Will there be a gap in the logs if permissions fail in a native Panther log source?
What happens to Panther native log sources if permissions fail when they are eventually restored, will there be a gap in the logs or will Panther collect logs from the moment it stopped?
There will be no loss of data. Once the log pullers are successfully working again, they will automatically ingest the lost data. Panther keeps track of the last successful scan time and queries from that point onward.