Can Panther filter detections based on enrichment data?

Last updated: May 27, 2026

QUESTION

Does Panther support adding detection filters which analyze enrichment fields (p_enrichment)?

ANSWER

Panther now supports filtering based on enrichment. You'll need to type the full path manually into the filter field using dot notation. For example:

Screenshot 2025-10-06 at 4.41.20 PM.png

Please note that if you're filtering on a Boolean field like vpn, the inline filter will not evaluate it correctly. This is due to a known bug where the filter values are treated as strings.

Alternatively, you can also alter the code of the detection itself. See here for more info on using enrichment data in your detections.