DocumentationAPI ReferenceRelease Notes

SIEM Alert Channel to AWS S3

Suggest Edits

Overview

The Panoptica AWS S3 integration enables Panoptica users to send SIEM results (security findings and attack paths) to an AWS S3 bucket.

To create the channel to alert on SIEM results, follow the steps below.

Prerequisites

❗️

Important

AWS S3 bucket must already be configured in Panoptica integrations. See link to directions below in "Next Steps"

Integration Steps

The AWS S3 Alert channel is configured from Panoptica's Settings page: Settings > Alerts & Notifications > Create Alert Channel. Go there to proceed with the following steps:

  1. Fill out the name of the alert
  2. In the Type field, drop it down and select SIEM
  3. In the AWS S3 Bucket field, select the proper S3 bucket to send the results to.
    NOTE: If the bucket is missing from the drop down, go to the WHAT’S NEXT section at the bottom of this page, navigate to the "AWS S3 Integration" and make sure to add the bucket as a resource for the platform to send to.
  4. Make sure the alert is set to Enabled
  5. Click Save

Results will show up under a folder labeled "lightspin", with results under folders in date/time format. They will send to the S3 bucket after each completed scan.

Updated 5 months ago