Ctrlk
Knowledge BaseRelease NotesRequest Demo

S3 Sources (Beta)

Overview

The S3 Sources API endpoints are in open beta starting with Panther version 1.122, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.

Use these API operations to interact with S3 Sources in Panther.

Required permissions

  • For GET operations, your API token must have the View Log Sources permission.

  • For POST, PUT, and DELETE operations, your API token must have the Manage Log Sources permission.

create s3 source

post
Authorizations
X-API-KeystringRequired
Body
awsAccountIdstringRequired

The 12-digit AWS account ID where the S3 bucket resides

integrationLabelstringRequired

The integration label (name)

kmsKeystringOptional

KMS key ARN for server-side encryption. Omit if the bucket is not KMS-encrypted.

logProcessingRolestringRequired

The IAM role ARN that Panther assumes to read from the S3 bucket

logStreamTypestring · enumRequired

The log stream type. Supported: Auto, JSON, JsonArray, Lines, XML, CloudWatchLogs

Possible values:
managedBucketNotificationsbooleanRequired

Whether Panther should configure the S3 bucket notifications automatically

s3BucketstringRequired

The S3 bucket name

Responses
201

Created response.

application/json
awsAccountIdstringOptional

The AWS account ID where the S3 bucket resides

integrationIdstringOptional

The unique ID of the S3 log source

integrationLabelstringOptional

The integration label (name)

kmsKeystringOptional

KMS key ARN for server-side encryption. Omit if the bucket is not KMS-encrypted.

logProcessingRolestringOptional

The IAM role ARN that Panther assumes to read from the S3 bucket

logStreamTypestring · enumOptional

The log stream type. Supported: Auto, JSON, JsonArray, Lines, XML, CloudWatchLogs

Possible values:
managedBucketNotificationsbooleanOptional

Whether Panther should configure the S3 bucket notifications automatically

s3BucketstringOptional

The S3 bucket name

post
/log-sources/s3

get s3 source

get
Authorizations
X-API-KeystringRequired
Path parameters
idstringRequired

ID of the S3 source to fetch

Responses
get
/log-sources/s3/{id}

put s3 source

put
Authorizations
X-API-KeystringRequired
Path parameters
idstringRequired

ID of the S3 source to update

Body
integrationLabelstringRequired

The integration label (name)

kmsKeystringOptional

KMS key ARN for server-side encryption. Omit if the bucket is not KMS-encrypted.

logProcessingRolestringRequired

The IAM role ARN that Panther assumes to read from the S3 bucket

logStreamTypestring · enumRequired

The log stream type. Supported: Auto, JSON, JsonArray, Lines, XML, CloudWatchLogs

Possible values:
managedBucketNotificationsbooleanRequired

Whether Panther should configure the S3 bucket notifications automatically

Responses
put
/log-sources/s3/{id}

delete s3 source

delete
Authorizations
X-API-KeystringRequired
Path parameters
idstringRequired

ID of the S3 source to delete

Responses
delete
/log-sources/s3/{id}
No content
PreviousPub/Sub Sources (Beta)NextLog Source Alarms

Last updated

Was this helpful?