefit for teams committed to a CI/CD environment.