QUESTION

How can I find out who created an enrichment provider usingĀ the Panther Audit Logs?

ANSWER

To look for this information, you can search in the table panther_logs.public.panther_audit, inside the fieldĀ 

actionparams:dynamic:input.

An indicative query that can be used in Data Explorer is the following:

SELECT

*

FROM

panther_logs.public.panther_audit

where actionparams:dynamic:input LIKE '%your_enrichment_provider_name%'

ORDER by p_event_time DESC

LIMIT 50