QUESTION

Why is my Detection returning the Rule ID instead of my title function output?

ANSWER

By default, the title() function will return the Rule ID so this will usually occur during a CI/CD slip up where duplicate rules are created (one rule with your desired title() output as well as a duplicate rule that returns default values). See📄 What does the title function return if there are no changes in its body, or if the function is not included in a Panther detection?You can resolve this issue by deleting the duplicate rule. See 📄 Why do duplicate rules appear in Panther after renaming a rule and how can I delete the old one?