Configuring PagerDuty as an alert destination in your Panther Console
Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring PagerDuty as the destination where you will receive alerts.
PagerDuty is a service to manage on-call rotations for critical systems. You can use the PagerDuty alert destination to page an on-call team. We typically only recommend this Destination for High and Critical severity issues that need to be addressed immediately.
How to set up PagerDuty alert destinations in Panther
Configure the integration in PagerDuty
Log in to your PagerDuty account.
Navigate to the Service Directory configuration page then click +New Service.
Fill out the form on the service configuration page.
For Integration Type, choose Use our API directly.
You will be redirected to the Integrations page for that service. On this page, copy out the Integration Key and store it in a secure location. You will need this in the next steps.
Configure the PagerDuty alert destination in Panther
Log in to the Panther Console.
In the left sidebar, click Integrations > Destinations. Click Create New in the upper right.
Fill out the form to configure the Destination:
Display Name: Enter a descriptive name.
Integration Key: Enter the PagerDuty Integration Key you generated in the earlier steps of this documentation.
Severity: Select the severity level of alerts to send to this Destination.
Alert Types: Select the alert types to send to this Destination.
Click Add Destination.
On the final page, optionally click Send Test Alert to test the integration. When you are finished, click Finish Setup.
Additional Information on Destinations
For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: Destinations.