How does Panther handle errors on code/exceptions and do we get visibility when things fail?
If an exception gets raised in the
rule function, then an Alert gets sent to the same destination it would normally get sent to with details about the exception. The details of the exception get pushed to the data lake, in a separate table from the
panther_rule_matches table, called
For exceptions that get raised in other auxiliary functions, like dedup or severity functions where the default value is used, these are not currently surfaced to the user. If you suspect exceptions are being raised in these functions, please reach out to Panther support.