Panther is a scalable, open-source, cloud-native SIEM written in Golang/React.
Developed by a dedicated team of cloud security practitioners, Panther is designed to be:
- Flexible: Python-based detections with integrations into common tools such as PagerDuty, Slack, MS Teams, and more
- Scalable: Built with serverless technology for cost and operational efficiency at any scale
- Secure: Least-privilege and encrypted infrastructure that you control
- Integrated: Support for many popular security logs combined with rich information about your cloud resources
- Automated: Fast and simple deployments with AWS CloudFormation
- SIEM: Centralize all security log data for threat detection, historical search, long-term storage, and investigations
- Threat Detection: Detect suspicious activity quickly and effectively with Python rules
- Alerting: Send notifications to your team when new issues are identified
- Cloud Compliance: Detect and enforce AWS infrastructure best practices with Python policies
- Automatic Remediation: Correct insecure infrastructure as soon as new issues are identified
Check out our website, blog, and docs to learn more!
NOTE: Panther is currently in beta.
To deploy Panther from source:
- Install Go 1.13+, Node 10+, and Python 3.7+
- For mac w/ homebrew,
brew install go node python3
- For mac w/ homebrew,
- Install the AWS CLI
- Configure your AWS region and credentials
- Install Mage
- If you run into issues, try explicitly setting GOPATH:
export GOPATH=$HOME/go
- If you run into issues, try explicitly setting GOPATH:
- Clone the repo to
$GOPATH/src
- HTTPS:
git clone https://github.com/panther-labs/panther $GOPATH/src/github.com/panther-labs/panther
- SSH:
git clone [email protected]:panther-labs/panther $GOPATH/src/github.com/panther-labs/panther
- HTTPS:
- From the root of the repo, run
mage setup && npm i
pip
may show warnings about incompatible packages which are safe to ignore
- Deploy!
mage deploy
- Your IAM role will need permission to create resources in Lambda, DynamoDB, S3, ECS, ELB, EC2 (security groups, subnets, VPC), SNS, SQS, SES, KMS, IAM, CloudFormation, CloudWatch, API Gateway, Cognito, and AppSync.
- NOTE: The initial deploy will take 10-15 minutes. If your credentials timeout, you can safely redeploy to pick up where you left off.
- Configure your initial Panther admin user
- Near the end of the deploy command, you'll be prompted for first/last name and email
- You will get an email from [email protected] with your temporary password. If you don't see it, be sure to check your spam folder.
- Sign in to Panther! The URL is listed in the welcome email and also printed at the end of the deploy command.
- WARNING: By default, Panther generates a self-signed certificate, which will cause most browsers to present a warning page.
- If you see a "502 Bad Gateway" error, wait a few minutes and refresh the page
- Onboard your AWS account(s) in your Panther deployment!
Since the majority of Panther is written in Go, we follow the standard Go project layout.
Run mage
to see the list of available commands (-v
for verbose mode). You can easily chain mage
commands together, for example:
mage fmt test:ci deploy
- Run backend test suite:
mage test:ci
- Run frontend test suite:
npm run lint
- Run integration tests against a live deployment:
mage test:integration
- WARNING: Integration tests will erase all Panther data stores
- To run tests for only one package:
PKG=./internal/compliance/compliance-api/main mage test:integration
We welcome contributions! Please read the contributing guidelines before submitting pull requests.
Panther is dual-licensed under the AGPLv3 and Apache-2.0 licenses.