Panther Indicator Search fails to display same results when switching to Data Explorer

Last updated
Save as PDF

QUESTION

When I run a search in the Indicator Search, I see a set of results for a particular log type. However, when I click the "Open in Data Explorer" button (pictured below), the resulting query doesn't generate any results.

Screenshot of the "Open in Data Explorer" button, as seen in the Indicator Search

ANSWER

In some cases, the conversion between Indicator Search and Data Explorer can generate inaccurate SQL query code. In particular, queries in the Indicator Search which involve referencing fields nested within an array will fail to generate accurate SQL. Our team is aware of this issue and is working towards a resolution.

If you encounter this issue and believe it is not caused by array-nested fields. please report the bug to our Support team!