# Operations
## Assessing Data Ingest Volume
You can use the [Panther API metrics operations](https://docs.panther.com/panther-developer-workflows/api/graphql/metrics) to measure the total number of bytes and events that Panther ingested or processed over a specific time period. For other methods of assessing data ingestion volume, see the sections below.
### SaaS deployments of Panther
Please reach out to your Panther account team for help accessing this data.
### Self-Hosted and CPaaS deployment of Panther
{% hint style="warning" %}
The information below applies to [Self-Hosted](https://docs.panther.com/system-configuration/panther-deployment-types/legacy-configurations/self-hosted-deployments) and CPaaS deployment types.
{% endhint %}
The Panther log analysis CloudWatch dashboard provides deep insight into operationally relevant aspects of log processing. Understanding the ingest volume is critically important to forecast the cost of running Panther.
In the Dashboard of your Panther Console, you can view the volume of logs ingested. This can be used, in combination with your AWS bill, to forecast costs as you scale your data. We suggest you use a month of data to estimate your costs.
To view the CloudWatch dashboard:
1. Log in to the AWS Console.
2. Click **CloudWatch** from the Services menu.
3. Click **Dashboards** from the left sidebar of the CloudWatch console.\
4. Click the dashboard name beginning with `PantherLogAnalysis`\
%20\(6\)%20\(4\).png?alt=media)
5. Click the three dots icon in upper right corner of the tile titled "Input MBytes (Uncompressed) by Log Type". In the dropdown menu, click **View in CloudWatch Insights**.\
%20\(6\)%20\(8\)%20\(5\).png?alt=media)
6. Set the time period for 4 weeks, then click **Apply**.
7. At the top of the Logs Insights page, click **Run Query**.
## `s3sns` tool
Panther provides `s3sns`, an operational tool that lists S3 objects and posts S3 notifications to the Panther log processor SNS topic. This tool is a statically compiled executable for Linux, Mac (including Darwin) and Windows.
This tool requires that [AWS credentials](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html) be set in the environment with sufficient privileges. We recommend a tool to manage these securely such as [AWS Vault](https://github.com/99designs/aws-vault).
{% hint style="warning" %}
Do not run this tool unless specifically advised by a Panther team member.
{% endhint %}
### Downloading the latest version of the `s3sns` tool
Find download links for the latest version of `s3sns` below. Running these commands with the `-h` flag will explain usage.
s3sns latest download links
Download the latest version at the following links:
* [Darwin amd64](https://panther-community-us-east-1.s3.amazonaws.com/latest/tools/darwin-amd64-s3sns.zip)
* [Darwin arm64](https://panther-community-us-east-1.s3.amazonaws.com/latest/tools/darwin-arm64-s3sns.zip)
* [Linux amd64](https://panther-community-us-east-1.s3.amazonaws.com/latest/tools/linux-amd64-s3sns.zip)
* [Linux arm64](https://panther-community-us-east-1.s3.amazonaws.com/latest/tools/linux-arm64-s3sns.zip)
* [Windows amd64](https://panther-community-us-east-1.s3.amazonaws.com/latest/tools/windows-amd64-s3sns.exe.zip)
* [Windows arm64](https://panther-community-us-east-1.s3.amazonaws.com/latest/tools/windows-arm64-s3sns.exe.zip)
### Downloading a specific version of the `s3sns` tool
If you'd like to download the latest version of the `s3sns` tool, use the download links above. If you'd like to download a specific version of a tool, follow the instructions below.
#### Step 1: Confirm your Panther version
1. Log in to the Panther Console.
2. In the upper right corner, click your user icon. Note the Panther version at the bottom of the dropdown menu.
#### Step 2: Construct the download link
To download a specific version of `s3sns`, construct the S3 download URL manually, using the following format:
`https://panther-community-us-east-1.s3.amazonaws.com/{version}/tools/{os}-{arch}-s3sns{windows file extension}.zip`\
\
Replace the placeholder text in the download URL as described below:
* `version`: Your version of Panther, e.g. `v1.114.90`. Be sure to include `v` before the version number.
* `latest` can replace `version` to download the latest version of the tool.
* `os`: Use one of the following: `darwin`, `linux` , or `windows`
* `arch`: Use `amd64` or `arm64`
* `{windows file extension}`: If your `os` value is `windows`, add `.exe` here. If your `os` value is `darwin` or `linux`, do not add anything here.
**Example complete tool link using `{version}`**\
`https://panther-community-us-east-1.s3.amazonaws.com/v1.114.90/tools/darwin-amd64-s3sns.zip`
**Example download link using `latest`**
`https://panther-community-us-east-1.s3.amazonaws.com/latest/tools/darwin-amd64-s3sns.zip`
## Monitoring
{% hint style="warning" %}
The information below applies to legacy [Self-Hosted](https://docs.panther.com/system-configuration/panther-deployment-types/legacy-configurations/self-hosted-deployments) and CPaaS deployment types. Panther no longer supports these deployment types for new accounts.
{% endhint %}
### Visibility
Panther has 5 CloudWatch dashboards to provide visibility into the operation of the system:
* **PantherOverview** An overview of all errors and performance of all Panther components.
* **PantherCloudSecurity**: Details of the components monitoring infrastructure for CloudSecurity.
* **PantherAlertProcessing**: Details of the components that relay alerts for CloudSecurity and Log Processing.
* **PantherLogAnalysis**: Details of the components processing logs and running rules.
* **PantherRemediation**: Details of the components that remediate infrastructure issues.
### Alarms
Panther uses CloudWatch Alarms to monitor the health of each component. Edit the `deployments/panther_config.yml` file to associate an SNS topic you have created with the Panther CloudWatch alarms to receive notifications. If this value is blank then Panther will associate alarms with the default Panther SNS topic called `panther-alarms`:
```yaml
MonitoringParameterValues:
# This is the arn for the SNS topic you want associated with Panther system alarms.
# If this is not set alarms will be associated with the SNS topic `panther-alarms`.
AlarmSNSTopicARN: 'arn:aws:sns:us-east-1:05060362XXX:MyAlarmSNSTopic'
```
To configure alarms to send to your team, follow the guides below:
* [SNS Email and SMS Integration](https://docs.aws.amazon.com/sns/latest/dg/sns-user-notifications.html)
* [PagerDuty Integration](https://support.pagerduty.com/docs/aws-cloudwatch-integration-guide)
Note: Pager Duty cannot [handle composite CloudWatch alarms](https://community.pagerduty.com/forum/t/composite-alarm-in-cloudwatch-not-triggering-pd-integration/1798), which Panther uses to avoid duplicate pages to oncall staff. As a workaround, you can use a `Custom Event Transformer`.
Follow the [instructions ](https://www.pagerduty.com/docs/guides/custom-event-transformer/)using the below code:
```javascript
var details = JSON.parse(PD.inputRequest.rawBody);
var description = "unknown event";
if ("AlarmDescription" in details) { // looks like a CloudWatch event ...
var descLines = details.AlarmDescription.split("\n");
description = (descLines.length > 1)? descLines[0] + " " + descLines[1] : descLines[0];
}
var normalized_event = {
event_type: PD.Trigger,
description: description,
incident_key: description,
details: details
};
PD.emitGenericEvents([normalized_event]);
```
Configure the SNS topic to use `RawMessageDelivery: true` when creating the Pager Duty subscription.
%20(6)%20(8)%20(6).png?alt=media)
