Support

Company

Request a demo

Support

Company

Request a demo

pen

Blog

Triage Alerts Faster with Alert Summaries

Sugandha

Lahoti

Oct 29, 2020

3 min read

linkedin

x-twitter

facebook

Quickly understand the context of an alert with a summary of matched data across events.

What

Alert Summaries are now available in Panther Enterprise! This feature is designed to speed up alert triage by proactively answering questions such as, “which unique IPs caused this suspicious behavior”?

Summaries help analysts quickly understand attacker patterns, correlate IOCs, and kickstart investigations.

To help reduce alert fatigue, Panther enables teams to group many events into one alert over a window of time (generally, 1 hour). By providing a proactive summary of these events, which could be in the hundreds, Alert Summaries help you quickly understand the context and severity of an alert.

Alert Summaries

Alert Summaries display common values across all events

When creating a rule in Panther, you can declare which top-level attribute(s) are summarized in the associated alerts. These attributes can be adjusted as needed, and your Alert Summary table will update dynamically to show you the top five matches for the specific attribute(s) across events.

For example, say you have a rule to find “Sneaky” traffic hitting your load balancer. You can set your Summary Attributes to use the Panther standard field, p_any_ip_addresses, and the log-specific field, userAgent, and in your Alert Summary, you’ll see the top five values for each of those fields across all of your events (as shown above).

Specify Summary Attributes for each rule

Specify Summary Attributes for each rule

Why

Swift analysis is critical for remediating threats before they escalate. Evaluating dozens or hundreds of events to correlate indicators is slow and inefficient. With Alert Summaries, you can quickly filter event data to achieve actionable insights that help you and your team determine how to respond to alerts.

How does this impact you

With Panther’s Alert Summaries, you can:

  • Speed up alert triage

  • Quickly identify suspicious indicators that require further investigation

  • Understand the nature of an alert in a single glance

TL;DR

Analyze alerts faster with dynamic summaries of data found throughout many alert-generating events.

Get Started

  • If you’re an existing Panther Enterprise customer, read the docs to learn how to use Alert Summaries.

  • If you’d like to learn more about Panther Enterprise, request a demo.

TABLE OF CONTENTS

Recommended Resources

Detection-as-Code

Escape Cloud Noise. Detect Security Signal.

Request a Demo

Escape Cloud Noise. Detect Security Signal.

Request a Demo

Escape Cloud Noise. Detect Security Signal.

Request a Demo

Escape Cloud Noise. Detect Security Signal.

Request a Demo

Product

Product Overview

Solutions

Integrations

Pricing

Detection Coverage

Resources

Case Studies

Blog

Podcasts

Webinars

Solution Briefs

Events

Workshops

Support

Documentation

Knowledge Base

Release Notes

Status

Community

Company

About Us

Careers

Partners

News

Trust

linkedin

x-twitter

youtube

mastodon

© 2024 Panther Labs

|

Terms of Service

|

Privacy Policy

|

Sitemap

linkedin

x-twitter

youtube

mastodon

© 2024 Panther Labs

|

Terms of Service

Privacy Policy

|

Sitemap

Product
Resources
Support
Company
Product

Product Overview

Solutions

Integrations

Pricing

Detection Coverage

Resources

Case Studies

Blog

Podcasts

Webinars

Solution Briefs

Events

Workshops

Support

Documentation

Knowledge Base

Release Notes

Status

Community

Company

About Us

Careers

Partners

News

Trust

linkedin

x-twitter

youtube

mastodon

© 2024 Panther Labs

|

Terms of Service

|

Privacy Policy

|

Sitemap