panther

Queries Panther SIEM data lake via GraphQL API. Use when the user wants to query Panther logs, run SQL against the data lake, search for indicators of compromise, explore databases/tables/columns, poll for query results, list past queries, build GraphQL scripts, or manage Panther alerts. Triggers on: "query Panther", "Panther data lake", "Panther GraphQL", "search Panther logs", "indicator search in Panther", "executeDataLakeQuery", "executeIndicatorSearchQuery", "panther_logs", "Panther alerts", "list alerts", "alert status", "triage alert", "resolve alert", "assign alert", "mark alert as resolved", "update alert", "comment on alert", or any request to pull log data, hunt threats, or manage security alerts via the Panther API. Also triggers on "search my logs", "find this IP in Panther", "show me my alerts", or "close these alerts".