QUESTION

How do I set up my alert to be dynamically generated in order to provide the most context?

ANSWER

Leverage Alert Summaries! Alert summaries are a Panther feature that will automatically help you instantly know the answers to the Who, What, and Where questions when triaging matching events in a rule alert. You will also want to leverage the alert_context function and include dynamic text fields in the Title function.

When creating a rule there is the option to declare Summary Attributes. When displaying an alert there is a Summary tab. Selecting the Summary tab will display the top five attributes for each declared Summary Attribute. You should pick attributes that will help you understand the nature of an alert at a glance.