Panther

How useful is behavior analysis in threat detection? In season two of the Detection at Scale podcast, Jeff Bollinger, Director of Incident Response and Detection Engineering at LinkedIn, explores the complex landscape of security monitoring, including the pivotal role of behavioral analysis and the increasing importance of detecting and monitoring unusual behaviors by entities in the cybersecurity domain. Although human behavior is too unpredictable for it to be an end-all-be-all indicator, it can still tell us a lot about what signals are actually threats and which are just noise. Check out the full episode here 👉 https://lnkd.in/g4MxarkD #DetectionatScale #Cybersecurity #DetectionEngineering #SecurityEngineering Hosted by: Jack Naglieri

🤔 How does your SIEM handle ingesting custom log sources? Fed up with the time-intensive “nightmare” of onboarding unsupported log sources, Varo switched to Panther because of our easy data ingestion options. Learn how Varo uses Panther to centralize alerting and gain the visibility they need to secure their environment. Read the case study 👉 https://lnkd.in/gGFRCiPC #DetectionAsCode #SecurityEngineering #DetectionEngineering

Have you ever had to search for a particular string in your logs, but you don’t know what field it's in? We’ve been there too, and we know how much of a pain it is. In #PantherFlow, we made this a piece of cake. 🍰 🔍 Just invoke the "search" operator followed by your string, and PantherFlow will handle locating it in your data. For a more complex search pattern, use boolean logic or wildcards. No need to figure out the right field first. Curious how our piped query language simplifies search? Read about it in our blog 👉 https://lnkd.in/gk6cBxFg #DetectionAsCode #DetectionEngineering #SecurityEngineering

🔥🔥🔥 Some #gratitude coming in hot! 🏆 We want to recognize our vibrant Panther community whose contributions improve our open-source ruleset on the daily. We know the SecOps community is driven by open-source tools and standards, which is why our ruleset has been open-sourced from the start—and proudly a part of the #Sigma ecosystem. Recently, our Threat Research team started a quarterly newsletter to recognize and celebrate our contributors. 🎉 We give one lucky winner a prize for having the most impact on our ruleset. Here’s some of the great stuff we’ve seen over the ☀️ summer and 🍁 fall! ⭐ A policy that ensures valid AWS WAF logging destinations, a policy to prevent cross-service confused deputy issues on S3 buckets, and a rule that detects when EKS resources are accessed using the system:anonymous user, all submitted by Bharat Chandra P. 👏 Thank you! ⭐ An improvement to all alert titles in the Wiz Audit log detections to include the Wiz actor ⭐ Filtering out Intelsat plane wifi networks, which causes a false positive in our impossible travel rule ⭐ A new rule that alerts when a GitHub dependabot vulnerability is dismissed without being resolved. This one was submitted by Elim Ghebregzabiaher—thank you! 👏 ⭐ Correction of an alert title showing the actor instead of the target for a Slack alert ⭐ A well-documented bug report for the Crowdstrike pipeline that helped our Threat Research team quickly fix the issue To our contributors and the Panther community, our sincerest gratitude. 💙 Thank you! 💙 To everyone else, check out our open-source ruleset 👉 panther-analysis: https://lnkd.in/disJ4Cb #SecurityEngineering #DetectionAsCode #DetectionEngineering #OpenSource

This actual email we got today is what customer love looks like. Would you trust your SIEM's support team with wedding planning? You deserve the best 💙

Can a security data pipeline tool like Substation help write better rules for detection? In season two of the Detection at Scale podcast, Josh Liburdi, Staff Security Engineer at Brex, talks about how Substation has helped reduce their reliance on the SIEM, which in turn allows the SIEM to be simpler. This can help cut the cost of the SIEM as well. “By just doing most of our enrichment in the data pipeline where it's cheap,” Josh says, “there's value there.” Check out the full episode here 👉 https://lnkd.in/gHZZPHjZ #DetectionatScale #Cybersecurity #DetectionEngineering #SecurityEngineering Hosted by: Jack Naglieri

📣 Visualizations are in open beta! 📣 Generate graphs to find trends or outliers at a glance, monitor KPIs, and share insights with stakeholders. 📊 What's the secret sauce? #PantherFlow. Visualizations are not a point-and-click feature in Panther. Instead, you build your visualization within your PantherFlow query using the “visualize” operator. 🏗️ This gives you full control over how your data is shaped and presented. Want to rename a field, calculate a new one, or join enrichment data before visualizing? Go for it. With PantherFlow, custom visualizations are easy. 💡 For a deep dive into all things PantherFlow, watch our webinar. Our principal threat researcher will guide you on using PantherFlow to investigate an account compromise, data exfiltration, and privilege escalation threat scenario. 👉 Watch now 👉 https://lnkd.in/g-RZiZC4 #DetectionAsCode #DetectionEngineering #SecurityEngineering

What a night! 🥂 Thank you to everyone who joined us and made our #AWSreinvent happy hour memorable. Vanta, Snowflake, Rootly, and Suger—ya'll are the best! 🙌 😎 Let's do it again next year.

👾 Join us next week at American Banker’s Cyber Threat Summit! 👾 In this half-day virtual event, experts will delve into how advanced technologies, including AI, can help banks enhance security, protect client data, and stay compliant amid an increasingly complex threat landscape. Our staff backend software engineer, Douglas Miller, will be on a panel discussion with Snowflake and Block. 💡They will explore the latest innovations for securing sensitive information against both external and internal threats, as well as best practices to “future-proof” their security data lake and cybersecurity strategy. Don’t miss out! Register for free 👉 https://lnkd.in/g8DdHWb2 #DetectionEngineering #SecurityEngineering #DetectionAsCode #CloudSecurity