What is the meaning of "ExpectedResult" in Panther Rules compared to Panther Policies?

Last updated: September 3, 2024

QUESTION

What is the meaning of ExpectedResult in Panther Rules compared to Panther Policies?

ANSWER

In Rules, the ExpectedResult (True or False) indicates whether the rule should trigger an alert based on the unit test data.
In Policies, True means that the resource is compliant, which is a positive outcome. While False indicates that the resource is not compliant.