Skip to main content
Panther Knowledge Base

Why did Panther send an error that an alert destination failed to deliver alerts in the past hour?


I received a system error that says [my alert destination] has failed to deliver alerts in the past [1 hour]. This error message looks similar to the one I see when a log source fails to receive logs, but I can configure log sources with different timeout periods for this alarm, and I can't do that for alert destinations. Why did I receive this error, and what can I do about it?


Alert delivery failure errors are designed to let you know when Panther tried to send an alert to a destination, but failed for some reason. This can be caused by credential expiration, an endpoint getting throttled, network segmentation, etc. We currently don't support adjusting the severity, timing, or deduplication for system errors. Some people want to control the flow of system errors separately from alert channels used for detections, and one way to do this is to designate certain alert destinations to use system errors only.

To see the specific alerts that failed to deliver and triggered a given system error, you can open that error by clicking on its title, and then go to its Non-Delivered Alerts tab.


  • Was this article helpful?