What does the title function return if there are no changes in its body, or if the function is not included in a Panther detection?

Last updated
Save as PDF

QUESTION

When I create a new Detection in my Panther Console, the default code of the title function that appears in my Panther Console is the following:

def title(event):

return ''

If there are no changes in the alerting function title which is currently set to return '' or if the function is not included at all will the detection still work?

ANSWER

The Detection will still work if the function title is not defined. The only required function is def rule(event) but the other optional functions make your Alerts more dynamic.

As mentioned in the section Detection alerting functions from our documentation, if the title function is not defined, the Display Name, RuleID or PolicyID will be used for the Default Return Value.

If the function title is set to return '', then the detection will work, but the Alert title will be empty.