We don't want to store all events data from CarbonBlack into Panther, but we want to be able to alert on that data. We want only the events that match on an alert and the alert itself to be sent to Panther. Is this possible?
Panther doesn't currently support this feature. To submit a feature request, please reach out to Panther Support.
As a workaround, if the application has the ability to automate the export of alerts, you may be able to configure an AWS Lambda solution to push directly to a Panther HTTP log source.