Do I need a Scheduled Query in order to use a Scheduled Rule in Panther?
Yes. A Scheduled Rule needs a Scheduled Query.
Setting up a Scheduled Query makes the data available to the rule engine, but in order for Panther to use the data, you must set up a Scheduled Rule to use the Scheduled Query. Scheduled Rules operate on the results of Scheduled Queries.
Every time a Scheduled Query runs, the matching rows will be passed through the rules engine. If the Scheduled Rule returns any hits, one or more alerts will be generated from the data.