Canary supports outgoing Webhooks from your Console to an endpoint of your choice. This event-driven approach ensures that alerts are sent to you as they happen!
In this guide, we’ll send data to your Panther instance, using the Thinkst Canary log source.
Configuring Canary Webhooks to Panther.
Step 1: Create and Configure the Thinkst Canary Log Source
Within Panther, head over to log sources and search for Thinkst Canary.
Select the log source and hit the Start Setup button.
Fill in the Source Name, Header Name, and Shared Secret Value parameters (We'll be using these values soon).
Hit the Setup button to initiate the creation of your Panther Log Source. Ensure that the Panther ThinkstCanary Pack is enabled. This allows Panther to immediately raise alerts for events sent from your Canary Console.
The "Trigger an alert when no events are processed" can be enabled, but we're not expecting many alerts from Canary so keep that in mind :)
Step 2: Create a webhook on your Canary Console to send data to Panther
At this point you're able to obtain your HTTP Source URL within Panther. We'll use this URL and the request headers that were previously defined.
From the Global Settings page on your Canary Console, Add a new Generic Webhook and populate the following fields:
- Webhook URL
- Add custom request header (e.g x-canary-secret, and secret-canary-string-here)
Step 3: Generate an alert and verify that you're able to see the alert within Panther
Trigger a Canary or Canarytoken alert and observe the alert within your Panther instance.