How does Panther handle errors on code/exceptions and do we get visibility when things fail?
If an exception gets raised in the rule
function, then an Alert gets sent to the same destination it would normally get sent to with details about the exception. The details of the exception get pushed to the data lake, in a separate table from the panther_rule_matches
table, called panther_rule_errors
.
For exceptions that get raised in other auxiliary functions, like dedup or severity functions where the default value is used, these are not currently surfaced to the user. If you suspect exceptions are being raised in these functions, please reach out to Panther support.