Skip to main content
Panther Knowledge Base

How do I resolve getting alerts from an IP address listed in Panther’s Sunburst IP range list?


We are getting false positive alerts from the IP address, which is listed in Panther's Sunburst IP range from a few years back. How do I resolve this or remove this IP address from the Sunburst IP range list?



The Sunburst IOC rule is deprecated and should be disabled. Please disable the Sunburst IOC detections in your Panther Console. See Panther’s documentation on Detection Packs for more information on disabling packs.


  • Was this article helpful?