Scheduled Rules

Articles

• Why might I not receive alerts from my Scheduled Rule in Panther?
• Why is my Scheduled Rule in Panther firing alerts even though the number of events is lower than the specified threshold?
• How scheduled rules handle queries with more than 1 row as output in Panther
• How do I manually test my Scheduled Rule in Panther?
• Why can't I save a Snowflake Script as a scheduled query in Panther?
• Are lookups for event fields case sensitive in Panther?
• How do I create a detection in Panther based on the number of results returned from a data lake query?
• Why do I see the error ‘failed: FailedQuery('status: running error: query still running')’ when running Scheduled Rules in Panther?
• How can I build detections that watch data in Snowflake?
• Is Panther more cost-efficient when using real-time rules or Scheduled Rules?
• My Scheduled Rule in Panther has fallen behind and cannot catch up. How do I resolve this?
• How often do scheduled rules run by default in Panther?
• Do I need a Scheduled Query in order to use a Scheduled Rule in Panther?