QUESTION

 I have a new log source for an organization I need to monitor. Would it be possible to backfill the logs into Panther for the last XX days?

ANSWER

Yes, it is possible to backfill logs into Panther, there are two ways to backfill logs:

Please note that there may be limitations on the time range depending on the log source. For example, the GitHub puller can backfill data up to a specific amount of time.

Also, please note that the data must be stored in such a way that they're accessible to s3sns in order for the tool to succeed. For example, items stored in AWS's Glacier Flexible Retrieval cannot be backfilled. To backfill these items, you must restore a temporary copy of the item to its S3 bucket for a specified duration. When you do this in an S3 bucket that is setup for ingestion into Panther, Panther will ingest these items automatically, without need for s3sns.