Allowing Panther detection code to access metadata about that detection
QUESTION
Does Panther allow detection code to access metadata about that detection?
For example, I'd like to configure an alert destination to only receive alerts of a certain severity, and this depends on the ability to route alerts based on their severity.
ANSWER
Panther does not support this today. If you are interested in support of this feature, please contact Panther Support to put in a request.
As a workaround for the example above, you can implement the severity() function to store its return value in a global variable, then implement the destinations() function to use that variable in its logic.