Knowledge BasePanther.comRelease NotesDemo Request
Search…
Overview
Quick Start
Data Sources & Transports
Data Transports
Supported Logs
1Password Logs
Apache Logs
Asana Logs
Atlassian Logs
AWS Logs
Box Logs
Cisco Umbrella Logs
Cloudflare Logs
CrowdStrike Logs
Dropbox Logs
Duo Security Logs
Fastly Logs
Fluentd Logs
GCP Logs
Github Logs
GitLab Logs
G Suite Logs
JAMF Pro Logs
Juniper Logs
Lacework Logs
Microsoft 365 Logs
Microsoft Graph Logs (Beta)
Nginx Logs
Okta Logs
OneLogin Logs
Osquery Logs
OSSEC Logs
Salesforce Logs
Sophos Logs
Slack Logs
Snyk Logs
Suricata Logs
Syslog Logs
Teleport Logs
Zeek Logs
Zoom Logs
Zendesk Logs
Custom Logs
Monitoring Log Sources
Writing Detections
Cloud Security Scanning
Destinations
Data Analytics
Enrichment (Beta)
System Configuration
Panther API (Beta)
Guides
Help
Powered By GitBook
Teleport Logs
Connecting Teleport logs to your Panther Console

Overview

Panther supports ingesting Teleport logs via common Data Transport options: Amazon Web Services (AWS) S3 and SQS.

How to onboard Teleport logs to Panther

To pull these logs into Panther:
  1. 1.
    Set up your Data Transport in the Panther Console.
    • Please follow Panther’s documentation for configuring the Data Transport option you will use:
  2. 2.
    Configure your Data Transport source to pull in logs from Teleport.
    • See the Data Transport service provider's documentation for instructions on pulling in logs.

Supported log types

Gravitational.TeleportAudit

Required fields are in bold.
Teleport logs events like successful user logins along with the metadata like remote IP address, time and the session ID. Please see Teleport's Cluster Administration Guide for more information.
Column
Type
Description
event
string
Event type
code
string
Event code
time
timestamp
Event timestamp
uid
string
Event unique id
user
string
Teleport user name (event type is 'user.login')
namespace
string
Server namespace. This field is reserved for future use.
server_id
string
Unique server ID.
sid
string
Session ID. Can be used to replay the session.
ei
int
Event numeric id
login
string
OS login
addr_local
string
Address of the SSH node
addr_remote
string
Address of the connecting client (user)
size
string
Size of terminal
success
boolean
Authentication success (if event type is 'auth')
error
string
Authentication error (event type is 'auth')
command
string
Command that was executed (event type is 'exec')
exitCode
int
Exit code of the command (event type is 'exec')
exitError
string
Exit error of the command (event type is 'exec')
pid
bigint
Process id of command
Previous
Syslog Logs
Next
Zeek Logs
Last modified 17d ago
Copy link
Outline
Overview
How to onboard Teleport logs to Panther
Supported log types
Gravitational.TeleportAudit