By default, Panther Log Sources are configured to raise an alert if the source doesn't receive events for more than 1 day. How can I change this threshold after the Log Source is created?
The waiting period before firing an alert is customizable though the Log Source's overview page. To change the period, follow these steps:
- Open the Log Source's overview page (accessible by navigating to Configure > Log Sources, then clicking the name of your source in the list).
- On the overview page, look for the field with information about your drop-off alarm, and click the Edit icon next to it.
- In the edit modal that appears, you can edit the waiting period for the alarm or disable it entirely.