How does Panther handle errors on code and Rule exceptions?

Last updated
Save as PDF

QUESTION

How does Panther handle errors on code/exceptions and do we get visibility when things fail?

ANSWER

If an exception gets raised in the rule function, then an Alert gets sent to the same destination it would normally get sent to with details about the exception. The details of the exception get pushed to the data lake, in a separate table from the panther_rule_matches table, called panther_rule_errors.

For exceptions that get raised in other auxiliary functions, like dedup or severity functions where the default value is used, these are not currently surfaced to the user. If you suspect exceptions are being raised in these functions, please reach out to Panther support.