Lookup Table Specification Reference

AnalysisType

Indicates that this is a Lookup Table

lookup_table

Enabled

Whether this table is enabled

Boolean

LookupName

The unique identifier of the table

String

Schema

The ID of the schema to use for parsing input data

String

LogTypeMap

A mapping of log schema fields to match against this table

Object, see below

Filename*

The relative path to the data file. Cannot be used with Refresh

String

Refresh*

The configuration of the S3 Sync functionality. Cannot be used with Filename

Object, see below

Description

A brief description of the table

String

Reference

An optional reference link

String

PrimaryKey

Defines which column of the table to use for matching against events

String, number, or array (of strings or numbers) See Primary key data types

AssociatedLogTypes

A list of log types and the fields of each to use as Selectors.

List, see below. If you are using automatic log type/Selector designation, this can be an empty list.

LogType

The ID of the Log Schema

String

Selectors

A list of fields from the Log Type to be matched against the Primary Key

List of strings

RoleARN

The AWS ARN corresponding the role Panther can assume to access the S3 object.

String

ObjectPath

A URI pointing to the file within the S3 bucket

String

PeriodMinutes

The number of minutes to wait between syncing with the S3 object

15,30,60,180 (3 hours),720 (12 hours), or 1440 (24 hours)