QUESTION

How do I set up a PagerDuty alert to notify me when my Panther log source stops ingesting data?

ANSWER

To do this, you can utilize Panther’s ­drop-off alerts feature. Log drop-off alerts allow you to set up event threshold alarms for individual log sources, which will trigger an alert if data is not received over a specific time interval.

If you’d like to send these alerts to PagerDuty, follow these steps:
1. ­Configure a PagerDuty Alert Destination to receive System Errors.
2. ­Configure the log drop-off alarm for your log source.