Notion Logs
Panther supports receiving Notion logs directly via webhook
Overview
Panther ingests Notion audit logs through an HTTP Source, which receives events from a Notion connection.
How to onboard Notion logs to Panther
Prerequisite
To successfully complete Step 2 below, your Notion user must have the Workspace owner role.
Step 1: Create a new Notion source in Panther
In the left-side navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Search for “Notion,” then click its tile.
In the slide-out panel, the Transport Mechanism dropdown in the upper-right corner will be pre-populated with the HTTP option.
Follow Panther's instructions for configuring an HTTP Source, beginning at Step 5.
The Schemas - Optional field will be pre-populated with the Notion schema(s).
You will be required to use HMAC authentication. This is the only method of authentication Notion supports.
The Header Name associated with your Secret Key Value will be locked with a value of
x-notion-signature
.Be sure to securely copy your Secret Key Value, and store it in a safe location, as you will need it in the next step.
Step 2: Create a new Panther Connection in Notion
From the left-side navigation bar of your Notion tenant, click Settings & Members > Connections.
Click the Workspace Connections tab.
Click +Add connection.
From the dropdown options, select Panther.
Click Connect.
Panther-managed detections
See Panther-managed rules for Notion in the panther-analysis GitHub repository.
Supported log types
Required fields in the schema are listed as "required: true"
Notion.AuditLogs
Notion.AuditLogs provide visibility into changes made to Notion workspaces.
Last updated