Notion Logs
Panther supports receiving Notion logs directly via webhook
Last updated
Was this helpful?
Panther supports receiving Notion logs directly via webhook
Last updated
Was this helpful?
Panther ingests Notion audit logs through an HTTP Source, which receives events from a Notion connection. Learn more on Notion's documentation for adding security and compliance integrations.
This integration is only available to customers of Notion's Enterprise plan.
To successfully complete Step 2 below, your Notion user must have the Workspace owner role.
In the left-side navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Search for “Notion,” then click its tile.
In the slide-out panel, the Transport Mechanism dropdown in the upper-right corner will be pre-populated with the HTTP option.
Follow Panther's instructions for configuring an HTTP Source, beginning at Step 5.
The Schemas - Optional field will be pre-populated with the Notion schema(s).
You will be required to use HMAC authentication. This is the only method of authentication Notion supports.
The Header Name associated with your Secret Key Value will be locked with a value of x-notion-signature.
Be sure to securely copy your Secret Key Value, and store it in a safe location, as you will need it in the next step.
Payloads sent to this source are subject to the payload requirements for all HTTP sources.
Do not proceed to the next step until the creation of your HTTP endpoint has completed.
Learn more about this process on Notion's documentation for adding security and compliance integrations.
From the left-side navigation bar of your Notion tenant, click Settings & Members > Connections.
Click the Workspace Connections tab.
Click +Add connection.
From the dropdown options, select Panther.
Click Connect.
See Panther-managed rules for Notion in the panther-analysis GitHub repository.
Notion.AuditLogs provide visibility into changes made to Notion workspaces.
schema: Notion.AuditLogs
description: Notion Audit logs
referenceURL: https://www.notion.so/
fields:
- name: event
required: true
description: The event information
type: object
fields:
- name: id
required: true
description: The event ID
type: string
- name: timestamp
required: true
description: The time at which the event occurred
type: timestamp
timeFormats:
- rfc3339
isEventTime: true
- name: workspace_id
description: The ID of the workspace associated with the event
type: string
- name: actor
required: true
description: Identifying information about the actor involved in the event
type: object
fields:
- name: id
required: true
description: The ID of actor
type: string
indicators:
- actor_id
- name: object
required: true
description: The type of actor object
type: string
- name: type
required: true
description: The type of actor
type: string
- name: person
description: Information on the person involved in the action
type: object
fields:
- name: email
description: The user's email
type: string
indicators:
- email
- name: ip_address
description: The IP address the event originated from
type: string
indicators:
- ip
- name: platform
description: The platform the request originated from
type: string
- name: type
required: true
description: The event type
type: string
- name: details
description: The event details
type: jsonClick Start Setup.
