After creating the HTTP source, the Panther Console will display your HTTP Source URL. Store this value in a secure location, as you will need it in the next steps.
Copy schema: Custom.PushSecurity.Activity
description: Push Security enduser activity
referenceURL: https://pushsecurity.redoc.ly/webhooks-v1#tag/Activity
fieldDiscoveryEnabled: true
fields:
- name: id
required: true
type: string
- name: new
required: true
type: object
fields:
- name: accountId
type: string
- name: appId
type: string
- name: email
type: string
indicators:
- email
- name: employeeId
type: string
- name: identityProvider
type: string
- name: leakedPassword
type: boolean
- name: loginTimestamp
type: timestamp
timeFormats:
- unix
- name: loginType
type: string
- name: loginUrl
type: string
indicators:
- url
- name: passwordId
type: string
- name: passwordManuallyTyped
type: boolean
- name: weakPassword
type: boolean
- name: weakPasswordReasons
type: array
element:
type: string
- name: workApp
type: boolean
- name: appBanner
type: object
fields:
- name: action
type: string
- name: buttonText
type: string
- name: mode
type: string
- name: subtext
type: string
- name: title
type: string
- name: employee
type: object
fields:
- name: chatopsEnabled
type: boolean
- name: creationTimestamp
type: timestamp
timeFormats:
- unix
- name: department
type: string
- name: email
type: string
indicators:
- email
- name: firstName
type: string
- name: id
type: string
- name: lastName
type: string
- name: licensed
type: boolean
- name: location
type: string
- name: appType
type: string
- name: browser
type: string
- name: os
type: string
- name: sourceIpAddress
type: string
indicators:
- ip
- name: userAgent
type: string
- name: object
validate:
allow: [ "LOGIN",
"APP_BANNER"]
required: true
type: string
- name: timestamp
required: true
type: timestamp
isEventTime: true
timeFormats:
- unix
- name: version
required: true
type: bigint
Copy schema: Custom.PushSecurity.AttackDetection
description: Push Security detected attacks
referenceURL: https://pushsecurity.redoc.ly/webhooks-v1#tag/Attack-detection
fields:
- name: id
required: true
type: string
- name: new
required: true
type: object
fields:
- name: action
type: string
- name: appType
type: string
- name: browser
type: string
- name: email
type: string
indicators:
- email
- name: employee
type: object
fields:
- name: chatopsEnabled
type: boolean
- name: creationTimestamp
type: timestamp
timeFormats:
- unix
- name: department
type: string
- name: email
type: string
indicators:
- email
- name: firstName
type: string
- name: id
type: string
- name: lastName
type: string
- name: licensed
type: boolean
- name: location
type: string
- name: mode
type: string
- name: os
type: string
- name: referrerUrl
type: string
indicators:
- url
- name: sourceIpAddress
type: string
indicators:
- ip
- name: url
type: string
indicators:
- url
- name: userAgent
type: string
- name: object
validate:
allow: [ "SSO_PASSWORD_USED"]
required: true
type: string
- name: timestamp
isEventTime: true
required: true
type: timestamp
timeFormats:
- unix
- name: version
required: true
type: bigint
Copy schema: Custom.PushSecurity.Entities
description: Push Security Apps, Employees, Accounts, and Findings
referenceURL: https://pushsecurity.redoc.ly/webhooks-v1#tag/Entities
fieldDiscoveryEnabled: true
fields:
- name: id
required: true
type: string
- name: new
required: true
type: object
fields:
- name: chatopsEnabled
type: boolean
- name: department
type: string
- name: firstName
type: string
- name: lastName
type: string
- name: licensed
type: boolean
- name: location
type: string
- name: mfaMethods
type: array
element:
type: string
- name: mfaRegistered
type: boolean
- name: state
type: string
- name: appId
type: string
- name: appType
type: string
- name: passwordId
type: string
- name: approvalStatus
type: string
- name: notes
type: string
- name: ownerId
type: string
- name: sensitivityLevel
type: string
- name: type
type: string
- name: otherAppId
type: string
- name: lastUsedTimestamp
type: timestamp
timeFormats:
- unix
- name: loginMethods
type: object
fields:
- name: oktaSwaLogin
type: boolean
- name: vendorSsoLogin
type: string
- name: oidcLogin
type: string
- name: passwordLogin
type: boolean
- name: samlLogin
type: string
- name: email
type: string
indicators:
- email
- name: employeeId
type: string
- name: domain
type: string
- name: hidden
type: boolean
- name: name
type: string
- name: oauthAppId
type: bigint
- name: requestSupportStatus
type: string
- name: creationTimestamp
type: timestamp
timeFormats:
- unix
- name: id
type: string
- name: object
required: true
validate:
allow: [ "EMPLOYEE",
"ACCOUNT",
"FINDING",
"APP",
"ACCOUNT_OTHER",
"APP_OTHER"]
type: string
- name: old
required: false
type: object
fields:
- name: chatopsEnabled
type: boolean
- name: department
type: string
- name: firstName
type: string
- name: lastName
type: string
- name: licensed
type: boolean
- name: location
type: string
- name: lastUsedTimestamp
type: timestamp
timeFormats:
- unix
- name: mfaMethods
type: array
element:
type: string
- name: mfaRegistered
type: boolean
- name: state
type: string
- name: appId
type: string
- name: appType
type: string
- name: passwordId
type: string
- name: approvalStatus
type: string
- name: notes
type: string
- name: ownerId
type: string
- name: sensitivityLevel
type: string
- name: type
type: string
- name: otherAppId
type: string
- name: loginMethods
type: object
fields:
- name: oidcLogin
type: string
- name: oktaSwaLogin
type: boolean
- name: samlLogin
type: string
- name: vendorSsoLogin
type: string
- name: passwordLogin
type: boolean
- name: email
type: string
indicators:
- email
- name: employeeId
type: string
- name: domain
type: string
- name: hidden
type: boolean
- name: name
type: string
- name: oauthAppId
type: bigint
- name: requestSupportStatus
type: string
- name: creationTimestamp
type: timestamp
timeFormats:
- unix
- name: id
type: string
- name: timestamp
required: true
type: timestamp
isEventTime: true
timeFormats:
- unix
- name: type
required: true
type: string
- name: version
required: true
type: bigint 
