SNS Source

Onboarding SNS Logs as a Data Transport log source in the Panther Console

Overview

The steps below enable you to onboard an SNS source into Panther. You will be able to configure your SNS topics to send data to an SQS queue managed by Panther.

How to set up an SNS log source in Panther

Step 1: Set up your SQS source

Follow the Panther documentation on setting up an SQS source in Panther, making sure to add the ARN of your SNS topic to the list of Allowed Source ARNs.

Keep a note of the SQS Queue URL that Panther creates for your SQS Source.

Step 2: Create SNS subscription to SQS queue

  1. Log in to the AWS account that contains your SNS topic.

  2. Go to SNS Service.

  3. Select your SNS topic.

  4. Click on Create Subscription.

  5. Fill in the Details section.

    • Make sure to select Enable Raw Delivery.

    • For the ARN in Endpoint, use this format: arn:aws:sqs:<region>:<account id>:<queue name>.

  6. When the subscription has been created, navigate back to your Panther Console to see your SNS topic messages begin to populate.

Viewing ingested logs

After your log source is configured, you can search ingested data using Search or Data Explorer.

Last updated