What is the priority when multiple alert destinations are configured for the same detection in Panther?
The routing order for alerts is as follows:
1. The routing as configured in thedestinations(event)
function.
2. "Static" destination overrides via the UI or within the YAML file.
3. Destination routing based on the output of the severity(event)
function.
4. Destination routing based on the default severity of the detection.
For more information check our Alert routing scenarios in our documentation.