Skip to main content
Panther Knowledge Base

The Indicator Search in my Panther Console throws a "does not exist or not authorized" SQL compilation error for a "_VARIANT" suffix table

Issue

When trying to use the Indicator Search in my Panther Console I get the error below:

279001: 01aa2f01-0403-0077-0073-14830a46c032: server ErrorCode=002003, ErrorMessage=SQL compilation error: 
Object 'PANTHER_RULE_MATCHES.PUBLIC.<TABLE-NAME>_001_VARIANT' 
does not exist or not authorized.

Resolution

To resolve this issue:

indicator-bug.png

You can spot the auto-generated query from the Investigate > Query History view and manually remove the _VARIANT suffix for the tables that seem not to exist or not be authorized and throw this error.

For example, you can change:

PANTHER_RULE_MATCHES.PUBLIC.<TABLE-NAME>_001_VARIANT

to 

PANTHER_RULE_MATCHES.PUBLIC.<TABLE-NAME>_001

indicator-bug-rule.png

Then you can re-run the query within Data Explorer to get the results from the Indicator Search.

Screenshot 2023-02-09 at 4.03.17 PM.png

Cause

This is an error that's being triggered by a bug in the Indicator Search view. We have already found the root cause and our engineering team is working hard to introduce a fix that will be patched soon.