Notion Logs

Overview

Panther ingests Notion audit logs through an HTTP Source, which receives events from a Notion connection.

How to onboard Notion logs to Panther

Prerequisite

• To successfully complete Step 2 below, your Notion user must have the Workspace owner role.

Step 1: Create a new Notion source in Panther

1. In the left-side navigation bar of your Panther Console, click Configure > Log Sources.

2. Click Create New.

3. Search for “Notion,” then click its tile.

   • In the slide-out panel, the Transport Mechanism dropdown in the upper-right corner will be pre-populated with the HTTP option.

4. Click Start Setup.

5. Follow Panther's instructions for configuring an HTTP Source, beginning at Step 5.

   • The Schemas - Optional field will be pre-populated with the Notion schema(s).

   • You will be required to use HMAC authentication. This is the only method of authentication Notion supports.

     • The Header Name associated with your Secret Key Value will be locked with a value of x-notion-signature.

     • Be sure to securely copy your Secret Key Value, and store it in a safe location, as you will need it in the next step.

Step 2: Create a new Panther Connection in Notion

1. From the left-side navigation bar of your Notion tenant, click Settings & Members > Connections.

2. Click the Workspace Connections tab.

3. Click +Add connection.

4. From the dropdown options, select Panther.

5. In the popup modal, provide values for the following fields:

   • Webhook URL: Enter the HTTP Source URL you generated in Step 1.

   • Secret code: Enter the Secret Key Value you used in Step 1.

6. Click Connect.

Panther-managed detections

See Panther-managed rules for Notion in the panther-analysis GitHub repository.

Supported log types

Notion.AuditLogs

Notion.AuditLogs provide visibility into changes made to Notion workspaces.