Links

Slack Destination (Webhook)

Configuring Slack as an alert destination in your Panther Console

Overview

Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring Slack as the destination where you will receive alerts.

How to set up Slack alert destinations in Panther

Configuring the integration in Slack

  1. 1.
    Log in to your Slack Workspace as an administrator.
  2. 2.
    Navigate to Your Slack Apps, and click Create New App.
    • In the "Create an App" dialog, select the option From Scratch.
    • In the next dialog, enter an App Name and choose your Development Slack Workspace.
      The image shows a popup dialog from Slack named "Create a Slack App." It contains a field for App Name and a dropdown menu labeled "Development Slack Workspace." There is a green "Create app" button at the bottom.
  3. 3.
    Click Create App.
  4. 4.
    On the Basic Information page, click Incoming Webhooks.
  5. 5.
    Next to Activate Incoming Webhooks, switch the toggle to On.
    In Slack, the option "Activate Incoming Webhooks" is enabled.
  6. 6.
    Scroll down and click Add New Webhook to Workspace.
  7. 7.
    Authorize access to your new app and enable it for the appropriate channel.
    The image shows the authorization screen from Slack. It has dropdown menus for "What will Panther Security Monitoring be able to view?" and "Where should Panther Security Monitoring post?" There is a green button at the bottom labeled "Allow".
    • To verify that your integration was configured successfully, check for a message in the connected Slack channel indicating the integration was added.
  8. 8.
    On the next page, a Webhook URL is displayed. Copy the Webhook URL and store it in a secure location, as you will need it in the next steps to configure the Slack destination in Panther.

Configure the Slack alert destination in Panther

  1. 1.
    Log in to the Panther Console.
  2. 2.
    In the left sidebar, click Configure > Alert Destinations.
  3. 3.
    Click +Add your first Destination.
    • If you have already created Destinations, click Create New in the upper right side of the page to add a new Destination.
  4. 4.
    Click Slack.
  5. 5.
    Fill out the form to configure the Destination:
    • Display Name: Enter a descriptive name.
    • Webhook URL: Enter the Webhook URL you generated in the previous section of this documentation.
    • Severity: Select the severity level of alerts to send to this Destination.
    • Alert Types: Select the alert types to send to this Destination.
    • Log Type: By default, we will send alerts from all log types. Specify log types here if you want to only send alerts from specific log types.
      In the Panther Console, the "Configure your Slack Destination" page is displayed. It contains fields for Display Name, Slack Webhook URL, Severity, Alert Types, and Log Types.
  6. 6.
    Click Add Destination.
  7. 7.
    On the final page, optionally click Send Test Alert to test the integration. When you are finished, click Finish Setup.

Additional Information on Destinations

For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: Destinations.