Panther is able to process OneLogin events through OneLogin's integration with Amazon EventBridge. This allows Panther to process OneLogin logs in a scalable and reliable, low latency manner.
In order for Panther to process your OneLogin logs, you need to configure your OneLogin account to send data to Amazon EventBridge in Panther AWS account.
First of all, you need to keep note of the AWS Account and AWS region where Panther is deployed. You can find this information from your Panther UI, going to Settings > General > About Panther.
Log in to OneLogin Administration console
Go to Developers > Webhooks
Go to New Webhook > Event Webhook for Amazon EventBridge
Add a friendly name e.g.
Fill the AWS Account Id and Region that you noted earlier. Click Save
Click on the new integration that got just created. Keep a note of the Event Source field as we are going to use it
in the next step (it should be in the form
Login to your Panther account
Go to Log analysis > Sources from the sidebar menu
Click Add Source
Select Amazon EventBridge from the list of available types
In the following form, fill in the following fields:
Name: A friendly name for the source e.g.
My OneLogin events
Log Type: Select
Bus Name: The field you noted in the previous text (in the form
Click on Next and then Save Source
You are done! You can now start writing detections and exploring your OneLogin data.