QUESTION

How can I ingest Parquet files, which are stored in an S3 bucket, into Panther?

ANSWER

If the Parquet files stored in your S3 bucket are in snappy or gzip compression formats, you can ingest them as custom logs:

  1. In the Panther Console, go to Configure > Log Sources, then click Create New.

  2. Click Custom Log Formats > AWS S3 Bucket. 

    • There isn't a "Parquet" tile displayed, but you can still proceed via the AWS S3 Bucket option and will ingest the Parquet files without any issues.

  3. Follow the prompts to configure your log source.