Last updated
Was this helpful?
Last updated
Was this helpful?
Panther supports onboarding GitLab logs using mechanisms.
This page describes two processes: the onboarding process for GitLab audit logs, and the onboarding process for all other GitLab log types. These processes differ because audit logs are ingested through , while non-audit logs are pulled via the GitLab API.
Audit logs can be ingested with the , while other GitLab logs can be ingested with Amazon Web Services (AWS) and .
To ingest GitLab audit logs into Panther using as described below, you must have .
This process outlines how to onboard GitLab logs. To onboard other types of GitLab logs, such as , , , , and logs, follow the separate process below.
In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Search for “GitLab,” then click its tile.
In the slide-out panel, the Transport Mechanism dropdown in the upper right corner will be pre-populated with the HTTP option.
Click Start Setup.
Follow Panther's , beginning at Step 5.
You will be required to use . This is the only method of authentication GitLab supports.
The Header Name associated with your Secret Key Value will be locked with a value of x-panther-gitlab
.
Payloads sent to this source are subject to the .
Do not proceed to the next step until the creation of your HTTP endpoint has completed.
In the Destination field, enter the URL you generated in Step 1.
Add a header with the name x-panther-gitlab
and the secret you configured in Panther in Step 1.
To connect these logs into Panther:
Log in to the Panther Console.
In the left sidebar, click Configure > Log Sources.
Click Create New.
Search for the log type you want to onboard, then click its tile.
Select the data transport method you wish to use for this integration, then follow Panther's instructions for configuring the method:
Configure GitLab to push logs to the Data Transport source.
See GitLab's documentation for instructions on pushing logs to your selected Data Transport source.
Panther uses the latest version of GitLab API logs. Some fields differ from the official documentation.
Multi-use schema for GitLab audit events, from both self-hosted audit log files and GitLab's audit event streaming feature.
GitLab log file containing changes to group or project settings
GitLab log file containing all failed requests from GitLab to Git repositories.
GitLab log with information about integrations activities such as Jira, Asana, and Irker services.
GitLab log for Production controller requests received from GitLab
In the GitLab documentation, follow the process.
The process below outlines how to onboard non-audit GitLab logs to Panther, such as , , , , and logs. If you'd like to onboard logs, follow the separate process above.
Reference: .
For more information, see and .
Reference: .
Reference: .
Reference: .
Reference: .
Connecting GitLab logs to your Panther Console