# Tines Logs
## Overview
Panther can fetch [Tines](https://www.tines.com/) logs by querying the [Tines API](https://www.tines.com/api). Specifically, Panther pulls Tines Audit logs, by querying the [Audit logs API](https://www.tines.com/api/audit-logs).
To set up Tines as a log source in Panther, you'll need to generate a Tines API key that Panther can use to access your Tines instance, then set up Tines as a log source in Panther.
## How to onboard Tines logs to Panther
### Step 1: Generate a Tines API key
1. Follow [Tines's instructions on how to create an API key](https://www.tines.com/api/authentication).
2. Copy the API key and store it in a secure location, as you will need it to create the log source in Panther.
### Step 2: Create a new Tines source in Panther
1. In the left-hand navigation bar of your Panther Console, click **Configure** > **Log Sources**.
2. Click **Create New.**
3. Select **Tines** from the list of available log sources. Click **Start Source Setup**.
4. On the next screen, enter a descriptive name for the source, e.g., `My Tines Audit logs`.
5. Click **Setup.**
6. On the **Set Credentials** page, fill in the form:
* **Tines Domain**: Enter your Tines tenant domain. As [Tines's documentation outlines](https://www.tines.com/docs/quickstart/signing-in), Cloud deployments of Tines will have a domain similar to either `adjective-noun-1234.tines.io` or `adjective-noun-1234.tines.com`
* **API Key**: Enter the Tines API key you generated in the previous step of this documentation.
7. Click **Setup**. You will be directed to a success screen:
* You can optionally enable one or more [Detection Packs](https://docs.panther.com/detections/panther-managed/packs).
* The **Trigger an alert when no events are processed** setting defaults to **YES**. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.
## Panther-managed detections
See [Panther-managed](https://docs.panther.com/detections/panther-managed) rules for Tines in the [panther-analysis GitHub repository](https://github.com/panther-labs/panther-analysis/tree/master/rules/tines_rules).
## Supported log types
{% hint style="info" %}
Required fields in the schema are listed as **"required:true"** just below the "name" field.
{% endhint %}
### Tines.Audit
These are audit logs of events in a Tines tenant. For more information, see [Tines's Audit logs documentation](https://www.tines.com/api/audit-logs).
```yaml
schema: Tines.Audit
description: Audit logs from the Tines Audit Logs API
referenceURL: https://www.tines.com/api/audit-logs
fields:
- name: created_at
required: true
description: The date/time at which the audit log was created.
type: timestamp
timeFormats:
- rfc3339
isEventTime: true
- name: id
description: The ID of the audit log.
type: int
- name: inputs
description: JSON Inputs passed to the operation.
type: json
- name: operation_name
required: true
description: The name of the operation.
type: string
- name: request_ip
required: true
description: The IP Address the operation was triggered from.
type: string
indicators:
- ip
- name: request_user_agent
description: The user agent that the operation was triggered with.
type: string
- name: tenant_id
required: true
description: The ID of the tenant the operation was triggered on.
type: string
- name: user_email
description: The email of the user who triggered the operation.
type: string
indicators:
- email
- name: user_id
required: true
description: The ID of the user who triggered the operation.
type: string
- name: user_name
description: The name of the user who triggered the operation.
type: string
indicators:
- username
```
