Configuring Amazon SQS as an alert destination in your Panther Console
Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring Amazon Simple Queue Service (SQS) as the destination where you will receive alerts.
How to set up Amazon SQS alertdestinations in Panther
SQS Queue setup
First, you need to create an SQS queue and grant Panther permission to send to it:
Navigate to the AWS SQS Console and click Create New Queue to create a new queue. In the Name field, enter a name of the new queue.
In the "Access Policy" section of your new queue's Basic setup options, under "Define who can send messages to the queue," select Only the specified AWS Accounts, IAM users and roles.
In the field below "Only the specified AWS Accounts, IAM users and roles," enter the AWS Account ID from your Panther Console.
To find your AWS account ID, go to Settings > General in the Panther Console. It is located in the footer.
Click Save at the bottom of the SQS Create Queue page to save your new queue.
Setting up the Destination in Panther
Next, add your SQS Queue destination to Panther.
Log in to your Panther Console and navigate to Integrations > Alert Destinations.
Click +Add your first Destination.
If you have already created Destinations, click + in the upper right side of the page to add a new Destination.
Click Amazon SQS from the list of options.
Fill in the form to configure the SQS destination:
Display Name: Enter a descriptive name.
Queue URL: Enter your SQS Queue URL. This can be found in the "Details" tab in your AWS SQS console.
Click Add Destination.
Click Finish Setup to complete your setup, or click Send Test Alert to test your setup.
Additional Information on Destinations
For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: Destinations.