AWS CloudWatch
Connecting AWS CloudWatch logs to your Panther Console
Overview
Panther supports ingesting Amazon Web Services (AWS) CloudWatch Events via common Data Transport options: AWS S3, AWS SQS, or via a direct CloudWatch integration.
Panther also supports ingesting logs stored in CloudWatch. For more information, see the documentation on using CloudWatch Logs as a Data Transport.
How to onboard AWS CloudWatch events to Panther
To pull CloudWatch logs into Panther, you will need to set up an S3 bucket or SQS queue in the Panther Console to stream data from your AWS account.
In the lefthand navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Search "AWS" to see the list of available log sources.
Select AWS CloudWatch Events.
Select a transport method for your source to begin setup, and follow the respective Panther documentation below:
Panther-built detections
See Panther's prewritten AWS rules in the panther-analysis Github repository.
Supported AWS CloudWatch logs
AWS.CloudWatchEvents
CloudWatch Events describe changes in AWS resources. For more information, see AWS's documentation on CloudWatch Events patterns.
Last updated
Was this helpful?