Amazon SNS Destination
Configuring Amazon SNS as an alert destination in your Panther Console
Last updated
Was this helpful?
Configuring Amazon SNS as an alert destination in your Panther Console
Last updated
Was this helpful?
Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring as the destination where you will receive alerts.
The SNS Destination requires a Topic ARN. When an alert is forwarded to an SNS Destination, it publishes a JSON string to that topic.
In the AWS , create a new Topic or navigate to the topic you wish to add as a destination. We will be editing its permissions so Panther can publish messages to it:
After selecting the SNS topic, click Edit then scroll down and expand the "Access policy" section:
After expanding the "Access policy" section, add the following statement to the Statement block. Be sure to replace the Principal field with the AWS account ID where Panther is deployed and the Resource field with the ARN of your own SNS Topic and the ID of the AWS account it resides in.
To find your Panther AWS account ID, go to Settings > General in the Panther Console. It is located in the footer:
Log in to the Panther Console and navigate to Configure > Alert Destinations.
Click +Add your first Destination.
If you have already created Destinations, click Create New in the upper right side of the page to add a new Destination.
Click AWS SNS in the list of options.
Fill out the form to configure the Destination:
Display Name: Enter a descriptive name.
Severity: Select the severity level of alerts to send to this Destination.
Alert Types: Select the alert types to send to this Destination.
Click Add Destination.
On the next screen, click Finish Setup to complete your setup, or click Send Test Alert to test your setup.
Your SNS Topic will now be able to receive Panther alerts. If your goal is to set up email notifications with this topic, continue below.
Select Email in the protocol dropdown menu and enter the email address you would like to receive alerts to.
Click Create subscription
Confirm the subscription sent to your email before receiving alerts from this topic.\
Topic ARN: Enter the value of the Topic ARN from the SNS section.
Log Type: By default, we will send alerts from all log types. Specify log types here if you want to only send alerts from specific log types.
In the AWS SNS console, click Create Subscription on the topic you just created. The topic ARN should match the topic you created.
For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: .
