Push Security Logs

Overview

Panther ingests Push Security logs by configuring a webhook to post events to a Panther HTTP source.

How to onboard Push Security logs to Panther

Step 1: Create a Push Security source in Panther

1. In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.

2. Click Create New.

3. Search for “Push Security,” then click its tile.

   • In the slide-out panel, the Transport Mechanism dropdown in the upper-right corner will be pre-populated with the HTTP option.

4. Click Start Setup.

   
5. Follow Panther's instructions for configuring an HTTP Source.

   • For the Auth method, select HMAC.

     • In the Header Name field, enter x-signature.

   • Payloads sent to this source are subject to the payload requirements for all HTTP sources.

   • Do not proceed to the next step until the creation of your HTTP endpoint has completed.

After creating the HTTP source, the Panther Console will display your HTTP Source URL—store this and the Secret Key Value in a secure location, as you will need them in the next step.

Step 2: Create a new webhook in Push Security

• In the Push Security Ingesting events using Panther documentation, follow the Configure the integration in Push instructions to set up a Panther webhook integration.

Panther-managed detections

See Panther-managed rules for Push Security in the panther-analysis GitHub repository.

Supported log types

PushSecurity.Activity

PushSecurity.Controls

PushSecurity.Entities