Knowledge Base Community Release Notes Request Demo

Log Sources

REST API operations for log sources

Overview

The /log-sources REST API operations are in open beta starting with Panther version 1.111, and are available to all customers. Please share any bug reports and feature requests with your Panther support team.

Use these API operations to interact with log sources in Panther. Currently, interactions with HTTP Sources are supported. (This does not include supported log sources that use HTTP as their transport mechanism.)

To call the API, see the How to use the Panther REST API instructions—including directions for how to invoke it directly from this documentation page.

Required permissions

For GET operations, your API token must have the View Log Sources permission.
For POST, PUT, and DELETE operations, your API token must have the Manage Log Sources permission.

Operations

PreviousGlobals NextQueries

Last updated 29 days ago

Was this helpful?

create http source

post

/log-sources/http

Authorizations

Body

authBearerTokenstring

The authentication bearer token value of the http source. Used for Bearer auth method

authHeaderKeystring

The authentication header key of the http source. Used for HMAC and SharedSecret auth methods

authHmacAlgstring

The authentication algorithm of the http source. Used for HMAC auth method

authMethodenumrequired

The authentication method of the http source

Options: SharedSecret, HMAC, Bearer, Basic, None

authPasswordstring

The authentication header password of the http source. Used for Basic auth method

authSecretValuestring

The authentication header secret value of the http source. Used for HMAC and SharedSecret auth methods

authUsernamestring

The authentication header username of the http source. Used for Basic auth method

integrationLabelstringrequired

The integration label (name)

logStreamTypeenumrequired

The log stream type

Options: Auto, CloudWatchLogs, JSON, JsonArray, Lines

logTypesstring[]required

The log types of the integration

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url 'https://your-api-host/log-sources/http' \
  --header 'X-API-Key: YOUR_API_KEY' \
  --header 'Content-Type: application/json' \
  --data '{"authMethod":"SharedSecret","integrationLabel":"text","logStreamType":"Auto","logTypes":[null]}'

201

400

409

500

{
  "authBearerToken": "text",
  "authHeaderKey": "text",
  "authHmacAlg": "text",
  "authMethod": "SharedSecret",
  "authPassword": "text",
  "authSecretValue": "text",
  "authUsername": "text",
  "integrationId": "text",
  "integrationLabel": "text",
  "logStreamType": "Auto",
  "logTypes": [
    "text"
  ]
}

Created response.

get http source

get

/log-sources/http/{id}

Authorizations

Path parameters

idstringrequired

ID of the http source to fetch

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'https://your-api-host/log-sources/http/{id}' \
  --header 'X-API-Key: YOUR_API_KEY'

200

400

404

500

{
  "authBearerToken": "text",
  "authHeaderKey": "text",
  "authHmacAlg": "text",
  "authMethod": "SharedSecret",
  "authPassword": "text",
  "authSecretValue": "text",
  "authUsername": "text",
  "integrationId": "text",
  "integrationLabel": "text",
  "logStreamType": "Auto",
  "logTypes": [
    "text"
  ]
}

OK response.

put http source

put updates an http source

put

/log-sources/http/{id}

Authorizations

Path parameters

idstringrequired

ID of the http source to update

Body

authBearerTokenstring

The authentication bearer token value of the http source. Used for Bearer auth method

authHeaderKeystring

The authentication header key of the http source. Used for HMAC and SharedSecret auth methods

authHmacAlgstring

The authentication algorithm of the http source. Used for HMAC auth method

authMethodenumrequired

The authentication method of the http source

Options: SharedSecret, HMAC, Bearer, Basic, None

authPasswordstring

The authentication header password of the http source. Used for Basic auth method

authSecretValuestring

The authentication header secret value of the http source. Used for HMAC and SharedSecret auth methods

authUsernamestring

The authentication header username of the http source. Used for Basic auth method

integrationLabelstringrequired

The integration label (name)

logStreamTypeenumrequired

The log stream type

Options: Auto, CloudWatchLogs, JSON, JsonArray, Lines

logTypesstring[]required

The log types of the integration

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --request PUT \
  --url 'https://your-api-host/log-sources/http/{id}' \
  --header 'X-API-Key: YOUR_API_KEY' \
  --header 'Content-Type: application/json' \
  --data '{"authMethod":"SharedSecret","integrationLabel":"text","logStreamType":"Auto","logTypes":[null]}'

200

400

404

409

500

{
  "authBearerToken": "text",
  "authHeaderKey": "text",
  "authHmacAlg": "text",
  "authMethod": "SharedSecret",
  "authPassword": "text",
  "authSecretValue": "text",
  "authUsername": "text",
  "integrationId": "text",
  "integrationLabel": "text",
  "logStreamType": "Auto",
  "logTypes": [
    "text"
  ]
}

OK response.

delete http source

delete

/log-sources/http/{id}

Authorizations

Path parameters

idstringrequired

ID of the http source to delete

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --request DELETE \
  --url 'https://your-api-host/log-sources/http/{id}' \
  --header 'X-API-Key: YOUR_API_KEY'

204

400

500

No body

No Content response.