Panther FAQs

Question 1

How does Panther help with alert triage?

Accepted Answer

Panther provides tools to efficiently triage, comment on, and resolve alerts, streamlining your incident response workflow and reducing alert fatigue.

Question 2

What security best practices does Panther recommend for MCP Server?

Accepted Answer

Panther recommends running trusted, signed MCP servers, applying strict least-privilege to API tokens, sandboxing the MCP server (e.g., with Docker), monitoring credential access, and scanning with `mcp-scan` for vulnerabilities.

Question 3

What can I do with natural language querying in Panther?

Accepted Answer

You can interactively query security logs using natural language to quickly find the information you need, simplifying investigations and reducing the time to understand security events.

Question 4

Can I query the Panther data lake directly?

Accepted Answer

Yes, Panther allows you to execute SQL queries against its data lake, giving you direct access to your security data for advanced analysis and reporting.

Question 5

What is Panther MCP Server?

Accepted Answer

Panther's MCP Server enables interactive security operations within the Panther platform, allowing you to write and tune detection rules, query logs using natural language, and efficiently manage alerts.

Panther

概要

主な機能

ユースケース