Panther - Cloud Connected
PantherExternal reviews
47 reviews
from
External reviews are not included in the AWS star rating for the product.
Great Value and Support, But Needs Better Security Dashboards and RBAC
What do you like best about the product?
Ease of use and value for money. Excellent customer support and engagement team.
What do you dislike about the product?
Lack of comprehensive, out of the box, dashboards that focus on security leadership. Additionally, a lack of internal RBAC to create silos of access based on audit log source.
What problems is the product solving and how is that benefiting you?
Full, cross cloud audit log with scaleability and access that allows rapid triaging of alerts and issues.
Effortless SIEM with Powerful Integrations
What do you like best about the product?
I appreciate Panther for precisely meeting our needs and offering great value. Setting up Panther was smooth and easy, and the onboarding mentoring was super helpful. The Terraform interface is very nice for its supported features. Panther closed a critical gap by centralizing security event logs from various systems, simplifying incident investigation and correlation. PantherAI has been a significant help, taking the guesswork out of security incidents and enabling quicker issue identification. The UI is easy to use and navigate, and the alert investigation tools are intuitive.
What do you dislike about the product?
I would like to see greater Terraform support and the ability to manage rules as code outside of the Panther Analysis repository mechanism.
What problems is the product solving and how is that benefiting you?
Panther closes critical gaps by centralizing security logs from various systems, enabling easier incident investigation and correlation, and enhancing our ability to identify true positives.
Best SIEM on the market
What do you like best about the product?
If you have a threat hunting culture or have security in your DNA Panther is the product for you. As a Solution Architect implementing SIEM\ SOAR systems, I work with 10 different SIEM products every day. Not only is it the only platform where I write my best detections\ correlations in both the GUI and IDE - but where I also see daily, continued engagement from the D&R and InfoSec teams. Companies that buy Panther are more secure than those that do not as a result. Also their support is miles ahead of any other product on the market.
What do you dislike about the product?
I would like them to develop dashboards further and export their excellent AI analysis to alert destinations
What problems is the product solving and how is that benefiting you?
Detection as code
The most intuitive and practical SIEM, designed for modern security teams.
What do you like best about the product?
Panther is flexible, intuitive and practical. I have used Panther's Console (UI) and their Panther Analysis repository for detection as code quite frequently.
The Panther Console is intuitive and configuring integrations was straightforward.
I also used Panther quite frequently for Detection as code. One of the ways I like using it is creating new detections that are derived from Panther's detections and adding any custom logic that's needed for my organization.
What I like best:
- Support for Detection as Code, i.e. version control, validation, CI/CD etc.).
- Integrations with popular alert destinations, log sources, etc.
- Ease of Implementation / Ease of Integration
Bonus:
- I found Panther's customer support to be highly responsive and helpful. They were great at assisting my team and I, whether I had a simple technical question or a complex challenge unique to my organization.
- Good Documentation and examples within the documentation
The Panther Console is intuitive and configuring integrations was straightforward.
I also used Panther quite frequently for Detection as code. One of the ways I like using it is creating new detections that are derived from Panther's detections and adding any custom logic that's needed for my organization.
What I like best:
- Support for Detection as Code, i.e. version control, validation, CI/CD etc.).
- Integrations with popular alert destinations, log sources, etc.
- Ease of Implementation / Ease of Integration
Bonus:
- I found Panther's customer support to be highly responsive and helpful. They were great at assisting my team and I, whether I had a simple technical question or a complex challenge unique to my organization.
- Good Documentation and examples within the documentation
What do you dislike about the product?
Nothing that I necessarily dislike, usually anything that's missing or needed has been added as a feature.
One issue came up when using the Panther analysis repository. Merge conflicts can occur when syncing from the upstream panther-analysis repository but a custom workflow can be built as a workaround for that.
One issue came up when using the Panther analysis repository. Merge conflicts can occur when syncing from the upstream panther-analysis repository but a custom workflow can be built as a workaround for that.
What problems is the product solving and how is that benefiting you?
Panther solves problems related to alert fatigue, slow detection times, and the complexity of managing security at cloud scale. Reduces complexity of security operations.
It's benefiting me because I can use Panther's out of the box detections and further customize them with extra logic tailored to my organization. Overall it helps reduce the complexity of security operations and does not take a lot of time to onboard new log sources or configure integrations.
It's benefiting me because I can use Panther's out of the box detections and further customize them with extra logic tailored to my organization. Overall it helps reduce the complexity of security operations and does not take a lot of time to onboard new log sources or configure integrations.
A SIEM That Works the Way Security Teams Do
What do you like best about the product?
What stands out the most is how fast and flexible Panther is compared to traditional SIEMs. The detection-as-code approach has completely changed how we build and maintain rules—it’s version-controlled, testable, and easy to adapt as our environment changes. Onboarding cloud logs was surprisingly smooth, and the out-of-the-box normalization saved us a ton of setup time. The platform just feels built for modern security teams that need speed without sacrificing accuracy, and the support team has been phenomenal at helping us with all our questions.
What do you dislike about the product?
Right now, there isn’t a native way to bring in your own third-party enrichment, and incoming logs can only be enriched if a detection fires that matches its logic, which then applies the enrichment to that triggering event. That said, Panther has “Bring Your Own Enrichment” on their roadmap, and once that’s released, this small gap pretty much disappears.
What problems is the product solving and how is that benefiting you?
Panther is solving the pain points of traditional SIEMs: slow searches, rigid detection formats, and expensive scaling. For us, this means faster investigations, fewer false positives, and a platform that actually grows with our environment instead of holding it back.
The best SIEM for Detection as a Code implemnetation
What do you like best about the product?
There are few key areas where Panther SIEM does an amazing job. First one is the easy way to onboard any log source, it can support various data format and ways to ingest logs, it allows you to easily create parsers and for the out of the box integrations it provides many pre-build detections. Detections can be either written in python or UI low-code builder. There are also capabilities to create scheduled searches and correlation rules. As far as investigation goes there is an AI investigation functionality that is quite good.
What do you dislike about the product?
Is bit limited on external enrichment providers. Is also limited on the Alert UI as it can't be customised, neither custom statuses can be created,
What problems is the product solving and how is that benefiting you?
Helping us with security monitoring coverage and threat detection and response.
Truly the next generation of Security Logging and Monitoring
What do you like best about the product?
Panther has completely imbibed the ethos of Security Data Lake in its product. This will define the future of how all SIEMs will operate. Gone are the days of imagining SIEMs as a pay per GB product where you can make some custom language rules. Security Analysis is essentially a data problem and Panther's approach to solving it is the best in the business.
From no nonsense connectors to stellar in built detections, Panther has it all. For companies with low capacity for custom in house detection engineering, it just works. For teams with dedicated detection engineering staff, all the tools to make you successful are available out of the box.
The old guard of the SIEM industry are dead and security data lake is the future, with Panther leading the pack in the new generation of security analysis providers.
From no nonsense connectors to stellar in built detections, Panther has it all. For companies with low capacity for custom in house detection engineering, it just works. For teams with dedicated detection engineering staff, all the tools to make you successful are available out of the box.
The old guard of the SIEM industry are dead and security data lake is the future, with Panther leading the pack in the new generation of security analysis providers.
What do you dislike about the product?
Only thing I want to see from Panther is for them to start offering a MSSP style solution and staffing a SOC to monitor my Panther alerts!
What problems is the product solving and how is that benefiting you?
Ingesting, analysing, and alerting on security logs so I can be aware of any security events/incidents that I should be investigating/following up on.
Great SIEM With Lots of Out of the Box Detections
What do you like best about the product?
One of the things I like most about Panther is it's Python based detection rules. It easy to start with simple rule writing, but moving to writing more complex rules using Python is a breeze.
What do you dislike about the product?
As someone responsible for triaging alerts, I’ve found the UI a bit cumbersome—it’s missing some key quality-of-life features that would streamline triaging alerts. Integrating it with automation systems could unlock a lot of value to ease some of this.
What problems is the product solving and how is that benefiting you?
Panther handles log ingestion and normalization across cloud infrastructure without needing a heavy ELK stack or complex data plumbing. Panther makes it easier to focus on writing detections rather than operating a log ingestion infrastructure.
Great for Writing Detections
What do you like best about the product?
Writing detections in Python is super nice.
Being able to throw an indicator such as an IP address or username into Panther and having it search everywhere is convenient.
Being able to throw an indicator such as an IP address or username into Panther and having it search everywhere is convenient.
What do you dislike about the product?
When we make customizations to detection rules, it often causes merge conflicts when syncing from the upstream panther-analysis repo.
Custom SQL queries are often slow (on the order of 10 minutes).
Custom SQL queries are often slow (on the order of 10 minutes).
What problems is the product solving and how is that benefiting you?
Having our security relevant logs in one place where we can customize alerting and easily search during manual investigations.
SaaS Security Operations
What do you like best about the product?
We've been using Panther for nearly two years, and it's been a fantastic experience. Their commercial team has been consistently fair and transparent, which made the onboarding process smooth and the long-term relationship easy to manage.
Support-wise, Panther has been exceptional — fast, knowledgeable, and genuinely helpful whenever we’ve needed them. What’s impressed us most, though, is the platform’s rapid evolution. Since we joined, Panther has rolled out a steady stream of valuable features and native integrations, showing their strong commitment to innovation and customer needs.
Panther has become a key part of our security stack, and we’re excited to see how the platform continues to grow.
Support-wise, Panther has been exceptional — fast, knowledgeable, and genuinely helpful whenever we’ve needed them. What’s impressed us most, though, is the platform’s rapid evolution. Since we joined, Panther has rolled out a steady stream of valuable features and native integrations, showing their strong commitment to innovation and customer needs.
Panther has become a key part of our security stack, and we’re excited to see how the platform continues to grow.
What do you dislike about the product?
We work with external consultants who are more familiar with traditional SIEM platforms, so there was a brief adjustment period for them when adapting to Panther’s approach. That said, once they understood the architecture and workflows, things went smoothly. Beyond that, there's very little to dislike — Panther has consistently delivered on both functionality and support.
What problems is the product solving and how is that benefiting you?
Panther solves our core needs around log aggregation, monitoring, and detection. It provides a scalable and efficient way to manage security events across our cloud infrastructure, with flexibility that fits our engineering-driven workflows. This has helped us streamline threat detection and response while keeping costs predictable.
showing 11 - 20