Panther is a modern SIEM built for security operations at scale. Teams can define detections as code and programmatically upload them to their Panther deployment. This repository contains detections developed by the Panther Team and the Community, welcoming contributions. The repo structure includes folders with rules for analyzing logs, policies for secure resource states, and scheduled rules for SQL query outputs. Python environment setup instructions are provided for installation and running.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Serverless, real-time data analysis framework for incident detection and response.
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.
Investigate malicious logons by visualizing and analyzing Windows Active Directory event logs with LogonTracer.
A dynamic GUI for advanced log analysis, allowing users to execute SQL queries on structured log data.
Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.