Skip to main content
Panther Knowledge Base

Is there an advantage to using filters instead of code in Panther detections?

  1. Last updated
  2. Save as PDF

QUESTION

Are there any performance advantages or processing time savings when using Filters to modify detection logic instead of Python?

ANSWER

Sometimes. Panther runs Filters before core detection logic, so filtering out some events can make a difference, but the difference will only be significant when the detection is a large one with lots of logic and/or lots of events to process. When a detection's Filters match the logic of the detection's Python code, you probably won't notice any improvement.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.