Can Panther match enrichment based on only part of a field value?
QUESTION
Is Panther able to extract a portion of a log field value to use for enrichment? For example, can I configure Panther to pull an AWS account ID from an ARN and use that for enrichment matching?
ANSWER
Panther does not support matching on substrings, or other derived values from log data. Enrichment is only possible using the entire log field value. If you are interested in support of this feature, please contact Panther Support to put in a request.