QUESTION

I have an alert destination which I want to keep in Panther in case I need to enable it at any time in the future. How can I ensure that no alerts are being sent to this destination?

ANSWER

Navigate to your alert destination and remove all severities. Since all the severities would be disabled, Panther should not send any alerts unless you explicitly use the destinations() override function in your detection.

Panther alert destinations.png

Please note that the severity section on an alert destination does not apply to System Error alerts, these alerts will continue to be routed. See📄 Why am I receiving System Error alerts even though no severities have been selected in my Panther alert destination?

For more information about the alert destination routing check our knowledge base article:📄 What is the priority when multiple alert destinations are configured for the same detection in Panther?