The steps below will setup an SQS queue and will give you permissions to send data to that queue. Panther will pull events from that queue and will allow you to write rules and run queries on the processed data.
From Log Analysis, click Sources > Add Source > Amazon SQS
Friendly name of the source
The list of Log Types that you are going to send to this SQS queue
The ARNs of the AWS principals that will be allowed to publish messages to the SQS queue e.g.
The ARNs of the AWS resources (S3 buckets, SNS topics, etc) that can publish messages to that SQS queue e.g.
Note that if none of Allowed Principal ARNs and Allowed Source ARNs properties are set, only Principals of the AWS account where Panther is deployed will be able to publish messages to the queue. Click Continue Setup.
Click Save Source. Panther will create an SQS queue and will allow the ARNs specified above to publish messages to it. The SQS queue URL will be display in the next page
You are all done! You can now start sending messages to the SQS queue.