Issue

When syncing a Lookup Table from an S3 bucket into Panther, the following Healthcheck Failed error occurs:

failed to parse line 1: {"payload":"{","errors":[{"id":"Custom.Threat.Intel",
"error":"parse failed: readFieldHash: expect \", but found \u0000, error found in #1 
byte of ...|{|..., bigger context ...|{|..."}]}

Resolution

Based on the error, a null character (\u0000) is detected. Removing the space between the field name and value in the JSON object resolves the issue. For example:

• Fails: { "banned_ip": "104.10.51.172" }

• Works: {"banned_ip":"104.10.51.172"}

Cause

The space in the JSON is bypassed in the Panther Console but causes parsing failures during S3 bucket synchronization due to stricter format validation.