Panther provides security operations software for cloud-first environments, combining an AI SOC layer with security monitoring, code-driven detections, and a centralized security data architecture. Its platform is designed to help teams detect, investigate, and respond to threats at cloud scale while keeping data, detection logic, and investigation context connected in a closed-loop workflow.
Panther emphasizes flexible, modern architecture over legacy SIEM lock-in. The platform ingests and normalizes high-volume telemetry, supports long-term retention and analysis in Snowflake or Databricks, and gives customers a choice between Panther-managed SaaS and customer-owned cloud deployments through Cloud Connected hosting.
Offerings, Capabilities, and Integrations
Panther supports ingestion from cloud, SaaS, endpoint, and custom data sources, then normalizes, enriches, filters, and structures that data for downstream security operations. Teams can run detections in real time or on a schedule, investigate in a unified search experience, analyze results with SQL or PantherFlow, and share findings through dashboards and recurring searches.
Panther also extends across core SOC workflows with AI-assisted triage, investigation, detection creation, and threat hunting. Its integrations support common response and workflow tools such as Slack, Microsoft Teams, Jira, PagerDuty, GitHub, Splunk, SNS, SQS, Tines, and custom webhooks, allowing alerts and actions to flow into existing operating processes.
Products and Services
- Panther AI: AI-driven triage, investigation, detection engineering, and response workflows with natural-language analysis, scheduled analysis, and human approval for write actions.
- Detection & Alerting: Code-driven detections in Python, SQL, or YAML, with pre-built coverage, MITRE ATT&CK mapping, enrichment, alert routing, and real-time or scheduled analysis.
- Security Data Lake: A scalable security data lake that centralizes logs and signals, reduces lock-in, and supports long-term retention with Snowflake or Databricks backends.
- Search & Analytics: Unified search across normalized data, advanced analysis with SQL or PantherFlow, instant visualizations, and customizable dashboards for investigations and reporting.
- Ingestion: Ingestion for cloud, SaaS, endpoint, and custom telemetry with native connectors, HTTP ingestion, schema inference, custom parsers, normalization, filtering, and transformations.
- Flexible Hosting: Deployment options that let customers run Panther as fully managed SaaS or in a customer-owned AWS environment through Cloud Connected hosting.
- PantherFlow: Panther’s pipelined query language for multi-source search, filtering, transformations, aggregations, and visual analysis in Search.
- Cloud Security Scanning: Policy-as-code scanning for AWS resource misconfigurations, with baseline and daily scans plus optional real-time monitoring.
- Correlation Rules: A correlation capability for modeling multi-step attack behavior across signals and log types to generate higher-fidelity alerts.
Target Customers
Panther targets security operations, detection engineering, and cloud security teams in cloud-first organizations that need scalable monitoring across AWS, SaaS, endpoint, and custom telemetry. It is especially relevant for teams that prefer engineering-style workflows, want detections-as-code, and need broad data visibility without legacy SIEM retention or cost constraints.
The platform fits both lean teams that need automation and AI to reduce triage load and larger organizations that require data control, flexible hosting, and compliance-aware deployment options. Panther’s customer stories also show strong alignment with software, digital services, and other cloud-heavy businesses managing modern production environments.
Cloud Integrations and Marketplace
- AWS Marketplace: Panther has a verified AWS Marketplace listing for Panther – Cloud Connected.
- AWS: Panther supports AWS-centric deployments and integrations, including Cloud Connected hosting in customer-owned AWS accounts, AWS CloudTrail, GuardDuty, S3, CloudWatch, EKS, and AWS Security Hub.
- Microsoft Azure: Panther supports Azure log monitoring and can ingest data through Azure Blob Storage.
- Google Cloud: Panther supports GCP log monitoring and can ingest data through Google Cloud Storage.
- Snowflake: Panther supports Snowflake as a data lake backend in both SaaS and Cloud Connected deployments.
- Databricks: Panther supports Databricks as a data lake backend so customers can run detections, hunting, and investigations directly on their Databricks environment.
Key People
- Jack Naglieri: Founder & CEO
- John McCarthy: Chief Revenue Officer
- Julian Guica: Chief Product Officer
- Shannon King: CMO
- Mike Baker: VP Threat Research
Key Facts
- Headquarters: San Francisco, California, United States
- Employees: 51-200 employees
- Annual Revenue: Undisclosed
- Parent Company: None
- Subsidiaries: None
- Publicly Listed: No (privately held)
