Thinkst Canary Logs
Connecting Thinkst Canary logs in your Panther Console
Last updated
Was this helpful?
Connecting Thinkst Canary logs in your Panther Console
Last updated
Was this helpful?
Panther ingests alert logs by configuring a webhook to post events to a Panther .
Thinkst Canary honeypots and honeytokens can be deployed in minutes and piped into Panther with just a few clicks. In Panther, you can correlate Canary alerts with other security events to enable centralized threat detection, streamlined incident response, and enhanced visibility across your network security posture.
To connect these logs into Panther:
In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Search for “Thinkst Canary,” then click its tile.
In upper-right corner of the slide-out panel, click Start Setup.
Follow Panther's , beginning at Step 5.
For the Auth method, select . This is the only method of authentication Thinkst Canary supports.
Payloads sent to this source are subject to the .
Do not proceed to the next step until the creation of your HTTP endpoint has completed.
In the upper-right corner of your Thinkst Canary console, click the gear icon > Global Settings.
In the left-hand navigation bar, click Webhooks.
Click Add New Webhook.
In the Add New Webhook pop-up modal, click Add Generic.
In the Add new Generic Webhook pop-up modal, configure the webhook fields:
Add custom request headers: Toggle this field on.
The header name and value should only be shared between your Thinkst Canary console and Panther.
Click Save.
Under Global Webhooks Feed, click the plus sign icon (+).
Webhook URL: Paste the HTTP Source URL you generated in Panther in .
Enter header name: Enter the Header Name you entered in Panther in .
Enter header value: Enter the Shared Secret Value you entered or generated in Panther in .
See rules for Thinkst Canary in the .