Can I configure my Panther alert destination to receive scheduled rule alerts for a specific log type?
No, Panther's alert destinations currently do not support filtering scheduled rule alerts by log type. The "Log Types" setting in alert destinations applies only to real-time rules.
Scheduled rules operate on query results, which can include data from multiple log types or even entirely generated datasets. Because of this flexibility, scheduled rules do not have a fixed log type. Similarly, correlation rules are not limited to a single log type.
In summary, scheduled rules don’t technically have log types, nor do policies, correlation rules, system errors, or other errors. If your destination is configured to receive alerts of any of these types, it will receive all of them.