What fields are used for deduplicating repeated alerts in Panther?

QUESTION

What fields are used for deduplicating repeated alerts?

ANSWER

By using the dedup()function you can specify your own deduplication field by indicating a String value. See the Panther documentation for an example using this function.

If you do not specify a field using the dedup() function, then Panther will use the alert title. If there is not a specified title then Panther will use the Detection ID. You can find more details about this behavior in the section Deduplication from our documentation.