This guide walks you through creating an HTTP log source in Panther and gathering the configuration needed to create a Panther Sink integration.
Log in to your Panther Console with an account that has permissions to create and manage log sources.
In the left-side navigation of your Panther Console, expand the Configure section and click Log Sources.
On the Log Sources page, click the Create New button in the top right. On the source selection page, locate the Custom Log Formats section and click the HTTP log source card.
On the creation page you will see a Basic Information section and an authentication section.
Source Name: Provide a descriptive name for the source (e.g. "Synqly Sink").
Schemas: Click the Schemas dropdown and type OCSF in the search field. Select the top-level OCSF checkbox to add all OCSF event type schemas. This ensures Panther can accept any OCSF-formatted event sent by Synqly.
In the Select Authentication Type section, select Bearer.
A Bearer Token Value field will appear. Click the generate button next to the field to generate a new token value. Click the copy button to copy the token and save it to a safe location.
Click the Setup button at the bottom of the page. Panther will display a loading screen while it provisions the source.
Once provisioning completes, the page will display your HTTP Source URL. Click the copy button next to the URL to copy it and save it to a safe location.
You can skip the optional Detection Packs and drop-off alarm configuration on this page unless you want to enable them for your environment.
Note: You can retrieve the HTTP Source URL later by navigating to Configure > Log Sources, selecting your source, and viewing the HTTP Ingest URL on the Overview tab.
Create your integration by supplying all of the required configuration values.
Ingest URL This is the HTTP Source endpoint URL gathered in step 6. For example, https://logs.<your-instance>.runpanther.net/http/<source-id>.
Bearer Token This is the bearer token generated for the HTTP Source in step 5.