Tech Partner Log Source Integrations
Integrate your product with Panther as a Tech Partner
This page provides instructions for Panther Technology Partners who are integrating their product with Panther using a Data Transport source. If you are creating an API puller integration, please work directly with Panther’s Tech Partner team. If you would instead like to create an Alert Destination integration, see Tech Partner Alert Destination Integrations.
If you are a Panther customer looking for information on ingesting custom logs, please see the Custom Logs documentation.
Step 1: Contact Panther’s Tech Partner team
Fill out this form to contact our Tech Partner team.
You will work with our Tech Partner team to get access to a test instance and a shared Slack channel.
Step 2: Determine the integration method
If your application can export events to an S3 bucket, please see the S3 Source instructions.
If your data can use one of our other transport options, please see the individual Data Transport documentation pages.
The HTTP source is not recommended if your log source is high-volume (emits at least one GB per hour) and/or its payload size exceeds the HTTP payload limit.
Step 3: Generate a schema and detections
Generate sample data.
Infer a schema using your sample data.
Export your schema.
You can export your schema from the CLI using pantherlog, or you can copy it from the Panther Console and paste it into a text file.
Optionally, you may also create detections for your log source. This is strongly encouraged, as having detections available will promote adoption of your integration. Please contact Panther’s Tech Partner team for more information.
Step 4: Write instructional information about the integration
Please create a text file with the following information, which will be used to describe your platform in the Panther Console and to generate documentation for this integration:
A description of the application
Common use cases
The supported integration method
Any caveats or limitations
Any additional configurations needed to push logs from your service to the webhook or Data Transport source
Step 5: Submit to Panther for review
Zip the files containing the following:
The text file of information from Step 4
A square .svg file of the application’s logo
Your test data
The schema
The detections
Send the zipped file to Panther via your shared Slack channel.
After submitting your zip file, the Tech Partner team will work with you to coordinate next steps.
Last updated