Is there a database table for health statuses of Panther log sources?
QUESTION
Is there a database table for health statuses of Panther log sources? For example, if a source has not received events in X amount of time, or if a source has turned unhealthy, etc.
ANSWER
No, Panther does not store the health statuses of log sources. Health statuses are calculated by AWS CloudWatch alarms. We define certain metrics and thresholds, and when the value of the metric crosses that threshold, it raises an alarm in AWS. Panther reads that alarm information from AWS and displays a healthy or unhealthy status to the user.