Panther uses Python for real-time log analysis and SQL for analytics over the stored/normalized data.

FYI Panther can also integrate to Snowflake as the data backend

Nope, that's available in OSS!

Alerts can deliver to SNS/SQS, which can invoke a Lambda function running your custom script:

- https://docs.runpanther.io/setup/sqs

- https://docs.runpanther.io/setup/sns

Yes, I was the original core dev of StreamAlert during my time at Airbnb.

I'd say the biggest differences are that Panther:

- Has a UI-driven workflow (vs CLI)

- Has an improved design to be more scalable and cost-effective

- Is written almost entirely in Golang

- Made a larger investment in the Athena side, allowing data pivoting and correlation across types

- Has first-class support for monitoring infrastructure as "resources", opening up more compliance use cases

We applied a lot of lessons learned from running StreamAlert and from my team's experiences at Amazon.

Thank you!

Thanks! What type of integrations? On the input or output side?

Thank you!! It definitely is the future.

For those who had a pre-release of Panther deployed, check out our release notes: https://github.com/panther-labs/panther/releases/tag/v1.0.0

We are also available on Slack to help out!

Hey! Thank you :)

Thank you! Our goal with Panther is to allow security engineers to customize and scale it to fit their needs.

Thank you! I'd say the biggest difference is that Panther uses Python3 for detections and SQL/Presto for searching the data. This gives analysts/engineers more freedom and flexibility to find what they're looking for.

We also utilize open source or cloud-native transport mechanisms like fluentd/s3/etc, verses rolling our own.