New Support for Suricata, CloudTrail Insights, Apache Access, GitLab Application Logs, and Global Helpers

Great news! We now support built-in log parsing for even more data sources and helper functions for more efficient custom detections.

What?

Support for new logs

Panther already included parsers for a wide range of logs from AWS, Fluentd, Osquery, Nginx, OSSEC, Zeek/Bro, and more. Recently we added native support for Suricata Anomaly, Suricata DNS, CloudTrail Insights, Apache Access, and GitLab Application logs.

Reusable code with global analysis type

When writing custom policies or rules, it’s common to find yourself repeating the same logic across multiple detections. A common pattern in programming is to extract this repeated code into helper functions. In Panther, we now support this with the new allseas type global.

Currently, each deployment has exactly one global analysis type, which defines functions and variables that are imported and used by your detections.

To use the global analysis type, simply add import panther to your detection policy code, and then use the helper functions defined like you would as any other Python library. Modifying global is also supported via the panther_analysis_tool (CLI) and the UI.

For more information about global analysis types, read the docs.

Why?

Panther’s built-in log parsers work in tandem with the Panther rules engine, converting raw log data into usable parsed events. Parsed logs result in uniform data formatting, enabling faster searches, more expressive and strategic rules, and efficient long-term storage of log data. Panther’s growing ecosystem of integrations helps simplify the centralization of security log data.

How does this impact you?

If you need to collect your logs from Suricata, CloudTrail Insights, Apache Access, or GitLab, these new features will accelerate your integration. As always, we’ve made our parsers available on GitHub, giving you the flexibility to do what works best for your organization.

Read the Docs


Find documentation for the newly supported log services:

Need support for a new log type? We prioritize support for new data sources for Panther Enterprise customers. Request a demo.

TL;DR

We now support more pre-built log parsing integrations (Suricata, CloudTrail Insights, GitLab Application Logs, Apache Access Logs), UI Support for global analysis type, and more!