Skip to main content
Panther Knowledge Base

Can I combine multiple Panther log source filters with and/or logic?

  1. Last updated
  2. Save as PDF

QUESTION

If I configure multiple log source filters in Panther, can I combine them with and/or logic? For example, can I specify that a log must match 2 filters in order to be excluded?

ANSWER

Panther does not support complex filter logic at this time. If you specify multiple filters for a log source, Panther will drop an event if it matches any of the filters. If you are interested in support of this feature, please contact Panther Support to put in a request.

As a workaround, you can use a complex regex pattern to perform this comparison. For example, so exclude an event only if it contains both words "foo" and "bar", you can use this pattern: foo.*?bar

Screenshot 2024-01-16 at 3.35.56 PM.png

This pattern specifies to match "foo", a wildcard, and "bar". It's not perfect - for example, it won't filter out an event where "bar" appears before "foo". You can create regex expressions to work around this, but they can become more complicated.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.