What to do when a Panther log source works fine but says "Permission checks for source have failed"

Last updated
Save as PDF

QUESTION

What should I do when a Panther log source works fine but says "Permission checks for source [source] have failed"?

ANSWER

If the log source appears healthy in the log source details page, and it's receiving and ingesting logs successfully, then no action is required.

This kind of error can be transient, and could be caused by a minor API outage on the vendor side, or when an expired token is refreshed. In these cases, the error message about failed permission checks is designed to let you know about a possible lack of logs during a short period of time, but may not indicate an ongoing problem with the log source.