Observo Onboarding Guide

Overview

allows you to ingest logs from various sources, structure, optimize, and enrich them, then forward them to Panther using an or .

Observo can help you send your on-premises data to Panther. It has both cloud and self-hosted solutions, supporting a wide range of sources including S3, Kafka, Fluent, Logstash, HTTP, socket, and various GCP and Azure services.

How to forward logs to Panther using Observo

Prerequisite

• Within your environment in your VPC, you have deployed an Observo Site. An Observo Site is the data plane which communicates with the control plane (Observo Cloud).

Step 1: Configure a source in Observo

3. Click Next to continue configuring the source, then click Save.

Step 2: Create a Data Transport source in Panther

To ingest Observo logs, create either a S3 Source or HTTP Source. Follow one of the instructions sets below:

Step 3: Create a destination for Panther in Observo

Set up a destination in Observo to send logs to whichever type of data transport source you configured in Step 2:

Step 4: Create a pipeline in Observo

In Observo, a pipeline connects a data source to a destination. You can optionally add transforms to your pipeline. Transforms can be used to structure, enrich, filter, mask, and redact personal information from your data.

2. Configure the pipeline:

   • For the source, select the source you created in Step 1.

   • For the destination, select the destination you created in Step 3.

   • (Optional) Add any desired transforms.