Does inferring a custom schema from HTTP data modify the existing schema of an active log source?
QUESTION
Does the Inferring a custom schema from HTTP data received in Panther feature modify the existing log schema on an active log source (already attached to a schema)?
ANSWER
No, directly inferring modifications to a schema is not possible. You could infer a new schema and then manually compare it with the existing one, but it wouldn't be an automated process.
The HTTP inference feature is intended to allow you to set up a new HTTP log source and send logs to it for a period of time (up to 14 days) before assigning a schema to the log source. Then, you can infer a log schema from all the log events received by the webhook since the source was created.