Cyber Tool Stack
All tools

Panther

By Panther Labs

A detection-as-code SIEM where detections are written in Python, versioned in git, and tested in CI like any other software, running on a security data lake architecture that separates storage from compute to keep high-volume retention affordable. Databricks announced an agreement to acquire Panther Labs in June 2026.

Verified Source: 1

Product type
Software
Deployment
SaaS
Organization size
Mid-marketEnterprise
Pricing tier
$$

Capability checklist

SIEM

How Panther measures up against the full Security Information & Event Management taxonomy.

Broad log ingestion — supported
Collects and normalizes logs from network, endpoint, cloud, and SaaS sources.
Correlation & detection rules — supported
Turns raw events into alerts via built-in and custom detection logic.
Fast historical search — supported
Query months of data quickly during investigations.
Behavior analytics (UEBA) — not supported
Baselines user and entity behavior to flag anomalies.
Dashboards & reporting — supported
Compliance and operational reporting out of the box.
Detection-as-code — supported
Manage detection rules in version control with CI.

Alternatives

Other Security Information & Event Management tools with overlapping capabilities, sized for similar teams.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.