Is it possible to include nested fields in my Panther detection filters?

Last updated: September 3, 2024

QUESTION

Is it possible to include nested fields in my Panther detection filters?

ANSWER

Yes, it is possible to use a nested field in the detection filters. For instance, if you want to use CommandLine, which is nested under the field event, you can add event.CommandLine.

Screenshot 2024-04-03 at 12.02.37 PM.png