How often do scheduled rules run by default in Panther? It appears that my query only runs once per day. Is this done to reduce costs associated with Snowflake scheduled queries, or is there another reason for this frequency?
Scheduled rules are triggered when one of the scheduled queries they target completes. These rules are similar to streaming rules, except they receive events from the output of a scheduled query.
There is no specific reason for your query to run only once a day. You can change it to run more frequently. For instructions on changing the interval of the saved query, see the Saved Query documentation.
If you are performing multiple scheduled queries, you could use templated queries. With templated queries, you can declare queries as macros and then call them with arguments. This feature helps with managing and reusing queries.