What fields are used for deduplicating repeated alerts in Panther?

Last updated
Save as PDF

QUESTION

What fields are used for deduplicating repeated alerts?

ANSWER

By using the dedup()function you can specify your own deduplication field by indicating a String value. See the Panther documentation for an example using this function.

If you do not specify a field using thededupfunction, then Panther will use the alert title. If there is not a specified title then Panther will use the Detection ID.