Push Security Logs
Connecting Push Security logs in your Panther Console
Overview
Panther ingests Push Security logs by configuring a webhook to post events to a Panther HTTP source.
How to onboard Push Security logs to Panther
Step 1: Create a Push Security source in Panther
In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Search for “Push Security,” then click its tile.
In the slide-out panel, the Transport Mechanism dropdown in the upper-right corner will be pre-populated with the HTTP option.
Click Start Setup.
Follow Panther's instructions for configuring an HTTP Source.
For the Auth method, select HMAC.
In the Header Name field, enter
x-signature.
Payloads sent to this source are subject to the payload requirements for all HTTP sources.
Do not proceed to the next step until the creation of your HTTP endpoint has completed.
After creating the HTTP source, the Panther Console will display your HTTP Source URL—store this and the Secret Key Value in a secure location, as you will need them in the next step.
Step 2: Create a new webhook in Push Security
In the Push Security Ingesting events using Panther documentation, follow the Configure the integration in Push instructions to set up a Panther webhook integration.
Panther-managed detections
See Panther-managed rules for Push Security in the panther-analysis GitHub repository.
Supported log types
PushSecurity.Activity
PushSecurity.Controls
PushSecurity.Entities
Last updated
Was this helpful?