Managing HTTP Log Sources with Terraform

Manage HTTP log sources as code in Terraform

PreviousManaging AWS S3 Log Sources with Terraform Nextpantherlog Tool

Last updated 17 days ago

Was this helpful?

Managing HTTP Log Sources with Terraform

Manage HTTP log sources as code in Terraform

Overview

You can define your HTTP log source in Terraform using the Panther .

Other methods to create an HTTP log source include directly and .

How to define your Panther HTTP log source in Terraform

The following sections outline how to define your HTTP log source in HashiCorp Configuration Language (HCL).

Prerequisite

Before starting, ensure you have an API URL and token with the Manage Log Sources permission. This is required to complete .
- If needed, follow .

Step 1: Choose an authentication method

Select an authentication method for your HTTP endpoint from the .

The authentication method you select will determine the variables you define in Step 2, below.

Step 2: Define variables

Define a variables.tf file with the Panther variables shown in the code block below.

variable "panther_api_token" {
  description = "Panther API token"
  type        = string
}

variable "panther_api_url" {
  description = "Panther API URL"
  type        = string
}

variable "integration_label" {
  description = "The name of the integration."
  type        = string
}

variable "auth_method" {
  description = "Authentication method used."
  type        = string
}

// Auth variables are specific to auth_method. See table below
variable "auth_header_key" {
  description = "Key for the authentication header."
  type        = string
}

variable "auth_secret_value" {
  description = "Authentication secret value."
  type        = string
  sensitive   = true
}

// (Optional) Relevant only when log_stream_type = "JsonArray"
variable "json_array_envelope_field" {
  description = "Envelope field for json array stream"
  type        = string
}

Authentication method-specific variables

In your variables.tf file, include the values in the Additional variables column below for the authentication method you chose in Step 1.

Authentication method

auth_method value

Additional variables

SharedSecret

auth_header_key, auth_secret_value

HMAC

auth_header_key, auth_secret_value

Bearer

auth_bearer_token

Basic

auth_username, auth_password

None

Step 3: Provide values for the defined variables

- Your panther_api_url value should be your root API URL. This is either:

panther_api_token         = "XXXXXXXXXX"
panther_api_url           = "https://your-panther-url/v1"
integration_label         = "test-integration"
auth_method               = "SharedSecret" // SharedSecret, HMAC, Bearer, Basic, or None
// Auth variables are specific to auth_method. See table in Step 2
auth_header_key           = "x-api-key"
auth_secret_value         = "XXXXXXXXXX"
json_array_envelope_field = "records"

Step 4: Define the Terraform provider

terraform {
  required_providers {
    panther = {
      source = "panther-labs/panther"
      version = "~> 0.2.4"
    }
  }
}

Step 5: Define Panther HTTP log source

The following HCL configuration defines the HTTP log source in Panther.

provider "panther" {
  token = var.panther_api_token
  url   = var.panther_api_url
}

resource "panther_httpsource" "demo_http_source" {
  integration_label = var.integration_label
  log_stream_type   = "JSON" // Options: JSON, JsonArray, Auto, Lines, and CloudWatchLogs
  log_types         = ["AWS.CloudTrail"]
  auth_method       = var.auth_method
  // Auth variables are specific to auth_method. See table in Step 2
  auth_header_key   = var.auth_header_key
  auth_secret_value = var.auth_secret_value
  // (Optional) Relevant only when log_stream_type = "JsonArray"
  log_stream_type_options = {
    json_array_envelope_field = var.json_array_envelope_field
  }
}

PreviousManaging AWS S3 Log Sources with Terraform Nextpantherlog Tool

Last updated 17 days ago

Was this helpful?