Issue

Why is my Tines Audit Log Source in Panther still waiting to receive data well after initial creation?

Resolution

To resolve this issue, run the following curl command to your Tines Audit Log API to see if there are any results:

curl --location 'https://dark-pine-4043.tines.com/api/v1/audit_logs?after=2023-07-11T20%3A17%3A51Z&before=2023-07-12T20%3A18%3A51Z' \
--header 'x-user-token: YOUR_TOKEN'

If there are 0 results, this means there haven't been any recent events for log source to forward to Panther.  If there are results, then please reach out to Panther Support.

Cause

The Tines Audit Log API doesn't generate too many events as opposed to other log sources like Tines Event Logs (not currently supported).  For most customers Tines Audit Logs in general have a fairly low volume.