Push Security Logs

Overview

Panther ingests Push Security logs by configuring a webhook to post events to a Panther HTTP source.

How to onboard Push Security logs to Panther

Step 1: Create a Push Security source in Panther

1. In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.

2. Click Create New.

3. Search for “Push Security,” then click its tile.

   • In the slide-out panel, the Transport Mechanism dropdown in the upper-right corner will be pre-populated with the HTTP option.

4. Click Start Setup.

5. Follow Panther's instructions for configuring an HTTP Source.

   • For the Auth method, select None.

   • Payloads sent to this source are subject to the payload requirements for all HTTP sources.

   • Do not proceed to the next step until the creation of your HTTP endpoint has completed.

After creating the HTTP source, the Panther Console will display your HTTP Source URL. Store this value in a secure location, as you will need it in the next steps.

Step 2: Create a new webhook in Push Security

1. In the left-hand navigation bar of Push Security, click the gear icon to access Settings.

2. In the left-hand navigation bar, click Webhooks.

3. On the Webhooks page, click +Webhook.

4. In the URL field, enter the Panther URL you generated while creating the HTTP source in Step 1.

5. Click Generate Webhook.

Panther-managed detections

See Panther-managed rules for Push Security in the panther-analysis GitHub repository.

Supported log types

PushSecurity.Activity

PushSecurity.AttackDetection

PushSecurity.Entities