Skip to main content
Panther Knowledge Base

How can I change the waiting period for my Panther Log Source drop-off alarm?

  1. Last updated
  2. Save as PDF

QUESTION

By default, Panther Log Sources are configured to raise an alert if the source doesn't receive events for more than 1 day. How can I change this threshold after the Log Source is created?

ANSWER

The waiting period before firing an alert is customizable though the Log Source's overview page. To change the period, follow these steps:

  1. Open the Log Source's overview page (accessible by navigating to Configure > Log Sources, then clicking the name of your source in the list).
  2. On the overview page, look for the field with information about your drop-off alarm, and click the Edit icon next to it.
    Location of the "edit drop-off alarm" button in the Source overview page.
  3. In the edit modal that appears, you can edit the waiting period for the alarm or disable it entirely.
    "Configure Drop-Off Alarm" Modal
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.