When I create a new Detection in my Panther Console, the default code of the title
function that appears in my Panther Console is the following:
def title(event):
return ''
If there are no changes in the alerting function title
which is currently set to return ''
or if the function is not included at all will the detection still work?
The Detection will still work if the function title
is not defined. The only required function is def rule(event)
but the other optional functions make your Alerts more dynamic.
As mentioned in the section Detection alerting functions from our documentation, if the title function is not defined, the Display Name
, RuleID
or PolicyID
will be used for the Default Return Value.
If the function title is set to return ''
, then the detection will work, but the Alert title will be empty.