If one of my Panther log sources becomes temporarily broken, will Panther backfill the data once the source is repaired?
This depends on which type of log source, and how it was broken.
For most of Panther's managed log sources, any logs which are lost due to API/authentication issues will be backfilled once the source becomes viable again.
- If the issue is internal to Panther, meaning the data from these sources is being delivered to and received by Panther, but is not being processed, then that data should be cached, and then processed once the source is fixed. In some cases, our support team may be required to manually trigger the reprocess.
- If the issue is in the data pipeline, meaning data is failing to reach Panther at all, then there will be no automatic backfill, and you will need to send the data to Panther again.