Axonius Logs (Beta)

Overview

Panther ingests Axonius activity logs by configuring Axonius to send logs to an HTTP endpoint in Panther.

Axonius is a cybersecurity asset management platform that provides visibility and control over devices, users, and software in your environment.

How to onboard Axonius logs to Panther

Step 1: Create a new Axonius source in Panther

1. In the left-side navigation bar of your Panther Console, click Configure > Log Sources.

2. Click Create New.

3. Search for "Axonius", then click its tile.

4. In the slide-out panel, click Start Setup.

   
5. Follow Panther's instructions for configuring an HTTP Source, beginning at Step 5.

   • When setting the Auth method for the source, you'll choose between shared secret, bearer, and basic. It's recommended to use shared secret.

     • If you select SharedSecret, the Header Name will be locked with a value of x-panther-axonius.

   • Payloads sent to this source are subject to the payload requirements for all HTTP sources.

   • Do not proceed to the next step until the creation of your HTTP endpoint has completed.

Step 2: Create an HTTPS webhook in Axonius

• Create an HTTPS webhook in Axonius by following the instructions on the Axonius Configuring HTTPS Log Settings documentation.

  • In the HTTPS logs host field, enter the URL you generated in Step 1.

  • Configure the authentication based on the method you used in Step 1:

    • If you used shared secret authentication, in the Custom request headers (JSON format), enter {"x-panther-axonius": "[your-shared-secret-token]"}.

    • If you used bearer authentication, in the Authorization header field, enter Bearer <your-bearer-token>.

    • If you used basic authentication, in the Authorization header field, enter Basic <your-basic-token>.

Supported log types

Axonius.Activity