SQS source

The steps below will setup an SQS queue and will give you permissions to send data to that queue. Panther will pull events from that queue and will allow you to write rules and run queries on the processed data.

Step 1: Choose SQS source

From Log Analysis, click Sources > Add Source > Amazon SQS

Step 2: Enter the source details

Field

Required?

Description

Name

Yes

Friendly name of the source

Log Types

Yes

The list of Log Types that you are going to send to this SQS queue

Allowed Principal ARNs

No

The ARNs of the AWS principals that will be allowed to publish messages to the SQS queue e.g. arn:aws:iam::012345678912:root or arn:aws:iam::012345678912:role/Test-*

Allowed Source ARNs

No

The ARNs of the AWS resources (S3 buckets, SNS topics, etc) that can publish messages to that SQS queue e.g. arn:aws:sns:us-east-1:012345678912:my-topic or arn:aws:s3:::my-bucket*

Note that if none of Allowed Principal ARNs and Allowed Source ARNs properties are set, only Principals of the AWS account where Panther is deployed will be able to publish messages to the queue. Click Continue Setup.

Step 2: Create the SQS queue

Click Save Source. Panther will create an SQS queue and will allow the ARNs specified above to publish messages to it. The SQS queue URL will be display in the next page

You are all done! You can now start sending messages to the SQS queue.