Rapid7 Logs
Connecting Rapid7 logs to your Panther Console
Last updated
Was this helpful?
Connecting Rapid7 logs to your Panther Console
Last updated
Was this helpful?
Panther can pull in Rapid7's via .
Follow the .
Copy the Data Storage Region value and store it in a secure location, as you will need it in a following step.
Follow the . It's recommended to create an organization key (instead of a user key), as it to properly view and query audit log events.
Copy the API key value and store it in a secure location, as you will need it in a following step.
In the left-side navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Search for “Rapid7,” then click its tile.
On the slide-out panel, click Start Setup.
On the next screen, enter a descriptive name for the source, e.g., My Rapid7 logs.
On the Set Credentials page, fill in the fields:
Storage Region: Enter the shortened version of the Data Storage Region you noted from Rapid7 in Step 1. For example, if your region is United States - 3, enter us3.
If you need to find this value again, you can do so in the Rapid7 Platform console, within the Home section of the Settings page. You may also be able to see it in your Rapid7's console URL.
API Key: Enter the API key you generated in Rapid7 in Step 2.
Click Setup. You will be directed to a success screen:
You can optionally enable one or more .
The Trigger an alert when no events are processed setting defaults to YES. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.
