AppOmni Logs

Overview

Panther supports ingesting AppOmni logs via common Data Transport options: HTTP webhook and AWS S3.

AppOmni continuously monitors and normalizes hundreds of event types across critical SaaS applications, including Salesforce, Box, ServiceNow, Workday, Office365, and Zoom. By ingesting these log into Panther, you can access Panther's alerting capabilities.

How to onboard AppOmni logs to Panther

Step 1: Create a new AppOmni source in Panther

1. In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.

2. Click Create New.

3. Search for "AppOmni," then click its tile.

4. In the Transport Mechanism drop-down, select the data transport method you wish to use for this integration, then follow Panther's instructions for configuring the method:

   • HTTP

   • AWS S3 bucket\

     
5. Click Start Setup.

6. Follow the Panther instructions for configuring the data transport method you chose:

   • Panther's instructions for configuring an HTTP Source

     • For the authentication method, choose Shared secret or Bearer.

     • Payloads sent to this source are subject to the payload requirements for all HTTP sources.

     • Do not proceed to the next step until the creation of your HTTP endpoint has completed.

   • Panther's instructions for configuring a S3 bucket

Step 2: Configure AppOmni to forward logs

• Configure AppOmni to push logs to the Data Transport source.

  • See AppOmni's documentation for instructions on pushing logs to your selected Data Transport source.

Panther-managed detections

See Panther-managed rules for AppOmni in the panther-analysis GitHub repository.

Supported log types

AppOmni.Alerts

AppOmni.Events

AppOmni.Policy