Docs HomePanther.comRelease NotesDemo Request
Search…
Overview
Quick Start
Data Sources & Transports
Writing Detections
Cloud Security Scanning
Destinations
Amazon SNS Destination
Amazon SQS Destination
Asana Destination
Custom Webhook Destination
GitHub Destination
Jira Destination
Microsoft Teams Destination
OpsGenie Destination
PagerDuty Destination
ServiceNow Destination (Custom Webhook)
Slack Destination
Data Analytics
Enrichment (Beta)
System Configuration
Alert Runbooks
Panther API (Beta)
Guides
Help
Powered By GitBook
Amazon SNS Destination
Configuring Amazon SNS as an alert destination in your Panther Console

Overview

Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring Amazon Simple Notification Service (SNS) as the destination where you will receive alerts.

How to set up Amazon SNS alert destinations in Panther

SNS Prerequisites

The SNS Destination requires a Topic ARN. When an alert is forwarded to an SNS Destination, it publishes a JSON string to that topic.
  1. 1.
    In the AWS SNS console, create a new Topic or navigate to the topic you wish to add as a destination. We will be editing its permissions so Panther can publish messages to it:
    ​
  2. 2.
    After selecting the SNS topic, click Edit then scroll down and expand the "Access policy" section:
    ​
  3. 3.
    After expanding the "Access policy" section, add the following statement to the Statement block. Be sure to replace the Resource field with the ARN of your own SNS Topic, and the Principal field with the AWS account ID where Panther is deployed.
    1
    {
    2
    "Sid": "AllowPantherAlarming",
    3
    "Effect": "Allow",
    4
    "Principal": {
    5
    "AWS": "arn:aws:iam::<YOUR-PANTHER-ACCOUNT-ID>:root"
    6
    },
    7
    "Action": "sns:Publish",
    8
    "Resource": "arn:aws:sns:us-west-2:<YOUR-PANTHER-ACCOUNT-ID>:<YOUR-TOPIC-NAME>"
    9
    }
    Copied!
    • To find your AWS account ID, go to Settings > General in the Panther Console. It is located in the footer:
      ​

Configure the Destination in Panther

  1. 1.
    Log in to the Panther Console and navigate to Integrations > Alert Destinations.
  2. 2.
    Click Create New and select AWS SNS.
  3. 3.
    Fill out the required fields, including the Topic ARN from the SNS Prerequisites section.
    ​
  4. 4.
    Click Add Destination.
  5. 5.
    On the next screen, click Finish Setup to complete your setup, or click Send Test Alert to test your setup.
    • Your SNS Topic will now be able to receive Panther alerts. If your goal is to set up email notifications with this topic, continue below.

Optional: Creating Email Notifications

  1. 1.
    In the AWS SNS console, click Create Subscription on the topic you just created. The topic ARN should match the topic you created.
    ​
  2. 2.
    Select Email in the protocol dropdown menu and enter the email address you would like to receive alerts to.
  3. 3.
    Click Create subscription
  4. 4.
    Confirm the subscription sent to your email before receiving alerts from this topic.

Additional Information on Destinations

For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: Destinations.
Previous
Destinations
Next
Amazon SQS Destination
Last modified 1mo ago
Copy link
Contents
Overview
How to set up Amazon SNS alert destinations in Panther
SNS Prerequisites
Configure the Destination in Panther
Optional: Creating Email Notifications
Additional Information on Destinations