Amazon SQS Destination
Configuring Amazon SQS as an alert destination in your Panther Console
Overview
Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring Amazon Simple Queue Service (SQS) as the destination where you will receive alerts.
How to set up Amazon SQS alertdestinations in Panther
SQS Queue setup
First, you need to create an SQS queue and grant Panther permission to send to it:
Navigate to the AWS SQS Console and click Create New Queue to create a new queue. In the Name field, enter a name of the new queue.
In the field below "Only the specified AWS Accounts, IAM users and roles," enter the AWS Account ID from your Panther Console.
Click Save at the bottom of the SQS Create Queue page to save your new queue.
Setting up the Destination in Panther
Next, add your SQS Queue destination to Panther.
Log in to your Panther Console and navigate to Configure > Alert Destinations.
Click +Add your first Destination.
If you have already created Destinations, click + in the upper right side of the page to add a new Destination.
Click Amazon SQS from the list of options.
Fill in the form to configure the SQS destination:
Display Name: Enter a descriptive name.
Queue URL: Enter your SQS Queue URL. This can be found in the "Details" tab in your AWS SQS console.
Severity: Select the severity level of alerts to send to this Destination.
Alert Types: Select the alert types to send to this Destination.
Log Type: By default, we will send alerts from all log types. Specify log types here if you want to only send alerts from specific log types.
Click Add Destination.
Click Finish Setup to complete your setup, or click Send Test Alert to test your setup.
Additional Information on Destinations
For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: Destinations.
Last updated