Issue

One or more of your detections are erroring out, with the error message:

PantherError("a data model hasn't been specified for log type", '<A_LOG_TYPE>')

Resolution

To resolve this error:

  1. In the Panther Console, navigate to Build > Data Models.

  2. Configure the filters to  display only models for the chosen log type, such as AWS.CloudTrail or Okta.Systemlog.

Note that some data models are managed by Panther Packs, meaning they can be automatically enabled or disabled according to the whether the pack is enabled or not.

Cause

This can happen if your detection code utilized a helper function which requires a data model to be defined. When Panther attempts to locate the data model for the event, it fails, because there is no data model or it is disabled. Creating or enabling the data model resolves this issue.