Panther - Cloud Connected
PantherExternal reviews
40 reviews
from
External reviews are not included in the AWS star rating for the product.
Exceptional Customer Focus and Agile, Tailored Solutions
What do you like best about the product?
Panther works closely with customers to resolve issues efficiently and deliver agile solutions tailored to their needs.
What do you dislike about the product?
Panther would benefit from having additional custom script–based log collectors to improve flexibility and coverage.
What problems is the product solving and how is that benefiting you?
Panther delivers comprehensive detection coverage across varied log sources — from cloud infrastructure to application data.
Efficient Code-Driven Alert Management
What do you like best about the product?
Code-driven alert management! Wide range of pre-built alerts. Solid support. Straightforward integration with AWS and anything that can write to AWS S3.
What do you dislike about the product?
Full `git` integration with a consistent deployment pipeline is challenging to set up and requires a lot of custom workflow implementation and legwork to get fully working. Incomplete story around temporary access credentials and avoiding static/durable credentials.
What problems is the product solving and how is that benefiting you?
Proactively identify risks and risky behavior, alert on suspicious behavior, perform retrospective analysis to understand causal factors for issues and perform forensics.
Great SIEM With Lots of Out of the Box Detections
What do you like best about the product?
One of the things I like most about Panther is it's Python based detection rules. It easy to start with simple rule writing, but moving to writing more complex rules using Python is a breeze.
What do you dislike about the product?
As someone responsible for triaging alerts, I’ve found the UI a bit cumbersome—it’s missing some key quality-of-life features that would streamline triaging alerts. Integrating it with automation systems could unlock a lot of value to ease some of this.
What problems is the product solving and how is that benefiting you?
Panther handles log ingestion and normalization across cloud infrastructure without needing a heavy ELK stack or complex data plumbing. Panther makes it easier to focus on writing detections rather than operating a log ingestion infrastructure.
Great for Writing Detections
What do you like best about the product?
Writing detections in Python is super nice.
Being able to throw an indicator such as an IP address or username into Panther and having it search everywhere is convenient.
Being able to throw an indicator such as an IP address or username into Panther and having it search everywhere is convenient.
What do you dislike about the product?
When we make customizations to detection rules, it often causes merge conflicts when syncing from the upstream panther-analysis repo.
Custom SQL queries are often slow (on the order of 10 minutes).
Custom SQL queries are often slow (on the order of 10 minutes).
What problems is the product solving and how is that benefiting you?
Having our security relevant logs in one place where we can customize alerting and easily search during manual investigations.
SIEM with best architecture
What do you like best about the product?
I personally think panther is well architectured SIEM that has a enormous potential to growth in various aspect such as volume increases and very flexible architecture for writing detecting rules, especially geared us many tools to help e do detection engieering
What do you dislike about the product?
Panther also has some latencies, each often ignored in other SIEM solutions.
I personally love how panther shows their latencies in plain sight, and make us understand whats happening under detections. I did managed other SIEMs, but these are the first one that has tranaparencies in detection processes.
I personally love how panther shows their latencies in plain sight, and make us understand whats happening under detections. I did managed other SIEMs, but these are the first one that has tranaparencies in detection processes.
What problems is the product solving and how is that benefiting you?
The ease of Integrations and their architecture to ingest more logs with less costs.
Top technology in the market
What do you like best about the product?
I like many features from Panther, one of the best thing for me is always coming with new improvements that align where the market is pointing out. Also, they are always listening to their customers that provides feedbacks and work as a team to provide a solution.
What do you dislike about the product?
Fully managing Panther in the long run can bring some operational work regarding updates and upgrades for their detections and the CI/CD pipeline. Those tasks requires more time and experience from teams outside SecOps.
What problems is the product solving and how is that benefiting you?
For my role here, Panther helps me to have a good visibility regarding my cloud accounts and create policies/alerts for things that I can identify as risk.
Detection capabilities and helpful support team enhance log analysis and integration flexibility
What is our primary use case?
What is most valuable?
I find Panther's detection capabilities and integrations to be highly valuable. It allows integration with anything as long as I am willing to write detections, and their team is very helpful. I find its log analysis capabilities valuable. It enables me to filter down to individual roles in AWS, and if I am skilled at SQL queries, I can query anything. The infrastructure as code feature allows me to use Git repositories to manage detections and import detections from other Git repositories.
What needs improvement?
The solution could be improved by providing more built-in integrations, which would reduce the need for me to build them myself.
For how long have I used the solution?
I have had experience with Panther for two years.
What was my experience with deployment of the solution?
The search is pretty good, and it builds SQL queries for me, allowing me to go through logs and click on elements to add filters, automatically building the query.
How are customer service and support?
The support team is very helpful and supportive.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Before Panther, we mainly relied on CloudWatch and did not have a dedicated SIEM solution. We are a cloud-only company, and Panther was a good fit for us.
How was the initial setup?
Setting up Panther was straightforward and easy, worthy of an eight out of ten in terms of ease.
What about the implementation team?
Our security team is quite small, consisting of fewer than five people, and we were able to deploy Panther. The same small team can maintain the solution and build integrations.
What was our ROI?
Panther does what is expected of a SIEM solution. It is used by engineers for troubleshooting issues and defining role-based controls for visibility between teams.
What's my experience with pricing, setup cost, and licensing?
I find the pricing to be reasonable, although I can't recall the exact cost.
Which other solutions did I evaluate?
What other advice do I have?
I would recommend Panther to other companies because of its ease of use. The infrastructure as code feature allows using Git repositories for secure detections. Overall, I would rate the solution eight out of ten.
Excellent tool for teams using detection as code
What do you like best about the product?
Panther is incredibly responsive - it's a definite partnership. The team continues to develop features with input from customers about what is most needed. The ability to write detections in Python is very helpful. New feature rollouts make creating detections and doing searches more accessible to less technical employees. The ability to truly implement detection as code is really cool, but it's not a must to implement Panther. The flexibility of ingesting anything you can get to S3 introduces some up front work, but once a process is established, custom ingestions can be done quickly.
What do you dislike about the product?
Panther lacks some functionality you expect from the typical SIEM - visualizations specifically lag, but this can be addressed with other tools. There is a fairly steep learning curve if you are not experienced with Python, SQL, and YAML. However, all SIEMs have a fairly steep learning curve. If your team has some experience with development, the languages should be familiar and easy to get the hang of how Panther uses them.
What problems is the product solving and how is that benefiting you?
Centralized monitoring, detection, and response. Ingesting data via API is straight forward and can be largely templatized for efficiency. Recent additions to ingestion options (like webhooks) will continue to make ingestions more efficient. The ability to work in code is a major benefit for teams committed to a CI/CD environment.
A great and convenient SIEM product to transition to
What do you like best about the product?
Overall a very positive experience. It was very easy to deploy and the how-to's and guides throughout were really helpful to help guide and integrate through the new security system.
What do you dislike about the product?
I feel that there's too much coding needed if you want to fine tuning inclusion and exclusion criteria. These can use more automation and promote more user-friendliness.
What problems is the product solving and how is that benefiting you?
Panther integrates with various threat intelligence sources, providing up-to-date information on known threats and vulnerabilities. This integration enables the system to correlate real-time events with threat intelligence data, enhancing the accuracy of threat detection and response. The seamless integration with external sources ensures that organizations stay one step ahead of emerging threats.
Alert Destination features for our Amazon SQS and SNS services are effective for health notification
What do you like best about the product?
We enable one-way alert synchronization between the Panther console and our incident management platform to generate real-time notifications & updates. Pulling MongoDB and AWS DynamoDB logs is done seamlessly through Panther APIs. To improve detection match rates, we use its Data Replay processing to get transparency about event triggers.
What do you dislike about the product?
Updation in CloudFormation deployment parameters is required in Panther's backend framework. This will help us to orchestrate our infrastructure monitoring better and reorganize our rules, queries and customer policies. All other features for custom detection, log analysis, and notification is excellent with Panther.
What problems is the product solving and how is that benefiting you?
Panther gives the privilege to write custom detections & queries for our audit logs for ingesting security events. By enabling its Data Replay, we effectively reduce the time taken to load events and create its retention policy. For real-time health notifications, we integrate Panther with our Amazon Simple Notification Service (SNS) and regulate mail alerts through Simple Queue Service (SQS) for all business-critical applications. We can also override these destination alerts with either rule-based or policy-based metadata inclusions.
showing 1 - 10