QUESTION

How can I find the total number of Panther alerts sent over a certain period of time, i.e. between a given start and end date?

ANSWER

In the Panther Console, go to Investigate > Data Explorer, and run a query like the one below with your own date range. The following query counts all rule matches with unique alert IDs, with an example date range from May 1, 2023 to July 1, 2023. Please note that this will exclude all alerts after the very first minute of July 1, so if you want to include alerts that fired on July 1, you will want to expand it to ('2023-05-01', '2023-07-02').

SELECT count(distinct p_alert_id)
FROM panther_views.public.all_rule_matches
WHERE p_occurs_between('2023-05-01', '2023-07-01')