Skip to main content
Panther Knowledge Base

Can I query Panther’s data lake for alerts using their alert status, or assignee?

  1. Last updated
  2. Save as PDF

QUESTION

Can I query Panther’s data lake for alerts using their alert status, assignee, or any other similar metadata?

ANSWER

You can do this via Panther's API. For API query examples see the Data Lake API documentation

While we store rule matches in the data lake (i.e., log events that matched a rule), the actual alerts and their metadata are stored in DynamoDB. 

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.