QUESTION

What is the recommended way to do exception handling with Panther Detections?

ANSWER

Detections should raise exceptions when the logs look different from what is expected (for example, you believe a field must have a value but it doesn’t) or when something external fails, such as an API call. In these cases, you can raise an exception yourself or allow the exception to happen without catching it. This will not affect the ability of other rules to run.