This reviewer's identity has been verified by our review moderation team. They have asked not to show their name, job title, or picture.
What stands out the most is how fast and flexible Panther is compared to traditional SIEMs. The detection-as-code approach has completely changed how we build and maintain rules—it’s version-controlled, testable, and easy to adapt as our environment changes. Onboarding cloud logs was surprisingly smooth, and the out-of-the-box normalization saved us a ton of setup time. The platform just feels built for modern security teams that need speed without sacrificing accuracy, and the support team has been phenomenal at helping us with all our questions. Review collected by and hosted on G2.com.
Right now, there isn’t a native way to bring in your own third-party enrichment, and incoming logs can only be enriched if a detection fires that matches its logic, which then applies the enrichment to that triggering event. That said, Panther has “Bring Your Own Enrichment” on their roadmap, and once that’s released, this small gap pretty much disappears. Review collected by and hosted on G2.com.
The reviewer uploaded a screenshot or submitted the review in-app verifying them as current user.
Validated through LinkedIn
Organic review. This review was written entirely without invitation or incentive from G2, a seller, or an affiliate.
