Amazon SQS Destination

Configuring Amazon SQS as an alert destination in your Panther Console

Overview

Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring Amazon Simple Queue Service (SQS) as the destination where you will receive alerts.

How to set up Amazon SQS alertdestinations in Panther

SQS Queue setup

First, you need to create an SQS queue and grant Panther permission to send to it:

Navigate to the AWS SQS Console and click Create New Queue to create a new queue. In the Name field, enter a name of the new queue.
In the "Access Policy" section of your new queue's Basic setup options, under "Define who can send messages to the queue," select Only the specified AWS Accounts, IAM users and roles.
In the field below "Only the specified AWS Accounts, IAM users and roles," enter the AWS Account ID from your Panther Console.
- To find your AWS account ID, go to Settings > General in the Panther Console. It is located in the footer.
Click Save at the bottom of the SQS Create Queue page to save your new queue.

Setting up the Destination in Panther

Next, add your SQS Queue destination to Panther.

Log in to your Panther Console and navigate to Configure > Alert Destinations.
Click +Add your first Destination.
- If you have already created Destinations, click + in the upper right side of the page to add a new Destination.
Click Amazon SQS from the list of options.
Fill in the form to configure the SQS destination:
- Display Name: Enter a descriptive name.
- Queue URL: Enter your SQS Queue URL. This can be found in the "Details" tab in your AWS SQS console.
- Severity: Select the severity level of alerts to send to this Destination.
- Alert Types: Select the alert types to send to this Destination.
- Log Type: By default, we will send alerts from all log types. Specify log types here if you want to only send alerts from specific log types.
Click Add Destination.
Click Finish Setup to complete your setup, or click Send Test Alert to test your setup.

Additional Information on Destinations

For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: Destinations.

PreviousAmazon SNS Destination NextAsana Destination

Last updated 7 months ago

How to set up Amazon SQS alertdestinations in Panther

SQS Queue setup

First, you need to create an SQS queue and grant Panther permission to send to it:

Navigate to the AWS SQS Console and click Create New Queue to create a new queue. In the Name field, enter a name of the new queue.

In the "Access Policy" section of your new queue's Basic setup options, under "Define who can send messages to the queue," select Only the specified AWS Accounts, IAM users and roles.

In the field below "Only the specified AWS Accounts, IAM users and roles," enter the AWS Account ID from your Panther Console.

To find your AWS account ID, go to Settings > General in the Panther Console. It is located in the footer.

Click Save at the bottom of the SQS Create Queue page to save your new queue.

Setting up the Destination in Panther

Next, add your SQS Queue destination to Panther.

Click +Add your first Destination.

If you have already created Destinations, click + in the upper right side of the page to add a new Destination.

Click Amazon SQS from the list of options.

Fill in the form to configure the SQS destination:

Display Name: Enter a descriptive name.
Queue URL: Enter your SQS Queue URL. This can be found in the "Details" tab in your AWS SQS console.
Severity: Select the severity level of alerts to send to this Destination.
Alert Types: Select the alert types to send to this Destination.
Log Type: By default, we will send alerts from all log types. Specify log types here if you want to only send alerts from specific log types.

Click Add Destination.

Click Finish Setup to complete your setup, or click Send Test Alert to test your setup.