Skip to main content
Panther Knowledge Base

What's the meaning of each enriched timestamp field in my alerts on Panther?

  1. Last updated
  2. Save as PDF

QUESTION

What is the meaning of each alert timestamp field in my alerts records on Panther?

ANSWER

Panther enriches each alert with the following timestamps: 

  • p_alert_creation_time  is the first time an event matched this rule
  • p_event_time is the time the event reported itself as happening
  • p_parse_time is the time the event was processed by Panther
  • p_alert_update_time is the last time an event matched this rule (in the case of deduplication)

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.