Panther Reviews

My main use case for Panther is real-time monitoring of alerts, where we triage incidents that occur for our on-call duties. Panther is one of the major sources from which we receive alerts in real-time.

I use Panther for real-time monitoring by integrating it with Teams and other applications that we use frequently. Whenever an alert comes up, based on the logs and integrations we have set up with Panther, we receive alerts that we triage for further investigation to determine whether they are false positives or not. Panther's AI feature specifically helps us a lot by simplifying our work, providing context on the findings and alerts it processes, and aiding us in understanding whether an activity could be benign or malicious.

We receive Panther alerts since we have integrated many network components with it. Currently, we are utilizing the AI Triage feature, which offers significant clarity on issues and whether they might be false positives or not, allowing us to focus more on suspicious findings. Sometimes what I observe is that an alert could be a false positive, yet it could also be a true positive. However, AI Triage significantly aids us, and we still need to verify if we are genuinely affected or not.

The best features Panther offers are AI Triage, the ability to comment on our activities, and seamless integration with other communication sources such as PagerDuty, Microsoft Teams, and potentially Slack, showcasing the flexibility we have in using this tool.

The most valuable feature for my team is definitely AI Triage, which helps save a lot of time by eliminating the need for manual research regarding patterns that may be repeated, making our work easier and more efficient.

Panther has positively impacted my organization as it serves as one of the main sources for triaging real-time incidents. Panther definitely plays a key role in the work that we do.

Specific outcomes that show how Panther has helped our organization include saving a lot of time, especially since the AI Triage feature reduces the necessity to reach out to others for clarity, which it occasionally accomplishes on its own. To be honest, it does lack some aspects. For example, if it could access our organizational knowledge, including the Jira database, it might better analyze incidents and determine whether they are false positives or not by using more contextual data.

Panther could be improved by adding a feature that allows it to access organizational data, which would help produce better-tuned outputs with fewer false positives and alerts, making our jobs easier. Additionally, a feature in the alert section that enables users to create rules, perhaps using AI, to whitelist or blacklist certain patterns would also be useful.

The only thing that comes to mind right now as an improvement is having greater organizational knowledge integration and fine-tuning the alerts we receive, along with better triage capabilities.

I have been using Panther for more than one year.

Based on my experience, Panther is definitely stable.

Panther's scalability is good. We have not encountered any scalability issues, as it handles whatever alerts arise appropriately.

Customer support for Panther is good, although we have not needed to utilize it much. I believe they have a solid support system in place.

Panther is the first solution we have used, and we are now considering the Wiz option. I have not switched from any other solution previously.

I believe we have seen a return on investment from using Panther, especially given our large infrastructure and network, which generates many alerts. Panther helps us in triaging and fine-tuning these alerts, saving a significant amount of time. The AI Triage feature frequently allows us to bypass manual triaging, contributing to our ROI from Panther.

I am not aware of the pricing, setup cost, and licensing details, as I handle the usage of Panther and not the setup process.

I am not sure if other options were evaluated before choosing Panther because I joined the team only within the last year. Thus, I cannot provide details on what others may have considered.

On a scale of one to ten, I would rate Panther an eight out of ten.

I give it an eight out of ten because, although it is a good tool, we are currently exploring Wiz as an option, which sometimes provides more detailed insights compared to Panther. Ultimately, both tools are similar, but we are still in the discovery phase as we consider our options.

Panther is a reputed tool in terms of AI governance and security. We base our confidence on the trust it has garnered and its security certifications along with risk assessments, so we feel comfortable with the data it handles.

Regarding Panther's accuracy and reliability of output, I would rate it at 70 percent since, at times, it identifies findings as valid when they may actually be false positives, which we have experienced in a few cases.

My advice for those looking to use Panther is that if you are aiming to reduce time, resources, and enhance efficiency, Panther's AI Triage is an excellent option. If it had the capability to scale with additional organizational knowledge, it would be an even more effective tool for triaging alerts.

I believe Panther is a good tool. The AI Triage feature saves a considerable amount of time, and if it were to incorporate organizational knowledge, it could provide finer-tuned results. For instance, if it can relate incidents, such as identifying a port scan, to our Jira data, it could determine whether it was likely a false positive based on existing knowledge. If it could integrate diverse contextual data, it would enhance its effectiveness considerably. My overall rating for this product is eight out of ten.

Public Cloud

Amazon Web Services (AWS)

Day-to-day, we use Panther AI SOC in-house for centralized SOC monitoring for cloud threat detection. Panther assists security analysts by analyzing security telemetry from the cloud, gathering logs from endpoints, identity, and infrastructure sources such as firewalls, endpoints, and DLP. The AI-assisted detection helps in prioritizing and investigating suspicious activity.

One example of Panther's efficiency is when investigating unusual authentication behavior. It correlated telemetry data and provided better context around suspicious patterns, speeding up investigation with enriched context rather than manual log correlation.

Panther is integrated with the broader SOC workflow alongside cloud telemetry such as IAM logs and infrastructure events, enhancing the AI-assisted analysis.

Panther integrates multiple sources for AI-assisted SOC visibility and investigation support, providing contextual investigation and better signal correlation. Due to its centralized telemetry and AI-driven support, it is essential in cloud-heavy environments.

A useful aspect is better prioritization of suspicious behavior, as AI assists with higher confidence signals, reducing manual alert validation time.

From an operational standpoint, Panther has matured our investigations, as analysts focus more on risk validation and response rather than stitching logs.

Panther offers robust AI-assisted SOC visibility and investigation support, integrating multiple sources. Instead of generating alerts, Panther helps analysts with contextual investigation and better signal correlation. In today's cloud-heavy environments, centralized telemetry, coupled with AI-driven investigation support, becomes incredibly useful.

Operationally, Panther has improved investigation maturity. Analysts spend less time manually stitching logs and focus more on risk validation and response. From a SOC perspective, investigation quality has improved as the AI assistance makes context easier to understand.

An improvement area could be reporting flexibility and dashboard customization for enterprise-level reporting since larger organizations may want deeper workflow customization based on internal governance requirements. As we use multiple SIEMs, improvements in these aspects would be beneficial.

Another potential enhancement is having AI recommendations become more contextual over time, especially in reducing false positives and tuning prioritization for organization-specific environments. Training the AI will hone alerts and incidents' accuracy.

I started evaluating and using Panther within our SOC since 2024, providing POCs to end clients. Panther is a cloud security tool focused on workflow, initially emphasizing visibility and centralized detection, and we have leveraged its AI-driven investigation capabilities for better alert context and faster triage.

Panther has been stable in our experience, offering reliable cloud-native monitoring and security analytic workflows without downtime or reliability issues.

Panther's scalability has kept up with our growth, efficiently handling our cloud environment and increasing telemetry data as our monitoring requirements expand based on customer needs.

I have reached out to Panther customer support via email and engaged directly with the TAM. They have assisted us well, especially during customer onboarding issues, providing a positive experience.

Previously, we used Seceon aiSIEM, but the AI capability was not as mature compared to Panther, prompting us to switch after evaluating several SIEM platforms and products.

We have seen a return on investment measured primarily through SOC efficiency and productivity improvements. The return is operational, with teams observing a twenty to thirty-five percent improvement in investigation efficiency depending on the environment and product maturity.

In terms of pricing, it generally depends on the ingestion scale, telemetry volume, integration, and specific enterprise requirements as we onboard multiple customers. Our evaluation of Panther was based on our SOC efficiency gains and investigation maturity, with decisions typically made by our leadership or the salesperson.

We evaluated other options before choosing Panther, including Seceon and multiple AI platforms with integration capabilities, based on our cloud visibility needs.

My advice for others looking into using Panther is first to understand their requirements. If an organization has both cloud and on-prem environments, Panther becomes even more valuable, especially for those with extensive cloud data and analysts spending significant time investigating or correlating logs, as Panther's AI SOC workflow helps enhance operational efficiency.

Panther's output has been consistent in terms of accuracy and reliability, depending on relevant alerts and use cases. We trained their AI platform based on our logs, significantly reducing issues, allowing our team to focus on specific alert parts or incidents.

Practically speaking, Panther commonly integrates with AWS in our environment and can connect with Azure and other cloud-native services depending on the architecture, leveraging AWS-related telemetry visibilities.

Panther is integrated within our cloud-centric SOC environments, connecting to multiple telemetry sources throughout our enterprise.

We purchased Panther directly from sales, not through the AWS Marketplace, and our company acts as a reseller for Panther based on my prior experience.

I would rate this review an eight out of ten.

Public Cloud

Amazon Web Services (AWS)

We use Panther for our SIEM solution. It is used for aggregating logs and analyzing user activities. We can filter down to individual roles inside of AWS through all the accounts and user activities.

I find Panther's detection capabilities and integrations to be highly valuable. It allows integration with anything as long as I am willing to write detections, and their team is very helpful. I find its log analysis capabilities valuable. It enables me to filter down to individual roles in AWS, and if I am skilled at SQL queries, I can query anything. The infrastructure as code feature allows me to use Git repositories to manage detections and import detections from other Git repositories.

The solution could be improved by providing more built-in integrations, which would reduce the need for me to build them myself.

I have had experience with Panther for two years.

The search is pretty good, and it builds SQL queries for me, allowing me to go through logs and click on elements to add filters, automatically building the query.

The support team is very helpful and supportive.

Neutral

Before Panther, we mainly relied on CloudWatch and did not have a dedicated SIEM solution. We are a cloud-only company, and Panther was a good fit for us.

Setting up Panther was straightforward and easy, worthy of an eight out of ten in terms of ease.

Our security team is quite small, consisting of fewer than five people, and we were able to deploy Panther. The same small team can maintain the solution and build integrations.

Panther does what is expected of a SIEM solution. It is used by engineers for troubleshooting issues and defining role-based controls for visibility between teams.

I find the pricing to be reasonable, although I can't recall the exact cost.

We evaluated Panther against Devo and Gurucul. Panther offered better hot storage for logs and was less expensive than Devo.

I would recommend Panther to other companies because of its ease of use. The infrastructure as code feature allows using Git repositories for secure detections. Overall, I would rate the solution eight out of ten.

Public Cloud

Other