Search…
SQS source
The steps below will setup an SQS queue and will give you permissions to send data to that queue. Panther will pull events from that queue and will allow you to write rules and run queries on the processed data.

Step 1: Choose SQS source

From Integrations, click Log Sources > Add Source > Data Transport > SQS Queue

Step 2: Enter the source details

Field
Required?
Description
Name
Yes
Friendly name of the source
Log Types
Yes
The list of Log Types that you are going to send to this SQS queue
Allowed Principal ARNs
No
The ARNs of the AWS principals that will be allowed to publish messages to the SQS queue e.g. arn:aws:iam::012345678912:root or arn:aws:iam::012345678912:role/Test-*
Allowed Source ARNs
No
The ARNs of the AWS resources (S3 buckets, SNS topics, etc) that can publish messages to that SQS queue e.g. arn:aws:sns:us-east-1:012345678912:my-topic or arn:aws:s3:::my-bucket*
Note that if none of Allowed Principal ARNs and Allowed Source ARNs properties are set, only Principals of the AWS account where Panther is deployed will be able to publish messages to the queue. Click Continue Setup.

Step 2: Create the SQS queue

Click Save Source. Panther will create an SQS queue and will allow the ARNs specified above to publish messages to it. The SQS queue URL will be display in the next page
You are all done! You can now start sending messages to the SQS queue.
Last modified 9mo ago