QUESTION

By default, Panther Log Sources areĀ configured to raise an alert if the source doesn't receive events for more than 1 day. How can I change this threshold after the Log Source is created?

ANSWER

The waiting period before firing an alert is customizable though the Log Source's overview page. To change the period, follow these steps:

  1. Open the Log Source's overview page (accessible by navigating to Configure > Log Sources, then clicking the name of your source in the list).

  2. On the overview page, look for the field with information about your drop-off alarm, and click the Edit icon next to it.

    Location of the "edit drop-off alarm" button in the Source overview page.
  3. In the edit modal that appears, you can edit the waiting period for the alarmĀ or disable it entirely.

    "Configure Drop-Off Alarm" Modal