Skip to content

Panther is a powerful and flexible cloud-native SIEM for threat detection, cloud compliance, and long-term data storage.

License

Notifications You must be signed in to change notification settings

gane5hvarma/panther

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Panther Logo

Gitter CircleCI Built with Mage


Panther is a scalable, open-source, cloud-native SIEM written in Golang/React.

Developed by a dedicated team of cloud security practitioners, Panther is designed to be:

  • Flexible: Python-based detections with integrations into common tools such as PagerDuty, Slack, MS Teams, and more
  • Scalable: Built with serverless technology for cost and operational efficiency at any scale
  • Secure: Least-privilege and encrypted infrastructure that you control
  • Integrated: Support for many popular security logs combined with rich information about your cloud resources
  • Automated: Fast and simple deployments with AWS CloudFormation

Panther Use Cases

  • SIEM: Centralize all security log data for threat detection, historical search, long-term storage, and investigations
  • Threat Detection: Detect suspicious activity quickly and effectively with Python rules
  • Alerting: Send notifications to your team when new issues are identified
  • Cloud Compliance: Detect and enforce AWS infrastructure best practices with Python policies
  • Automatic Remediation: Correct insecure infrastructure as soon as new issues are identified

Check out our website, blog, and docs to learn more!

NOTE: Panther is currently in beta.

Getting Started

To deploy Panther from source:

  1. Install Go 1.13+, Node 10+, and Python 3.7+
    • For mac w/ homebrew, brew install go node python3
  2. Install the AWS CLI
  3. Install Mage
    • If you run into issues, try explicitly setting GOPATH: export GOPATH=$HOME/go
  4. Clone the repo to $GOPATH/src
    • HTTPS: git clone https://github.com/panther-labs/panther $GOPATH/src/github.com/panther-labs/panther
    • SSH: git clone [email protected]:panther-labs/panther $GOPATH/src/github.com/panther-labs/panther
  5. From the root of the repo, run mage setup && npm i
    • pip may show warnings about incompatible packages which are safe to ignore
  6. Deploy! mage deploy
    • Your IAM role will need permission to create resources in Lambda, DynamoDB, S3, ECS, ELB, EC2 (security groups, subnets, VPC), SNS, SQS, SES, KMS, IAM, CloudFormation, CloudWatch, API Gateway, Cognito, and AppSync.
    • NOTE: The initial deploy will take 10-15 minutes. If your credentials timeout, you can safely redeploy to pick up where you left off.
  7. Configure your initial Panther admin user
    • Near the end of the deploy command, you'll be prompted for first/last name and email
    • You will get an email from [email protected] with your temporary password. If you don't see it, be sure to check your spam folder.
  8. Sign in to Panther! The URL is listed in the welcome email and also printed at the end of the deploy command.
    • WARNING: By default, Panther generates a self-signed certificate, which will cause most browsers to present a warning page.
    • If you see a "502 Bad Gateway" error, wait a few minutes and refresh the page
  9. Onboard your AWS account(s) in your Panther deployment!

Development

Since the majority of Panther is written in Go, we follow the standard Go project layout.

Run mage to see the list of available commands (-v for verbose mode). You can easily chain mage commands together, for example:

mage fmt test:ci deploy

Testing

  1. Run backend test suite: mage test:ci
  2. Run frontend test suite: npm run lint
  3. Run integration tests against a live deployment: mage test:integration
    • WARNING: Integration tests will erase all Panther data stores
    • To run tests for only one package: PKG=./internal/compliance/compliance-api/main mage test:integration

Contributing

We welcome contributions! Please read the contributing guidelines before submitting pull requests.

License

Panther is dual-licensed under the AGPLv3 and Apache-2.0 licenses.

About

Panther is a powerful and flexible cloud-native SIEM for threat detection, cloud compliance, and long-term data storage.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published