Can I use Panther Data Model fields in my queries?
QUESTION
Panther supports using Data Models to standardize event fields within detections. Can I use these fields in my data queries as well?
Note that this is distinct from the Core Field Unified Data Model feature.
ANSWER
Panther currently doesn't allow Data Model fields to be used in scheduled queries or the Data Explorer. However, we do have a set of standard fields which all log events use, and these are valid for use within queries.
If this is a feature you'd like to see implemented, please contact your CSM or our support team and share your use case!