QUESTION

Do I need a KMS key in order for log data to be encrypted while being stored at rest in Panther's S3 bucket?

ANSWER

No, if a KMS key is not set up, the log data sent to Panther will still be encrypted with encryption keys managed by the AWS S3 service. More information regarding this can be found through this announcement from AWS.

While sending data to be stored in Panther, it is encrypted through the HTTPS protocol.

If there are additional questions regarding encryption or concerns surrounding AWS managed encryption keys, please feel free to reach out to Panther Support.