Skip to main content
Panther Knowledge Base

How to add an unsupported log source to Panther and request for new log sources

  1. Last updated
  2. Save as PDF

QUESTION

How do I set up a log source for a type of log that is not natively supported by Panther? Is it possible to request new log types that I'd like to see in Panther?

ANSWER

  1. If the logs from this log source can be securely sent to one of our supported data transports, send them there and set up a custom log source.
  2. If a sample of the new log type can be accessed manually, save the sample and use pantherlog to infer a new schema. Then, set up a custom log type with this new schema.
  3. If neither of the options above fully work, one way to workaround those issues is to temporarily choose an incorrect log type for the log source and trigger a classification failure. This way, a log sample will become available in Panther in the alert for the classification failure, and then you can proceed with option #2 above.
  4. If none of the options above fit your use case, reach out to our support team for assistance, or to submit a request for support of a new log type.