Does Panther support policy failure alert destinations organized by log type?

Last updated
Save as PDF

QUESTION

ANSWER

Panther does not link policy failures to log types, but you can set up a webhook alert destination solely configured for “Policy Failures.” This webhook can then point to an automated service that can receive it and parse it (e.g., AWS Lambda).

Because there is no p_log_type tied to a Policy failure event, you’ll need to parse Panther’s payload using conditional logic to sort on identifiers like Policy ID, Title, Resource Type, or something similar. After that, the lambda can send the parsed information to another alert destination that takes webhooks.