I have a GCS (Google Cloud Storage) log source in Panther. I have several paths within the bucket where I store logs, and I'd like to configure Panther to pull logs from only those paths. Can I do that?
Yes! Panther allows you to configure prefix filters to control what paths within a GCP bucket we pull logs from.
Prefix filters can be added when editing the schemas attached to the GCS log source. You simply type out the path to the folder containing your logs, and assign any relevant schemas to that path. Once saved, Panther will only look at logs within those paths, and only try to parse them with their respectively assigned schemas.
Note that unlike prefix filters for S3, we do not support wildcards (*) in prefix filters for GCS sources at this time.