Ctrlk
Knowledge BaseRelease NotesRequest Demo

Vercel Logs

Connecting Vercel logs to your Panther Console

Overview

Panther ingests Vercel audit logs through an HTTP source, which receives logs forwarded by Vercel's custom SIEM log streaming feature. Vercel is a platform for building and deploying web applications.

Vercel audit logs track team member activity, including project and deployment changes, domain modifications, team membership updates, environment variable changes, and integration events.

How to onboard Vercel logs to Panther

Prerequisites

  • A Vercel Enterprise plan (required for audit log access)

  • The Audit Logs and Custom SIEM Log Streaming permissions in Vercel

  • Permissions to create HTTP sources in your Panther Console

Step 1: Create a new Vercel source in Panther

  1. In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.

  2. Click Create New.

  3. Search for "Vercel", then click its tile.

  4. Click Start Setup.

  5. Under Basic Information, fill in the following fields:

    1. Enter a descriptive Name, e.g., Vercel Audit Logs.

    2. The Log Type will default to Vercel.Audit.

  6. The Auth Method will be pre-populated with Bearer.

    1. Generate a Bearer token and save it in a secure location—you will need it in Step 2.

  7. Click Setup.

    • You can optionally enable one or more Detection Packs.

    • The Trigger an alert when no events are processed setting defaults to YES. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.

Do not proceed to the next step until the creation of your HTTP endpoint has completed. After creating the HTTP source, the Panther Console will display your HTTP Source URL. Store this value in a secure location, as you will need it in Step 2.

Step 2: Configure Vercel to stream audit logs to Panther

  1. From your Vercel dashboard, go to Team Settings.

  2. In the sidebar, open Security & Privacy and scroll to Audit Log.

  3. Click the Configure button.

  4. Select HTTP POST as the SIEM provider.

  5. Configure the following fields:

    • URL: Enter the HTTP Source URL you generated in Step 1.

    • HTTP Header Name: Enter Authorization.

    • HTTP Header Value: Enter Bearer <token>, replacing <token> with the Bearer token you generated in Step 1.

    • Request Body Format: Select NDJSON.

  6. Save your configuration.

Detailed instructions for configuring Vercel's custom SIEM log streaming are available in the Vercel Audit Log documentation.

Supported log types

Vercel.Audit

Vercel Audit logs capture team member activity across your Vercel account, including project management, deployment actions, domain modifications, team membership changes, and environment variable updates. Each event includes the actor who performed the action, context such as IP address and user agent, and the affected target objects.

Reference: Vercel Audit Log Documentation

PreviousUpwind LogsNextWindows Event Logs

Last updated

Was this helpful?