Panther - Cloud Connected
PantherExternal reviews
47 reviews
from
External reviews are not included in the AWS star rating for the product.
Compact, Powerful SIEM with Fast-Evolving AI Analytics
What do you like best about the product?
Panther is a compact, powerful SIEM with AI Analytics that are currently evolving by the day. Each category is easy to browse and use, there are several integrations that can be requested, the price is very competitive with other tools on the market, and the custom rule builder is very well designed.
What do you dislike about the product?
The tool is still in its infancy, however as it continues to grow and reaches action parity with larger, more advanced SIEMs, it will be world class
What problems is the product solving and how is that benefiting you?
Adapting an AI ruleset builder + detection triage helper can really help small teams fill the skill gap found in a SOC. A well built AI helper inside of a SIEM like this, when additional OSINT and context is added, could get an entire operation up and running in a matter of weeks without bloating a team to cover skills.
Panther AI Makes Log Analysis and Dashboard Queries Fast and Easy
What do you like best about the product?
The most useful feature is the Panther AI which helps to quickly skim through your logs, create search queries and also queries for creating the dashboard
What do you dislike about the product?
At times, I run into UI issues with Panther AI when fetching results, and I think this part of the experience could be improved.
What problems is the product solving and how is that benefiting you?
Visibility and monitoring all the possible areas in our organisation
Awesome Detection as Code That Speeds Up Investigations
What do you like best about the product?
Detection as code is awesome. Also, the mcp allows me to work through investigations super quickly.
What do you dislike about the product?
Not all services are supported, in line with what you'd expect from a new product.
What problems is the product solving and how is that benefiting you?
It helps speed up D&R as a whole. And with AI getting smarter, DaaC makes a lot of sense
Purpose-Built SIEM for SecOps at Scale with a Delightful Search and Top-Tier AI SOC
What do you like best about the product?
Built for what matters in SecOps, detection and response at scale. Panther does not waste time on useless features as everything has purpose and meaning. Their search function has 3 modes, with PantherFlow being very much like KQL and a delight to use. The DAC concepts are top notch and .. their AI SOC functions actually work, Panther AI may be one of the best on the market right now.
What do you dislike about the product?
I’d prefer if it also supported self-hosting in Azure, in addition to AWS. That said, AWS works perfectly fine for me—it’s really just a matter of personal preference.
What problems is the product solving and how is that benefiting you?
Complex analysis of Cyber, Fraud, and Product Security events, with AI analysis and assistance to support investigations. Detections as code helps standardize and maintain detection logic in a clear, repeatable way.
Great Alert Context and a Clear Development Pipeline
What do you like best about the product?
Context for alerts, easy easy log source integration and clear development pipeline
What do you dislike about the product?
Raw log view without a basic summary of each alert unless AI triage is run
What problems is the product solving and how is that benefiting you?
The alert context is very useful for false positives detection, noise reduction and rule tuning
Reliable SIEM with Strong Support and AI-Powered Efficient Operations
What do you like best about the product?
The support team is responsive and provides detailed guidance when we need help.
The platform is easy to implement and operate, even with a small team. Through its intuitive interface and AI capabilities, a small security team can work as effectively as larger ones.
Cost predictability is a significant advantage. Panther's cost structure allows us to forecast our security budget accurately, which is important for planning.
The MCP (Model Context Protocol) integration lets us build custom detection rules that combine Panther's data with our local data sources for tailored threat detection. MCP and PantherAI also help non-native English speakers quickly understand complex security information, reducing language barriers across our team.
The platform is easy to implement and operate, even with a small team. Through its intuitive interface and AI capabilities, a small security team can work as effectively as larger ones.
Cost predictability is a significant advantage. Panther's cost structure allows us to forecast our security budget accurately, which is important for planning.
The MCP (Model Context Protocol) integration lets us build custom detection rules that combine Panther's data with our local data sources for tailored threat detection. MCP and PantherAI also help non-native English speakers quickly understand complex security information, reducing language barriers across our team.
What do you dislike about the product?
I don't have any significant concerns or areas where I feel Panther needs improvement.
What problems is the product solving and how is that benefiting you?
As a small team implementing our first SIEM solution, we needed a platform that we could implement and manage without requiring extensive resources. During our POC, we evaluated Panther alongside two other solutions, and Panther proved to be the most effective in both implementation and operation, solving this challenge most smoothly.
The predictable cost structure was also crucial for getting approval from our leadership team, making the approval process straightforward.
The predictable cost structure was also crucial for getting approval from our leadership team, making the approval process straightforward.
Detection as Code and AI Triage Make Panther a Standout
What do you like best about the product?
Detection as code is handy for version control and creating an alert lifecycle (dev/staging/prod) Panther AI Triage is a game changer! Add in Panther MCP and GitHub Co-Pilot and we are on the cusp of fully automating a lot of our work!
What do you dislike about the product?
Alert pipeline includes unnecessary checks (via yaml and the test cases) that are really perfunctory and don't actually test the logic of the rule in question. Also fits unit testing approach which aligns more with software development than security.
What problems is the product solving and how is that benefiting you?
Panther is solving the noisy alert/alert fatigue challenge via Panther AI Triage. We can leverage it's insights to then tune our alerts better and narrow down the behaviors we want to protect and alert against. Not to mention we can off load analysis for signals we trust are lower in severity while still allowing a human-in-the-loop to review complex and higher severity alerts. This in turn is allowing our team to scale in ways not previously imagined (essentially being able to do more with less headcount).
Reliable Log Retention and Helpful Signals, But UI Can Be Slow
What do you like best about the product?
The log retention feature is reliable, and querying the logs is straightforward. I also find the signals provided to be quite helpful.
What do you dislike about the product?
The User Interface can be slow to load at times.
What problems is the product solving and how is that benefiting you?
Log retention, detection as code, operationalization of detection and response.
Exceptional Customer Focus and Agile, Tailored Solutions
What do you like best about the product?
Panther works closely with customers to resolve issues efficiently and deliver agile solutions tailored to their needs.
What do you dislike about the product?
Panther would benefit from having additional custom script–based log collectors to improve flexibility and coverage.
What problems is the product solving and how is that benefiting you?
Panther delivers comprehensive detection coverage across varied log sources — from cloud infrastructure to application data.
Efficient Code-Driven Alert Management
What do you like best about the product?
Code-driven alert management! Wide range of pre-built alerts. Solid support. Straightforward integration with AWS and anything that can write to AWS S3.
What do you dislike about the product?
Full `git` integration with a consistent deployment pipeline is challenging to set up and requires a lot of custom workflow implementation and legwork to get fully working. Incomplete story around temporary access credentials and avoiding static/durable credentials.
What problems is the product solving and how is that benefiting you?
Proactively identify risks and risky behavior, alert on suspicious behavior, perform retrospective analysis to understand causal factors for issues and perform forensics.
showing 1 - 10