Skip to main content
Panther Knowledge Base

Why might I not receive alerts from my Scheduled Rule in Panther?

Issue

I have created a Scheduled Query and a Scheduled Rule in Panther. I am not getting any alerts in my Panther Console, even though the query is running.

Resolution

Check the Severity that you have selected for your rule configuration and ensure that it is not set to INFO. 

 

To view the alerts that have been created for an INFO severity-level rule:

  1. In the Panther Console, navigate to Build > Detections and click on your rule.
  2. On the rule details page, click the Alerts tab.
  3.  Using the Filters button in the upper right, select the status Resolved.

Cause

If you have chosen the INFO severity level, then the default state of the alert at the moment it gets created is Resolved. This means that it won't be visible in the Scheduled Rule Matches tab if there is a filter applied there to only show the Open or Triaged alerts.

  • Was this article helpful?