Panther
The Dropzone platform integrates with the Panther security SIEM. Many customers ingest other alert sources into Panther (e.g. IDPs) and integrate Dropzone into Panther rather than the source systems.
Create an API Key
Panther requires an API key to enable.
To obtain an API Key, do the following:
Navigate to your Panther homepage
Click on the gear icon in the top right corner
Select "API Tokens"
Record the API URL located at the top of the page for use later in the Dropzone UI where it is called "Panther URL"
Click on "Create New Token"
Grant the token the following permissions:
Manage Alerts
(optional) Allows Dropzone to add investigations results as Panther comments
Read Alerts
Allows Access to alert information
View Rules
Allows viewing the log rules setup in Panther
Query Data Lake
Allows listing and issuing Data Explorer & Indicator Search queries
View Log Sources
Allows viewing the Log sources setup
Read User Info
Allows access to user information related to your Panther resources
Click "Create API Token" at the bottom of the page
Record the value for use later in the Dropzone UI where it is called "API key"
Click "Done"
Enable Panther
To enable the Data Source integration, do the following:
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app
In the bottom left hand corner, click Settings > Integrations
Click "Available"
In the Search bar, search Panther, then click "Configure"
Under the Data Source heading, input the Panther URL link and the API key
Click "Test & Save" to finish
If you have any errors engage your Dropzone AI support representative.
Last updated
Was this helpful?