Do any of Panther's out-of-the-box detections use Panther-provided enrichment data, or do I need to write all my own detections to take advantage of that data?
Several out-of-the-box detections use this enrichment data, including:
• Crowdstrike connection to embargoed country
However, in general, the way enrichment data is used can vary widely depending on your use case, so the best way to take advantage of Panther-provided enrichment data is by writing custom detections. If you have any questions about helper functions or other ways to enrich detections, please contact our support team.