Can Panther trigger a custom webhook or API when an alert is marked as resolved?

Last updated: September 3, 2024

QUESTION

Can Panther trigger a custom webhook or API when an alert is marked as resolved?

ANSWER

Today, Panther can trigger external workflows in Slack, Asana, and Jira, but not custom webhooks or API calls. If you are interested in support of this feature, please contact Panther Support to put in a request.

In the meantime, the following workarounds could be developed with some custom resources outside of Panther.

Workaround one:

  • The Panther Audit Logs have an UPDATE_ALERT_STATUS event, which includes the updated status name (e.g., RESOLVED). To be notified of resolved alerts, you can query Panther Audit Logs on a schedule via the Panther API and take note of alert status changes to RESOLVED. 

Workaround two:

  1. Query the status of all recent alerts (and you can decide how "recent") and automate this API request

  2. Keep track of which alerts are resolved and which ones are not, and

  3. Ignore unresolved alerts that are older than a certain date, or otherwise account for an ever-growing amount of alerts.