Skip to main content
Panther Knowledge Base

Can I onboard Enrichment data to Panther from S3 if my data is in a JSON array?

  1. Last updated
  2. Save as PDF

QUESTION

 Can I onboard Enrichment data from S3 If my data is in JSON array?

ANSWER

No, you cannot. If you are trying to onboard Enrichment data from S3, your logs have to appear in either JSONL or CSV format. They cannot be in a JSON array.

If it is possible for your organization, use a third-party software to pre-process your logs before they get sent to S3 (e.g Cribl, Fluentd, etc).  Only when you ingest from S3 can you use JSON array.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.