QUESTION

Is there a way to filter sensitive fields, such as JSON Web Tokens (JWT) and passwords, out of incoming logs in Panther?

ANSWER

When using a custom log source schema, you can use the mask transformation to conceal sensitive information in your logs. Read more about it in the Custom Log Transformations documentation.

It is also possible to exclude sensitive fields from your schema YAML (note that field discovery should be disabled). This will allow your payload not to be entirely stored, but note the following caveats: