Does Panther support asciinema logs?

Last updated
Save as PDF

QUESTION

ANSWER

Panther does not natively support ingesting asciinema logs. As a workaround, you can use a custom log source with the following regex event exclusion filter:^\s*{

This would exclude the first header line and leave behind each event as a JSON Array, similar to the following:

[0.248848, "o", "\u001b[1;31mHello \u001b[32mWorld!\u001b[0m\n"]

Then you can create a custom schema for each of those events to successfully ingest and write detections against.