QUESTION

I want to ensure that only Alerts originating from a specific log source (names starting with "text-") are received by a specific destination.

ANSWER

It is possible to conditionally route alerts to specific destinations at the individual detection level. You should be able to express this logic via the destinations() alert function, making use of the p_source_label field that gets stored on each log event. You can see an example below:

def destinations(event):     
    if event.get("p_source_label").startswith("text-"):         
        return ["slack-security-alerts"] ### Name or UUID of destination     
    # Do not send alert to an external destination     
    return ["SKIP"]