My main use case for Panther is real-time monitoring of alerts, where we triage incidents that occur for our on-call duties. Panther is one of the major sources from which we receive alerts in real-time. I use Panther for real-time monitoring by integrating it with Teams and other applications that we use frequently. Whenever an alert comes up, based on the logs and integrations we have set up with Panther, we receive alerts that we triage for further investigation to determine whether they are false positives or not. Panther's AI feature specifically helps us a lot by simplifying our work, providing context on the findings and alerts it processes, and aiding us in understanding whether an activity could be benign or malicious. We receive Panther alerts since we have integrated many network components with it. Currently, we are utilizing the AI Triage feature, which offers significant clarity on issues and whether they might be false positives or not, allowing us to focus more on suspicious findings. Sometimes what I observe is that an alert could be a false positive, yet it could also be a true positive. However, AI Triage significantly aids us, and we still need to verify if we are genuinely affected or not.
Day-to-day, we use Panther AI SOC in-house for centralized SOC monitoring for cloud threat detection. Panther assists security analysts by analyzing security telemetry from the cloud, gathering logs from endpoints, identity, and infrastructure sources such as firewalls, endpoints, and DLP. The AI-assisted detection helps in prioritizing and investigating suspicious activity. One example of Panther's efficiency is when investigating unusual authentication behavior. It correlated telemetry data and provided better context around suspicious patterns, speeding up investigation with enriched context rather than manual log correlation. Panther is integrated with the broader SOC workflow alongside cloud telemetry such as IAM logs and infrastructure events, enhancing the AI-assisted analysis. Panther integrates multiple sources for AI-assisted SOC visibility and investigation support, providing contextual investigation and better signal correlation. Due to its centralized telemetry and AI-driven support, it is essential in cloud-heavy environments. A useful aspect is better prioritization of suspicious behavior, as AI assists with higher confidence signals, reducing manual alert validation time. From an operational standpoint, Panther has matured our investigations, as analysts focus more on risk validation and response rather than stitching logs.
Infosec Analyst at a tech vendor with 201-500 employees
Real User
Top 5
Mar 4, 2025
We use Panther ( /products/panther-reviews ) for our SIEM ( /categories/security-information-and-event-management-siem ) solution. It is used for aggregating logs and analyzing user activities. We can filter down to individual roles inside of AWS ( /products/amazon-aws-reviews ) through all the accounts and user activities.
Find out what your peers are saying about Panther, Sumo Logic, Anvilogic and others in Security Information and Event Management (SIEM). Updated: May 2026.
SIEM integrates real-time monitoring with advanced analysis of security events. It consolidates functions to provide comprehensive threat detection and response, enhancing organizational security measures.SIEM solutions offer extensive threat intelligence, enabling security teams to detect anomalies and incidents effectively. They provide a centralized view of an organization's security posture, combining various data sources and offering sophisticated correlation and monitoring tools....
My main use case for Panther is real-time monitoring of alerts, where we triage incidents that occur for our on-call duties. Panther is one of the major sources from which we receive alerts in real-time. I use Panther for real-time monitoring by integrating it with Teams and other applications that we use frequently. Whenever an alert comes up, based on the logs and integrations we have set up with Panther, we receive alerts that we triage for further investigation to determine whether they are false positives or not. Panther's AI feature specifically helps us a lot by simplifying our work, providing context on the findings and alerts it processes, and aiding us in understanding whether an activity could be benign or malicious. We receive Panther alerts since we have integrated many network components with it. Currently, we are utilizing the AI Triage feature, which offers significant clarity on issues and whether they might be false positives or not, allowing us to focus more on suspicious findings. Sometimes what I observe is that an alert could be a false positive, yet it could also be a true positive. However, AI Triage significantly aids us, and we still need to verify if we are genuinely affected or not.
Day-to-day, we use Panther AI SOC in-house for centralized SOC monitoring for cloud threat detection. Panther assists security analysts by analyzing security telemetry from the cloud, gathering logs from endpoints, identity, and infrastructure sources such as firewalls, endpoints, and DLP. The AI-assisted detection helps in prioritizing and investigating suspicious activity. One example of Panther's efficiency is when investigating unusual authentication behavior. It correlated telemetry data and provided better context around suspicious patterns, speeding up investigation with enriched context rather than manual log correlation. Panther is integrated with the broader SOC workflow alongside cloud telemetry such as IAM logs and infrastructure events, enhancing the AI-assisted analysis. Panther integrates multiple sources for AI-assisted SOC visibility and investigation support, providing contextual investigation and better signal correlation. Due to its centralized telemetry and AI-driven support, it is essential in cloud-heavy environments. A useful aspect is better prioritization of suspicious behavior, as AI assists with higher confidence signals, reducing manual alert validation time. From an operational standpoint, Panther has matured our investigations, as analysts focus more on risk validation and response rather than stitching logs.
We use Panther ( /products/panther-reviews ) for our SIEM ( /categories/security-information-and-event-management-siem ) solution. It is used for aggregating logs and analyzing user activities. We can filter down to individual roles inside of AWS ( /products/amazon-aws-reviews ) through all the accounts and user activities.