QUESTION

Can I pause ingestion of a log source in Panther?

ANSWER

S3 log sources

To pause an S3 log source and prevent logs from being ingested, you can edit the schema configuration of your log source and remove all associated schemas. If Panther sees that there are no associated schemas on an S3 log source, it will effectively pause ingestion until a schema is added.

To restart log ingestion, simply re-add your schemas.

 

Other log sources

For other log sources, you can pause ingestion by deleting the log source temporarily.

Then, to restart log ingestion, you can re-add the log source.