Incident.io Destination

Overview

Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring incident.io as the destination where you will receive alerts.

How to set up an incident.io alert destination in Panther

Step 1: Create an alert source for Panther in incident.io

• Follow the incident.io Adding Panther as an Alert Source instructions through Step 4.

  • Copy the provided webhook URL and API key values, and store them in a secure location. You will use them in the next step.

Step 2: Configure the incident.io destination in Panther

1. In the left-hand navigation bar of your Panther Console, click Configure > Alert Destinations.

2. Click +Add your first Destination.

   • If you have already created Destinations, click Create New in the upper right side of the page to add a new Destination.

3. Click Incident.io.

4. On the Configure Your Incident.io Destination page, fill out the form:

   • Display Name: Enter a descriptive name, e.g., incident.io alert destination.

   • Webhook URL: Enter the URL you generated in incident.io in Step 1.

   • API Key: Enter the API key you generated in incident.io in Step 1.

   • Severity Levels: Select the severity level of alerts to send to this destination.

   • Default Alert Types: Select the alert types to send to this destination.

   • Log Types: By default, we will send alerts from all log types. Specify log types here if you want to only send alerts from specific log types.

   • Allow Manual Dispatch: Set this toggle ON if you'd like to be able to manually dispatch alerts to this destination.

5. Click Add Destination.

6. Click Send Test Alert to make sure everything works correctly.

   • You should now see a test alert in your incident.io dashboard.

7. Click Finish Setup.

Additional Information on Destinations

For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: Destinations.