Home
Alerts and Destinations
Alerts
Why am I receiving an "alert_context size bigger than maximum" error in Panther?

Why am I receiving an "alert_context size bigger than maximum" error in Panther?

Last updated
Save as PDF

Issue

When I receive an alert from a webhook, the alert context displays an error:

""_error"": ""alert_context size is [601786] characters, bigger than maximum of [204800] characters""

Resolution

To resolve this issue:

Optimize and reduce the amount of information to be output through the alert_context field.
Utilize the Panther API to query the events from the alert instead of trying to output all the information through the alert_context field. The entire rule match is written in the data lake so you'd be able to extract all the info needed through a Panther API data lake query.

Cause

This issue occurs when there is too much information being passed through the alert_context.