Observo Onboarding Guide
Use Observo to forward logs to Panther
Last updated
Use Observo to forward logs to Panther
Last updated
Observo allows you to ingest logs from various sources, structure, optimize, and enrich them, then forward them to Panther using an HTTP Source or S3 Source.
Observo can help you send your on-premises data to Panther. It has both cloud and self-hosted solutions, supporting a wide range of sources including S3, Kafka, Fluent, Logstash, HTTP, socket, and various GCP and Azure services.
Within your environment in your VPC, you have deployed an Observo Site. An Observo Site is the data plane which communicates with the control plane (Observo Cloud).
In your Observo console, click Sources, then Add a new Source.
Click Next to continue configuring the source, then click Save.
To ingest Observo logs, create either a S3 Source or HTTP Source. Follow one of the instructions sets below:
Panther's instructions for configuring an HTTP Source.
For the authentication method, use a bearer token. Copy the token value and store it in a secure location, as you will need it in the following steps.
Data sent to this source is subject to the HTTP Source payload requirements.
Set up a destination in Observo to send logs to whichever type of data transport source you configured in Step 2:
To create a S3 destination in Observo:
In your Observo console, click Destinations, then Add a new Destination.
Fill in the Add Destination form:
Destination Type: Select AWS S3.
Name: Enter a descriptive name.
Bucket: Enter the name of your S3 bucket.
Encoding Codec: Select JSON.
Region: Enter the AWS region your bucket is in.
Click Save.
In Observo, a pipeline connects a data source to a destination. You can optionally add transforms to your pipeline. Transforms can be used to structure, enrich, filter, mask, and redact personal information from your data.
In your Observo console, click Pipelines, then Add a new Pipeline.
Configure the pipeline:
For the source, select the source you created in Step 1.
For the destination, select the destination you created in Step 3.
(Optional) Add any desired transforms.
Complete the Add Source form.
After the HTTP Source has finished completing, copy its URL and store it in a secure location, as you will need it in the following steps.
Auth Token: Enter the bearer token you used in Step 2.
Click Save pipeline, then Deploy.