Observo Onboarding Guide
Use Observo to forward logs to Panther
Last updated
Was this helpful?
Use Observo to forward logs to Panther
Last updated
Was this helpful?
allows you to ingest logs from various sources, structure, optimize, and enrich them, then forward them to Panther using an or .
Observo can help you send your on-premises data to Panther. It has both cloud and self-hosted solutions, supporting a wide range of sources including S3, Kafka, Fluent, Logstash, HTTP, socket, and various GCP and Azure services.
Within your environment in your VPC, you have deployed an Observo Site. An Observo Site is the data plane which communicates with the control plane (Observo Cloud).
Click Next to continue configuring the source, then click Save.
To ingest Observo logs, create either a S3 Source or HTTP Source. Follow one of the instructions sets below:
Set up a destination in Observo to send logs to whichever type of data transport source you configured in Step 2:
To create a S3 destination in Observo:
Fill in the Add Destination form:
Destination Type: Select AWS S3.
Name: Enter a descriptive name.
Bucket: Enter the name of your S3 bucket.
Encoding Codec: Select JSON.
Click Save.
In Observo, a pipeline connects a data source to a destination. You can optionally add transforms to your pipeline. Transforms can be used to structure, enrich, filter, mask, and redact personal information from your data.
Configure the pipeline:
For the source, select the source you created in Step 1.
For the destination, select the destination you created in Step 3.
(Optional) Add any desired transforms.
In your , click Sources, then Add a new Source.
Complete the Add Source form.
.
.
For the authentication method, use a . Copy the token value and store it in a secure location, as you will need it in the following steps.
Data sent to this source is subject to the .
After the HTTP Source has finished completing, copy its URL and store it in a secure location, as you will need it in the following steps.
In your , click Destinations, then Add a new Destination.
Region: Enter the AWS region your bucket is in.
In your , click Destinations, then Add a new Destination.
Auth Token: Enter the bearer token you used in Step 2.
In your , click Pipelines, then Add a new Pipeline.
Click Save pipeline, then Deploy.