Log Source Alarms

Overview

Use these API operations to manage drop-off alarms on log sources in Panther. These endpoints are designed for Terraform and other infrastructure-as-code workflows; see Managing Log Source Alarms with Terraform.

Only the SOURCE_NO_DATA alarm type is user-configurable and exposed via these endpoints. The other alarm types visible in the Panther Console (permissions checks, classification failures, log-processing errors, scanning errors) are system-managed.

Required permissions

For GET operations, your API token must have the View Log Sources permission.
For PUT and DELETE operations, your API token must have the Manage Log Sources permission.

Operations

get log source alarm

get

Get a specific alarm for a log source

Authorizations

X-API-KeystringRequired

Path parameters

sourceIdstring · uuidRequired

The ID of the log source

typestring · enumRequired

The alarm type. Only SOURCE_NO_DATA is exposed.

Possible values:

Responses

200

OK response.

application/json

minutesThresholdinteger · int32Optional

The no-data evaluation period in minutes.

statestring · enumOptional

The current CloudWatch state of the alarm

Possible values:

typestring · enumRequired

The alarm type

Possible values:

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

500

service: Internal Server Error response.

application/json

504

timeout: Gateway Timeout response.

application/vnd.goa.error

get

/log-source-alarms/{sourceId}/{type}

GET /log-source-alarms/{sourceId}/{type} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "minutesThreshold": 1,
  "state": "OK",
  "type": "SOURCE_NO_DATA"
}

put log source alarm

put

Create or update the drop-off threshold for a log source. Only the SOURCE_NO_DATA alarm type is user-configurable. Not supported for cloud-security sources (returns 400).

Authorizations

X-API-KeystringRequired

Path parameters

sourceIdstring · uuidRequired

The ID of the log source

typestring · enumRequired

The alarm type. Only SOURCE_NO_DATA is supported on PUT.

Possible values:

Body

minutesThresholdinteger · int32Required

The no-data evaluation period in minutes. Minimum 15, maximum 43200 (30 days).

Responses

200

OK response.

application/json

minutesThresholdinteger · int32Required

The configured no-data evaluation period in minutes

typestring · enumRequired

The alarm type

Possible values:

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

500

service: Internal Server Error response.

application/json

504

timeout: Gateway Timeout response.

application/vnd.goa.error

put

/log-source-alarms/{sourceId}/{type}

PUT /log-source-alarms/{sourceId}/{type} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 22

{
  "minutesThreshold": 1
}

{
  "minutesThreshold": 1,
  "type": "SOURCE_NO_DATA"
}

delete log source alarm

delete

Delete the drop-off alarm for a log source. Idempotent: returns 204 even if no alarm exists.

Authorizations

X-API-KeystringRequired

Path parameters

sourceIdstring · uuidRequired

The ID of the log source

typestring · enumRequired

The alarm type. Only SOURCE_NO_DATA is supported on DELETE.

Possible values:

Responses

204

No Content response.

400

bad_request: Bad Request response.

application/json

500

service: Internal Server Error response.

application/json

504

timeout: Gateway Timeout response.

application/vnd.goa.error

delete

/log-source-alarms/{sourceId}/{type}

DELETE /log-source-alarms/{sourceId}/{type} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

No content

PreviousS3 Sources NextQueries

Last updated 21 days ago

Was this helpful?