Why does lint fail if I don't use the 'event' parameter in Panther detections?

ANSWER

In Panther detections, you may encounter a lint error when defining a function that takes an 'event' parameter but doesn't use it in the function body. This happens because lint doesn't react well if you have a function that takes a parameter but doesn't use the parameter in the code.

To resolve this lint error, you have a few options:

1. Use an anonymous parameter: Replace 'event' in the function definition with an underscore '_'.

2. Use static destinations in rule metadata: For simple cases where the function only returns a static list of destinations, consider setting the destination directly in the rule metadata instead of using a function.

For more information on specifying destinations in Panther detections, you can refer to Panther's documentation on specifying destinations in detection YAML files.