QUESTION

Does Panther have an inclusion filter during raw data ingestion? For example, I want to create alerts for specific k8 logs, but there's too many alerts generated. I only want to be alerted for certain logs and exclude everything else.

ANSWER

Panther's data filtering feature does not support inclusion filters—it only supports exclusion filters. If you are interested in support of this feature, please contact Panther Support to put in a request. 

As a workaround, you can try the following workflows: