Search History
Monitor search status and stop running searches
Last updated
Monitor search status and stop running searches
Last updated
The Search History page gives you visibility into what queries are running or recently ran in your Panther instance. It displays the last 30 days of searches run in the Panther Console.
In the left-hand navigation bar of your Panther Console, click Investigate > Search History.
Click on a search name.
This will redirect you to Data Explorer or Search, where the query will automatically run. When the search is finished running, you can view the results at the bottom of the page.
In the search history, you'll see the following details:
A search name or UUID
The SQL or PantherFlow expression it ran or attempted to run
The search type. The possible search types are:
Ad Hoc: This is most commonly logged when a user runs a query in Data Explorer.
Alert Detail and Alert Summary: This is populated when a user looks at details and summary pages of an alert.
Compaction: A background process for Athena databases.
PantherFlow Search: A PantherFlow query run in the Search tool.
Scheduled: A Scheduled Search, run by the database-specific API.
Search: Searches run in the Search tool.
The timestamp when the query started and stopped.
The query status: Succeeded, Failed, Cancelled or Running.
The user or Panther process running the query.
From the Search History page, click a query name.
This will redirect you to Data Explorer where the query will automatically run.
Note that the Cancel option will only appear on a query that is currently running.
While viewing the running query in Data Explorer, click Cancel below the query.
