Panther could be improved by adding a feature that allows it to access organizational data, which would help produce better-tuned outputs with fewer false positives and alerts, making our jobs easier. Additionally, a feature in the alert section that enables users to create rules, perhaps using AI, to whitelist or blacklist certain patterns would also be useful. The only thing that comes to mind right now as an improvement is having greater organizational knowledge integration and fine-tuning the alerts we receive, along with better triage capabilities.
An improvement area could be reporting flexibility and dashboard customization for enterprise-level reporting since larger organizations may want deeper workflow customization based on internal governance requirements. As we use multiple SIEMs, improvements in these aspects would be beneficial. Another potential enhancement is having AI recommendations become more contextual over time, especially in reducing false positives and tuning prioritization for organization-specific environments. Training the AI will hone alerts and incidents' accuracy.
Find out what your peers are saying about Panther, Sumo Logic, Anvilogic and others in Security Information and Event Management (SIEM). Updated: May 2026.
SIEM integrates real-time monitoring with advanced analysis of security events. It consolidates functions to provide comprehensive threat detection and response, enhancing organizational security measures.SIEM solutions offer extensive threat intelligence, enabling security teams to detect anomalies and incidents effectively. They provide a centralized view of an organization's security posture, combining various data sources and offering sophisticated correlation and monitoring tools....
Panther could be improved by adding a feature that allows it to access organizational data, which would help produce better-tuned outputs with fewer false positives and alerts, making our jobs easier. Additionally, a feature in the alert section that enables users to create rules, perhaps using AI, to whitelist or blacklist certain patterns would also be useful. The only thing that comes to mind right now as an improvement is having greater organizational knowledge integration and fine-tuning the alerts we receive, along with better triage capabilities.
An improvement area could be reporting flexibility and dashboard customization for enterprise-level reporting since larger organizations may want deeper workflow customization based on internal governance requirements. As we use multiple SIEMs, improvements in these aspects would be beneficial. Another potential enhancement is having AI recommendations become more contextual over time, especially in reducing false positives and tuning prioritization for organization-specific environments. Training the AI will hone alerts and incidents' accuracy.
The solution could be improved by providing more built-in integrations, which would reduce the need for me to build them myself.