# Amazon SNS Destination

## Overview

Destinations are integrations that receive alerts from rules, policies, system health notifications, and rule errors. Panther supports configuring [Amazon Simple Notification Service (SNS)](https://aws.amazon.com/sns/) as the destination where you will receive alerts.

## How to set up Amazon SNS alert destinations in Panther

### SNS Prerequisites

The SNS Destination requires a `Topic ARN`. When an alert is forwarded to an SNS Destination, it publishes a JSON string to that topic.

1. In the AWS [SNS console](https://us-west-2.console.aws.amazon.com/sns/v3/home#/topics), create a new Topic or navigate to the topic you wish to add as a destination. We will be editing its permissions so Panther can publish messages to it:\
   ![The image shows the AWS SNS Console's "Topics" page, which lists your topics. In the list there is a topic named "ExampleTopic."  ](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-f0c291d0e37b46de809e2a99e2a4cdcace26a825%2Fsns1%20\(7\)%20\(1\)%20\(1\)%20\(1\)%20\(11\)%20\(1\)%20\(1\)%20\(1\)%20\(1\)%20\(16\).png?alt=media)
2. After selecting the SNS topic, click **Edit** then scroll down and expand the "Access policy" section:\
   ![The image shows the AWS SNS Console with the editor open for the topic called "ExampleTopic." There are sections for Details, Encryption, and Access policy. The Access policy section is expanded and displays a JSON text editor.](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-4ab1a5b41c33413fa8785b02a9323743a7aca698%2Fsns2%20\(8\)%20\(1\)%20\(1\)%20\(1\)%20\(11\)%20\(1\)%20\(1\)%20\(1\)%20\(1\)%20\(15\).png?alt=media)
3. After expanding the "Access policy" section, add the following statement to the **Statement** block. Be sure to replace the `Principal` field with the AWS account ID where Panther is deployed and the `Resource` field with the ARN of your own SNS Topic and the ID of the AWS account it resides in.

   ```
       {
         "Sid": "AllowPantherAlarming",
         "Effect": "Allow",
         "Principal": {
           "AWS": "arn:aws:iam::<YOUR-PANTHER-AWS-ACCOUNT-ID>:root"
         },
         "Action": "sns:Publish",
         "Resource": "<SNS-DESTINATION-ARN>:<SNS-AWS-ACCOUNT-ID>:<YOUR-TOPIC-NAME>"
       }
   ```

   * To find your Panther AWS account ID, go to **Settings > General** in the Panther Console. It is located in the footer:\
     ![The image shows the footer of the Panther Console. The footer contains the AWS Account ID, version, AWS region, and Gateway Public IP.](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2F2kexoj4k2zcHShiYJBjm%2FScreen%20Shot%202022-08-02%20at%206.12.57%20PM.png?alt=media\&token=269de4dd-b8b0-4ae7-9348-eb067ef215fa)

### Configure the Destination in Panther

1. Log in to the Panther Console and navigate to **Configure > Alert Destinations**.
2. Click **+Add your first Destination**.
   * If you have already created Destinations, click **Create New** in the upper right side of the page to add a new Destination.
3. Click **AWS SNS** in the list of options.
4. Fill out the form to configure the Destination:&#x20;
   * **Display Name**: Enter a descriptive name.
   * **Topic ARN**: Enter the value of the Topic ARN from the SNS [Prerequisites](#sns-prerequisites) section.
   * **Severity**: Select the severity level of alerts to send to this Destination.
   * **Alert Types**: Select the alert types to send to this Destination.
   * **Log Type**: By default, we will send alerts from all log types. Specify log types here if you want to only send alerts from specific log types. \
     ![The image shows the "Configure your SNS Destination" page in the Panther Console. It contains fields for Display Name, Topic ARN, Severity, Alert Types, and Log Types.](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2FwexkWILlhpVQnJZ2szcr%2FScreen%20Shot%202022-08-31%20at%2012.25.10.png?alt=media\&token=bb56c26d-d27c-4ac1-9962-656b0a7ebf27)
5. Click **Add Destination.**
6. On the next screen, click **Finish Setup** to complete your setup, or click **Send Test Alert** to test your setup.
   * Your SNS Topic will now be able to receive Panther alerts. If your goal is to set up email notifications with this topic, continue below.

### Optional: Creating Email Notifications

1. In the AWS SNS console, click **Create Subscription** on the topic you just created. The topic ARN should match the topic you created.\
   ![The image shows the AWS SNS Console's page for creating a subscription. The Details section is expanded to show fields for Topic ARN, Protocol, and Endpoint. There is a "Create Subscription" button at the bottom.](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-eaff9de855e9cf43cb09919eac4d965d9d6bf159%2Fimage%20\(12\)%20\(1\)%20\(1\)%20\(1\)%20\(1\)%20\(1\)%20\(1\)%20\(1\).png?alt=media)
2. Select **Email** in the protocol dropdown menu and enter the email address you would like to receive alerts to.
3. Click **Create subscription**
4. Confirm the subscription sent to your email before receiving alerts from this topic.\\

## Additional Information on Destinations

For more information on alert routing order, modifying or deleting destinations, and workflow automation, please see the Panther docs: [Destinations](https://docs.panther.com/destinations).