Supported Logs

Articles

• Error "http status: 403 Forbidden code: UnknownError" when setting up Microsoft Graph API source in Panther
• How can I capture repo.add_topic events in GitHub Audit Logs with Panther?
• What happens when the connection is lost during the log ingestion of Panther's native log sources?
• Why do I get the error "failed to read line: gzip decompression failed: flate: corrupt input before offset" on my Lacework log source within Panther?
• Does Panther support OIDC authentication to Google Workspace?
• Can Panther give me sample data to use in my account?
• Why am I receiving a 403 forbidden error on my HMAC authenticated CrowdStrike Falcon alerts?
• Does Panther support ingesting Gmail logs?
• Does Panther ingest updates to Azure Monitor files in Blob Storage?
• Does Panther support Cloudflare Zero Trust Logs?
• Why are my GitHub Audit logs showing a latency of 10-15 minutes in Panther?
• How do I resolve "Organization not found" when ingesting GitHub audit logs in Panther?
• How often does Panther pull logs from log sources?
• How can I ingest AWS EKS logs to only one log source in Panther?
• Is SystemLog the only Okta log that Panther pulls for Okta integrations?
• Does Panther support ingesting CrowdStrike EventStream logs?
• After fixing an unhealthy log source, why do I still get an error banner in the Panther Console?
• Does Panther's "Events Over Time by Log Type" graph include events that have been filtered out?
• Does Panther support Nessus Pro self-hosted on the Tenable native integration?
• Does Panther have a native integration for 1Password auditevents logs?
• Why do I see high latency on my MongoDB Atlas log source in Panther?
• Is log ingestion case sensitive in Panther?
• When is Raw Message Delivery required for SNS to SQS data ingestion in Panther?
• If I already ingest logs through the GitHub API into Panther, do I need to apply the GitHub webhook schema?
• How do I resolve error "team_not_authorized" when integrating Slack with Panther?
• Why do I experience delays in parsing Google Workspace events within my Panther Console?
• Are my Salesforce log events batched and sent to Panther at a specific time?
• When trying to onboard a new Okta log source in Panther I get an Okta API permission error
• Why do I see "no bot scopes requested" when onboarding Slack audit logs to Panther?
• Does Panther support native Syslog ingestion?
• How are IP addresses normalized and stored in Panther?
• Does Panther support importing alerts produced by CarbonBlack within Panther as log events?
• When changing the domain name of Salesforce, do I need to change the log source in Panther?
• Why do I see high latency on some of my log types in Panther?
• How do I resolve the error "Field validation failed on the 'required' tag" in Panther?
• Does Panther have out-of-the-box support for ingesting Google Alerts?
• Error 'failed to parse integer: strconv.Atoi parsing ...' when processing AWS S3 Server Access logs in Panther
• Does Panther capture failed login attempts in audit logs?
• Does Panther natively support ingesting CircleCI Audit logs?
• Why is my Tines Audit Log Source still waiting to receive data well after initial creation?
• How do I resolve the CloudTrail error "Source has recently encountered errors while processing logs" in Panther?
• How can I check which Google Workspace application types I’m receiving in Panther?
• Why are certain Heroku logs failing to be parsed in Panther?
• How can I pull events from an external SQS queue in Panther without creating a new Panther queue?
• Is there any way to reduce AWS Cloudtrail latency in Panther?
• Does Zoom's deprecation of the JWT app type affect Panther’s log ingestion?
• Why do I see Cloudflare logs dropping and the alert "Source [CloudFlare-YourLogSource] has not received events for more than 1 hour" in Panther?
• Does Panther export the MongoDB logs or fetch them through API calls?
• How can I exclude logs from my Panther GCP integration?
• Is unfiltered raw data stored when applying Filters in Panther?
• How to resolve "Error while checking Cloud Pub/Sub subscription existence" for my GCP logs in Panther
• Does Panther allow logs to be overwritten or does it append only?
• Does Panther support ingesting mail logs?
• How can I prevent internal traffic logs from AWS VPC Flow from being ingested into Panther?
• What to do when a Panther log source works fine but says "Permission checks for source have failed"
• Zoom integration error in Panther: status 400, no permission, next page token expired
• Does Panther backfill log sources after temporary connection issues?
• Can I exclude the OversizedChangeNotification when ingesting AWS Config logs into Panther?
• How do I update the schemas attached to my log source integration?
• How can I adapt my custom Panther CrowdStrike detections and queries using legacy schemas to work with the Crowdstrike.FDREvent schema?
• Why do I see a “ratelimited” error while onboarding Slack logs to Panther?
• Can I view more details of a log source without having to click the Edit button?
• How do I resolve a “Source encountered errors while processing logs” alert after setting up GitHub log source in Panther?
• What is the difference between Ingest Data, Processed Data (Events), Data Received, and Data Stored in Panther?
• Why does Panther display the CloudTrail username as "HIDDEN_DUE_TO_SECURITY_REASONS"?
• Is it possible to detect if someone has edited the contents of a Google doc using Panther?
• Why are 1Password ItemUsage logs missing in Panther?
• How do I see who created a log source in Panther?
• How often does Panther query the Atlasian API for getting Jira Audit logs?
• Why did my Zendesk log source in Panther stop receiving logs?
• Why does my recently parsed event have an old p_event_time in Panther?
• Does Panther offer native support for Signal Sciences logs?
• How to Fix "Invalid Redirect" for Panther's Zoom Integration
• Why are certain ItemUsage 1Password Events not showing up in Panther?
• Why is Panther not ingesting Microsoft 365 logs despite having no apparent errors?
• How do I ingest IP addresses from GitHub Audit Logs into Panther?
• How often does Panther try to log in to my Salesforce integration if the password is not valid?
• How can I see who edited/deleted a log source in Panther?
• How do I resolve "Source Snyk did not pass configuration check" when onboarding Snyk logs to Panther?
• Azure Activity Audit Logs are not classifying correctly in Panther
• How to resolve schema parsing errors with malformed JSON and truncated EKS log data in Panther
• How can I set up multiple CloudTrail log sources in Panther?
• Why did my Slack logs integration in Panther break when I upgraded my Slack plan?
• How do I split a single log source into multiple tables based on log content in Panther
• Error: "Source Atlassian did not pass configuration check because: Atlassian API error (402) - Payment required" in Panther
• How do I resolve a "401 unauthorized" error when onboarding Atlassian logs to Panther?
• How can I ingest FleetDM logs into Panther?
• Sublime Security Log Classification Errors in Panther
• Can I pause ingestion of a log source in Panther?
• Resolving {"message": "Not Found"} error when authorizing Google Workspace log source in Panther
• Can Panther perform deduplication on incoming log events?
• Error ‘Source Snowflake Prod did not pass configuration check… The requested schema does not exist or not authorized’ when onboarding Snowflake logs in Panther
• How do I get to the Verification step after editing a log source in Panther?
• Which Panther actions does the "GET_DETECTION_ALERT_METRICS" audit action represent?
• How do I resolve the Zendesk log error 403 "You do not have access to this page" in Panther?
• How can I restrict Panther user access to log types?
• What values are required for MongoDB Atlas API keys in Panther?
• Why do I get a "Source Atlassian Audit Logs did not pass configuration check because: Atlassian API error (403) - Non 200 response, failed with message: ...." error when trying to on
• Does Panther support ingesting events from CyberHaven?
• What is the difference between the Panther log types GSuite.Reports and GSuite.ActivityEvent?
• Can I exclude logs or specific fields from ingestion into Panther?
• How do I resolve "Netskope API response error (403) invalid token" when onboarding NetSkope logs to Panther?
• Panther latency ingesting audit logs from Snyk
• Error "event exceeds maximum size: event at offset 1 is larger than xx Bytes" on Panther CloudTrail log source
• Does Panther's Google Workspace integration ingest Chrome logs?
• How do I resolve the error "did not pass configuration check" when onboarding Salesforce logs to Panther?
• Troubleshooting log ingestion issues in Panther
• Is there a way to integrate CloudTrail logs in Panther without using event notifications?
• How to resolve "invalid header" error when trying to ingest AWS VPC flow logs through Cloudwatch in Panther
• How do I add custom schemas to a Panther-managed log source that ingests EKS logs into Panther?
• How do I add new AWS CloudTrail log sources to Panther when the original does not have a prefix?
• The Okta nested field "logOnlySecurityData" is not succesfully parsed in Panther
• Why are my Google Workspace alerts not ingested by Panther?
• Will there be a gap in the logs if permissions fail in a native Panther log source?
• Why do I see classification failures for Github Audit logs when I am using a Panther-provided schema?
• Why is my Raw Event Filter for AWS CloudTrail not working as expected?
• Can Panther ingest Monday.com Audit log API logs?
• Error "OrganizationDomain invalid, failed to satisfy the condition: tinesDomain" when trying to set up a Tines log source in Panther
• Error: 403 access denied from Crowdstrike log source
• I want to ingest a specific field from my log event. Can I do that in Panther?
• Access token authentication error while onboarding Crowdstrike Event Streams log source in Panther
• When a log source is deleted, does Panther capture the source ID in it's audit logs?
• How to resolve error 'Source Netskope… 403 - Forbidden. Legacy Rest API v2 is deprecated' when using Panther's Netskope log source integration
• Can Panther ingest GCP VPC Flow logs?
• Why haven't I received Salesforce Logs in Panther for the past 24 hours?
• Why do I see a "log not CSV" error when trying to test sample data against the AWS.ALB schema in the Panther Console?
• How to Configure Auth0 Log Streaming to Panther with the Correct Authentication
• How to resolve error 'Failed to classify event as 'Amazon.EKS.Audit': 'apiVersion' is a required field but it is missing...' in Panther
• Error 'Source Microsoft365 did not pass configuration check because: error acquiring token: FromClientSecret()' when creating a Microsoft log source in Panther
• Can Panther ingest GCP Security Command Center logs?
• Is the TLS verification parameter necessary for ingesting Fluentd logs into Panther?
• Salesforce is deprecating the SOAP Authentication method. How will Panther address this?
• GCP log source associated with Google Cloud Storage using WIF doesn't ingest new data in Panther
• Google Workspace log source unable to access GSuite API in Panther
• Error "event exceeds maximum size: event at offset 1 is larger than xx Bytes" on Panther AWS Config History log source
• Can I view log source integration API tokens in plaintext in Panther?
• If I delete a log source in Panther, is its data deleted?
• Can Panther be used to ingest and monitor relational database audit logs, including the tracking of newly-added rows to database tables?
• Understanding Slack Plans and Log Types in Panther
• Can I send only events that trigger alerts to Panther?
• Can I integrate with Google BigQuery API to query Gmail logs from Panther?
• Does my log source overview in the Panther Console report raw ingested log volume or uncompressed?
• My Panther Zendesk log source is failing after switching from OAuth2 to API key authentication
• Can Panther filter sensitive fields such as passwords out of incoming logs?
• What inclusion filter should I use in my logging sink to only push Panther-supported GCP logs to Panther?
• How to make separate Snowflake tables for my Panther log sources that use the same Panther-managed log type and schema
• How do I resolve the classification error "error found in # byte of ...|Truncated...]|..." when ingesting AWS EKS CloudWatch logs in Panther?
• Does Panther support Microsoft Teams as a log source?
• Why does my GuardDuty log source in say it cannot access a log file in Panther?
• Why do Panther API requests keeps blocking me from resetting my Salesforce security token?
• Are Microsoft Purview Data Loss Prevention logs supported in Panther?
• GitHub Log Source Permissions Error: "Must have admin rights to Repository", "status":"403"
• Can I get notified in Panther when my log source stops receiving logs from any system attached to that source?
• How can I identify recently deleted log sources in the "Ingestion By Log Source" graph in the Panther Dashboard?
• Why is the percentage of processed data so small in the log source Overview tab in Panther?
• Troubleshooting GCP Logs Not Appearing in Panther
• Why do I see "Slack healthcheck failed - failed response: Slack API error (200) missing_argument" when creating a Slack source in Panther?
• Can I backfill the logs of a new log source into Panther?
• Can I use the field discovery and infer schema features when configuring an AWS CloudWatch Logs source?
• There's a discrepancy between the CrowdStrike logs I expected and those actually ingested in Panther