Slack Destination (Webhook)

Configuring Slack as an alert destination in your Panther Console

Overview

Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring Slack as the destination where you will receive alerts.

How to set up Slack alert destinations in Panther

Step 1: Configure a new app in Slack

In a web browser, log in to your Slack Workspace as an administrator.
Navigate to the Your Apps page.
In the upper-right corner, click Create New App.
In the Create an app pop-up modal, select From scratch.
In the Name app & choose workspace form, fill in the fields:
- App Name: Provide the app a descriptive name, like Panther App.
- Pick a workspace to develop your app in: Select the workspace to which you would like Panther alerts delivered.
Click Create App.
From the Basic Information page you are directed to, in the left-hand navigation bar, select Incoming Webhooks.
Set the Activate Incoming Webhooks toggle to On.
- In the Webhook URLs for Your Workspace section that appears, click Add New Webhook to Workspace.
In the Where should <Panther App> post? field, select the channel you would like Panther alerts to post to, then click Allow.
On the Incoming Webhooks page, under Webhook URLs for Your Workspace, copy the Webhook URL you just created. You will need it in the next step to configure the Slack destination in Panther.

Step 2: Configure the Slack alert destination in Panther

Log in to the Panther Console.
In the left sidebar, click Configure > Alert Destinations.
Click +Add your first Destination.
- If you have already created Destinations, click Create New in the upper right side of the page to add a new Destination.
Click Slack.
Fill out the form to configure the Destination:
- Display Name: Enter a descriptive name.
- Webhook URL: Enter the Webhook URL you generated in the previous section of this documentation.
- Severity Levels: Select the severity level of alerts to send to this Destination.
- Default Alert Types: Select the alert types to send to this Destination.
Click Add Destination.
On the final page, optionally click Send Test Alert to test the integration. When you are finished, click Finish Setup.

Additional Information on Destinations

For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: Destinations.

PreviousSlack Bot Destination NextSplunk Destination (Beta)

Last updated 2 months ago

Was this helpful?

How to set up Slack alert destinations in Panther

Step 1: Configure a new app in Slack

In a web browser, log in to your Slack Workspace as an administrator.

Navigate to the Your Apps page.

In the upper-right corner, click Create New App.

In the Create an app pop-up modal, select From scratch.

In the Name app & choose workspace form, fill in the fields:

App Name: Provide the app a descriptive name, like Panther App.
Pick a workspace to develop your app in: Select the workspace to which you would like Panther alerts delivered.

Click Create App.

From the Basic Information page you are directed to, in the left-hand navigation bar, select Incoming Webhooks.

Set the Activate Incoming Webhooks toggle to On.

In the Webhook URLs for Your Workspace section that appears, click Add New Webhook to Workspace.

In the Where should <Panther App> post? field, select the channel you would like Panther alerts to post to, then click Allow.

On the Incoming Webhooks page, under Webhook URLs for Your Workspace, copy the Webhook URL you just created. You will need it in the next step to configure the Slack destination in Panther.

Step 2: Configure the Slack alert destination in Panther

In the left sidebar, click Configure > Alert Destinations.

Click +Add your first Destination.

If you have already created Destinations, click Create New in the upper right side of the page to add a new Destination.

Click Slack.

Fill out the form to configure the Destination:

Display Name: Enter a descriptive name.
Webhook URL: Enter the Webhook URL you generated in the previous section of this documentation.
Severity Levels: Select the severity level of alerts to send to this Destination.
Default Alert Types: Select the alert types to send to this Destination.
Log Types: By default, we will send alerts from all log types. Specify log types here if you want to only send alerts from specific log types.

Click Add Destination.

On the final page, optionally click Send Test Alert to test the integration. When you are finished, click Finish Setup.