QUESTION

I have set up a log source in Panther with logs coming in from separate systems that are each identified with a unique ID. I'd like to be able to detect when we stop receiving records for any of these IDs for a specific period of time. How can I accomplish that?

ANSWER

To create such a workflow, there are two options: