Can I configure my Panther alert destination to receive scheduled rule alerts for a specific log type?
Last updated: February 13, 2026
QUESTION
Can I configure my Panther alert destination to receive scheduled rule alerts for a specific log type?
ANSWER
No, Panther's alert destinations currently do not support filtering scheduled rule alerts by log type. The "Log Types" setting in alert destinations applies only to real-time rules or correlation rules.
Scheduled rules operate on query results, which can include data from multiple log types or even entirely generated datasets. Because of this flexibility, scheduled rules do not have a fixed log type.
In summary, scheduled rules don’t technically have log types, nor do policies or system errors. If your destination is configured to receive alerts of any of these types, it will receive all of them.
If your alert destination is receiving unexpected alerts from other log types despite having log type filters, check whether scheduled rule matches are included. Since scheduled rules aren’t limited to a single log type, they can bypass log type filters.