LogoLogo
Knowledge BaseCommunityRelease NotesRequest Demo
  • Overview
  • Quick Start
    • Onboarding Guide
  • Data Sources & Transports
    • Supported Logs
      • 1Password Logs
      • Apache Logs
      • AppOmni Logs
      • Asana Logs
      • Atlassian Logs
      • Auditd Logs
      • Auth0 Logs
      • AWS Logs
        • AWS ALB
        • AWS Aurora
        • AWS CloudFront
        • AWS CloudTrail
        • AWS CloudWatch
        • AWS Config
        • AWS EKS
        • AWS GuardDuty
        • AWS Security Hub
        • Amazon Security Lake
        • AWS S3
        • AWS Transit Gateway
        • AWS VPC
        • AWS WAF
      • Azure Monitor Logs
      • Bitwarden Logs
      • Box Logs
      • Carbon Black Logs
      • Cisco Umbrella Logs
      • Cloudflare Logs
      • CrowdStrike Logs
        • CrowdStrike Falcon Data Replicator
        • CrowdStrike Event Streams
      • Docker Logs
      • Dropbox Logs
      • Duo Security Logs
      • Envoy Logs
      • Fastly Logs
      • Fluentd Logs
      • GCP Logs
      • GitHub Logs
      • GitLab Logs
      • Google Workspace Logs
      • Heroku Logs
      • Jamf Pro Logs
      • Juniper Logs
      • Lacework Logs
        • Lacework Alert Channel Webhook
        • Lacework Export
      • Material Security Logs
      • Microsoft 365 Logs
      • Microsoft Entra ID Audit Logs
      • Microsoft Graph Logs
      • MongoDB Atlas Logs
      • Netskope Logs
      • Nginx Logs
      • Notion Logs
      • Okta Logs
      • OneLogin Logs
      • Orca Security Logs (Beta)
      • Osquery Logs
      • OSSEC Logs
      • Proofpoint Logs
      • Push Security Logs
      • Rapid7 Logs
      • Salesforce Logs
      • SentinelOne Logs
      • Slack Logs
      • Snowflake Audit Logs (Beta)
      • Snyk Logs
      • Sophos Logs
      • Sublime Security Logs
      • Suricata Logs
      • Sysdig Logs
      • Syslog Logs
      • Tailscale Logs
      • Teleport Logs
      • Tenable Vulnerability Management Logs
      • Thinkst Canary Logs
      • Tines Logs
      • Tracebit Logs
      • Windows Event Logs
      • Wiz Logs
      • Zeek Logs
      • Zendesk Logs
      • Zoom Logs
      • Zscaler Logs
        • Zscaler ZIA
        • Zscaler ZPA
    • Custom Logs
      • Log Schema Reference
      • Transformations
      • Script Log Parser (Beta)
      • Fastmatch Log Parser
      • Regex Log Parser
      • CSV Log Parser
    • Data Transports
      • HTTP Source
      • AWS Sources
        • S3 Source
        • CloudWatch Logs Source
        • SQS Source
          • SNS Source
        • EventBridge
      • Google Cloud Sources
        • Cloud Storage (GCS) Source
        • Pub/Sub Source
      • Azure Blob Storage Source
    • Monitoring Log Sources
    • Ingestion Filters
      • Raw Event Filters
      • Normalized Event Filters (Beta)
    • Data Pipeline Tools
      • Chronosphere Onboarding Guide
      • Cribl Onboarding Guide
      • Fluent Bit Onboarding Guide
        • Fluent Bit Configuration Examples
      • Fluentd Onboarding Guide
        • General log forwarding via Fluentd
        • MacOS System Logs to S3 via Fluentd
        • Syslog to S3 via Fluentd
        • Windows Event Logs to S3 via Fluentd (Legacy)
        • GCP Audit to S3 via Fluentd
      • Observo Onboarding Guide
      • Tarsal Onboarding Guide
    • Tech Partner Log Source Integrations
  • Detections
    • Using Panther-managed Detections
      • Detection Packs
    • Rules and Scheduled Rules
      • Writing Python Detections
        • Python Rule Caching
        • Data Models
        • Global Helper Functions
      • Modifying Detections with Inline Filters (Beta)
      • Derived Detections (Beta)
        • Using Derived Detections to Avoid Merge Conflicts
      • Using the Simple Detection Builder
      • Writing Simple Detections
        • Simple Detection Match Expression Reference
        • Simple Detection Error Codes
    • Correlation Rules (Beta)
      • Correlation Rule Reference
    • PyPanther Detections (Beta)
      • Creating PyPanther Detections
      • Registering, Testing, and Uploading PyPanther Detections
      • Managing PyPanther Detections in the Panther Console
      • PyPanther Detections Style Guide
      • pypanther Library Reference
      • Using the pypanther Command Line Tool
    • Signals
    • Policies
    • Testing
      • Data Replay (Beta)
    • Framework Mapping and MITRE ATT&CK® Matrix
  • Cloud Security Scanning
    • Cloud Resource Attributes
      • AWS
        • ACM Certificate
        • CloudFormation Stack
        • CloudWatch Log Group
        • CloudTrail
        • CloudTrail Meta
        • Config Recorder
        • Config Recorder Meta
        • DynamoDB Table
        • EC2 AMI
        • EC2 Instance
        • EC2 Network ACL
        • EC2 SecurityGroup
        • EC2 Volume
        • EC2 VPC
        • ECS Cluster
        • EKS Cluster
        • ELBV2 Application Load Balancer
        • GuardDuty Detector
        • GuardDuty Detector Meta
        • IAM Group
        • IAM Policy
        • IAM Role
        • IAM Root User
        • IAM User
        • KMS Key
        • Lambda Function
        • Password Policy
        • RDS Instance
        • Redshift Cluster
        • Route 53 Domains
        • Route 53 Hosted Zone
        • S3 Bucket
        • WAF Web ACL
  • Alerts & Destinations
    • Alert Destinations
      • Amazon SNS Destination
      • Amazon SQS Destination
      • Asana Destination
      • Blink Ops Destination
      • Custom Webhook Destination
      • Discord Destination
      • GitHub Destination
      • Google Pub/Sub Destination (Beta)
      • Incident.io Destination
      • Jira Cloud Destination
      • Jira Data Center Destination (Beta)
      • Microsoft Teams Destination
      • Mindflow Destination
      • OpsGenie Destination
      • PagerDuty Destination
      • Rapid7 Destination
      • ServiceNow Destination (Custom Webhook)
      • Slack Bot Destination
      • Slack Destination (Webhook)
      • Splunk Destination (Beta)
      • Tines Destination
      • Torq Destination
    • Assigning and Managing Alerts
      • Managing Alerts in Slack
    • Alert Runbooks
      • Panther-managed Policies Runbooks
        • AWS CloudTrail Is Enabled In All Regions
        • AWS CloudTrail Sending To CloudWatch Logs
        • AWS KMS CMK Key Rotation Is Enabled
        • AWS Application Load Balancer Has Web ACL
        • AWS Access Keys Are Used Every 90 Days
        • AWS Access Keys are Rotated Every 90 Days
        • AWS ACM Certificate Is Not Expired
        • AWS Access Keys not Created During Account Creation
        • AWS CloudTrail Has Log Validation Enabled
        • AWS CloudTrail S3 Bucket Has Access Logging Enabled
        • AWS CloudTrail Logs S3 Bucket Not Publicly Accessible
        • AWS Config Is Enabled for Global Resources
        • AWS DynamoDB Table Has Autoscaling Targets Configured
        • AWS DynamoDB Table Has Autoscaling Enabled
        • AWS DynamoDB Table Has Encryption Enabled
        • AWS EC2 AMI Launched on Approved Host
        • AWS EC2 AMI Launched on Approved Instance Type
        • AWS EC2 AMI Launched With Approved Tenancy
        • AWS EC2 Instance Has Detailed Monitoring Enabled
        • AWS EC2 Instance Is EBS Optimized
        • AWS EC2 Instance Running on Approved AMI
        • AWS EC2 Instance Running on Approved Instance Type
        • AWS EC2 Instance Running in Approved VPC
        • AWS EC2 Instance Running On Approved Host
        • AWS EC2 Instance Running With Approved Tenancy
        • AWS EC2 Instance Volumes Are Encrypted
        • AWS EC2 Volume Is Encrypted
        • AWS GuardDuty is Logging to a Master Account
        • AWS GuardDuty Is Enabled
        • AWS IAM Group Has Users
        • AWS IAM Policy Blocklist Is Respected
        • AWS IAM Policy Does Not Grant Full Administrative Privileges
        • AWS IAM Policy Is Not Assigned Directly To User
        • AWS IAM Policy Role Mapping Is Respected
        • AWS IAM User Has MFA Enabled
        • AWS IAM Password Used Every 90 Days
        • AWS Password Policy Enforces Complexity Guidelines
        • AWS Password Policy Enforces Password Age Limit Of 90 Days Or Less
        • AWS Password Policy Prevents Password Reuse
        • AWS RDS Instance Is Not Publicly Accessible
        • AWS RDS Instance Snapshots Are Not Publicly Accessible
        • AWS RDS Instance Has Storage Encrypted
        • AWS RDS Instance Has Backups Enabled
        • AWS RDS Instance Has High Availability Configured
        • AWS Redshift Cluster Allows Version Upgrades
        • AWS Redshift Cluster Has Encryption Enabled
        • AWS Redshift Cluster Has Logging Enabled
        • AWS Redshift Cluster Has Correct Preferred Maintenance Window
        • AWS Redshift Cluster Has Sufficient Snapshot Retention Period
        • AWS Resource Has Minimum Number of Tags
        • AWS Resource Has Required Tags
        • AWS Root Account Has MFA Enabled
        • AWS Root Account Does Not Have Access Keys
        • AWS S3 Bucket Name Has No Periods
        • AWS S3 Bucket Not Publicly Readable
        • AWS S3 Bucket Not Publicly Writeable
        • AWS S3 Bucket Policy Does Not Use Allow With Not Principal
        • AWS S3 Bucket Policy Enforces Secure Access
        • AWS S3 Bucket Policy Restricts Allowed Actions
        • AWS S3 Bucket Policy Restricts Principal
        • AWS S3 Bucket Has Versioning Enabled
        • AWS S3 Bucket Has Encryption Enabled
        • AWS S3 Bucket Lifecycle Configuration Expires Data
        • AWS S3 Bucket Has Logging Enabled
        • AWS S3 Bucket Has MFA Delete Enabled
        • AWS S3 Bucket Has Public Access Block Enabled
        • AWS Security Group Restricts Ingress On Administrative Ports
        • AWS VPC Default Security Group Restricts All Traffic
        • AWS VPC Flow Logging Enabled
        • AWS WAF Has Correct Rule Ordering
        • AWS CloudTrail Logs Encrypted Using KMS CMK
      • Panther-managed Rules Runbooks
        • AWS CloudTrail Modified
        • AWS Config Service Modified
        • AWS Console Login Failed
        • AWS Console Login Without MFA
        • AWS EC2 Gateway Modified
        • AWS EC2 Network ACL Modified
        • AWS EC2 Route Table Modified
        • AWS EC2 SecurityGroup Modified
        • AWS EC2 VPC Modified
        • AWS IAM Policy Modified
        • AWS KMS CMK Loss
        • AWS Root Activity
        • AWS S3 Bucket Policy Modified
        • AWS Unauthorized API Call
    • Tech Partner Alert Destination Integrations
  • Investigations & Search
    • Search
      • Search Filter Operators
    • Data Explorer
      • Data Explorer SQL Search Examples
        • CloudTrail logs queries
        • GitHub Audit logs queries
        • GuardDuty logs queries
        • Nginx and ALB Access logs queries
        • Okta logs queries
        • S3 Access logs queries
        • VPC logs queries
    • Visualization and Dashboards
      • Custom Dashboards (Beta)
      • Panther-Managed Dashboards
    • Standard Fields
    • Saved and Scheduled Searches
      • Templated Searches
        • Behavioral Analytics and Anomaly Detection Template Macros (Beta)
      • Scheduled Search Examples
    • Search History
    • Data Lakes
      • Snowflake
        • Snowflake Configuration for Optimal Search Performance
      • Athena
  • PantherFlow (Beta)
    • PantherFlow Quick Reference
    • PantherFlow Statements
    • PantherFlow Operators
      • Datatable Operator
      • Extend Operator
      • Join Operator
      • Limit Operator
      • Project Operator
      • Range Operator
      • Sort Operator
      • Search Operator
      • Summarize Operator
      • Union Operator
      • Visualize Operator
      • Where Operator
    • PantherFlow Data Types
    • PantherFlow Expressions
    • PantherFlow Functions
      • Aggregation Functions
      • Date/time Functions
      • String Functions
      • Array Functions
      • Math Functions
      • Control Flow Functions
      • Regular Expression Functions
      • Snowflake Functions
      • Data Type Functions
      • Other Functions
    • PantherFlow Example Queries
      • PantherFlow Examples: Threat Hunting Scenarios
      • PantherFlow Examples: SOC Operations
      • PantherFlow Examples: Panther Audit Logs
  • Enrichment
    • Custom Lookup Tables
      • Creating a GreyNoise Lookup Table
      • Lookup Table Examples
        • Using Lookup Tables: 1Password UUIDs
      • Lookup Table Specification Reference
    • Identity Provider Profiles
      • Okta Profiles
      • Google Workspace Profiles
    • Anomali ThreatStream
    • IPinfo
    • Tor Exit Nodes
    • TrailDiscover (Beta)
  • Panther AI (Beta)
  • System Configuration
    • Role-Based Access Control
    • Identity & Access Integrations
      • Azure Active Directory SSO
      • Duo SSO
      • G Suite SSO
      • Okta SSO
        • Okta SCIM
      • OneLogin SSO
      • Generic SSO
    • Panther Audit Logs
      • Querying and Writing Detections for Panther Audit Logs
      • Panther Audit Log Actions
    • Notifications and Errors (Beta)
      • System Errors
    • Panther Deployment Types
      • SaaS
      • Cloud Connected
        • Configuring Snowflake for Cloud Connected
        • Configuring AWS for Cloud Connected
        • Pre-Deployment Tools
      • Legacy Configurations
        • Snowflake Connected (Legacy)
        • Customer-configured Snowflake Integration (Legacy)
        • Self-Hosted Deployments (Legacy)
          • Runtime Environment
  • Panther Developer Workflows
    • Panther Developer Workflows Overview
    • Using panther-analysis
      • Public Fork
      • Private Clone
      • Panther Analysis Tool
        • Install, Configure, and Authenticate with the Panther Analysis Tool
        • Panther Analysis Tool Commands
        • Managing Lookup Tables and Enrichment Providers with the Panther Analysis Tool
      • CI/CD for Panther Content
        • Deployment Workflows Using Panther Analysis Tool
          • Managing Panther Content via CircleCI
          • Managing Panther Content via GitHub Actions
        • Migrating to a CI/CD Workflow
    • Panther API
      • REST API (Beta)
        • Alerts
        • Alert Comments
        • API Tokens
        • Data Models
        • Globals
        • Log Sources
        • Queries
        • Roles
        • Rules
        • Scheduled Rules
        • Simple Rules
        • Policies
        • Users
      • GraphQL API
        • Alerts & Errors
        • Cloud Account Management
        • Data Lake Queries
        • Log Source Management
        • Metrics
        • Schemas
        • Token Rotation
        • User & Role Management
      • API Playground
    • Terraform
      • Managing AWS S3 Log Sources with Terraform
      • Managing HTTP Log Sources with Terraform
    • pantherlog Tool
    • Converting Sigma Rules
  • Resources
    • Help
      • Operations
      • Security and Privacy
        • Security Without AWS External ID
      • Glossary
      • Legal
    • Panther System Architecture
Powered by GitBook
On this page

Was this helpful?

  1. System Configuration
  2. Panther Audit Logs

Panther Audit Log Actions

Panther Audit Logs is a feature available in versions 1.34 and newer.

Below you'll find a list of all the available actions that Panther tracks as part of its audit logs:

  • ADD_ENRICHMENT

  • ADD_MITRE_REPORT_MAPPING

  • AI_INFERENCE_STREAM

  • AI_INFERENCE_STREAM_EDIT

  • AI_INFERENCE_STREAM_METADATA

  • AI_SUMMARIZE_ALERT

  • AI_SUMMARIZE_LOG_EVENTS

  • ALL_DATALAKE_SCHEMA_ENTITIES

  • AUTODETECT_INDICATOR_FILTERS

  • BATCH_INFER_JOBS

  • BULK_UPLOAD_DETECTIONS

  • CANCEL_DASHBOARD_QUERIES

  • CANCEL_DATA_LAKE_QUERY

  • CANCEL_LOG_SOURCE_JOB

  • CANCEL_UBER_SEARCH

  • CHECK_LOOKUP_TABLE_IMPORT_STATUS

  • CHECK_LOOKUP_TABLE_SYNC_STATUS

  • CREATE_AI_CONVERSATION

  • CREATE_ALERT_DESTINATION

  • CREATE_API_TOKEN

  • CREATE_BOOMERANG

  • CREATE_CLOUD_ACCOUNT

  • CREATE_COMMENT

  • CREATE_DASHBOARD

  • CREATE_DATA_MODEL

  • CREATE_DETECTION_FILTER

  • CREATE_DETECTION_PACK_SOURCE

  • CREATE_GLOBAL_HELPER

  • CREATE_LOG_SOURCE

  • CREATE_LOG_SOURCE_ALARM

  • CREATE_LOOKUP_TABLE

  • CREATE_OR_UPDATE_SCHEMA

  • CREATE_PERF_TEST

  • CREATE_POLICY

  • CREATE_REPLAY

  • CREATE_RSA_KEY

  • CREATE_RULE

  • CREATE_RULE_V2

  • CREATE_SAVED_DATA_LAKE_QUERY

  • CREATE_SOURCE_REQUEST

  • CREATE_USER

  • CREATE_USER_ROLE

  • DELETE_ALERT_DESTINATION

  • DELETE_API_TOKEN

  • DELETE_CLOUD_ACCOUNT

  • DELETE_DASHBOARD

  • DELETE_DATA_MODEL

  • DELETE_DETECTION

  • DELETE_DETECTION_FILTER

  • DELETE_DETECTION_PACK_SOURCE

  • DELETE_ENRICHMENT

  • DELETE_GLOBAL_HELPER

  • DELETE_LOG_SOURCE

  • DELETE_LOG_SOURCE_ALARM

  • DELETE_LOOKUP_TABLE

  • DELETE_RULE_V2

  • DELETE_SAVED_DATA_LAKE_QUERY

  • DELETE_USER

  • DELETE_USER_ROLE

  • DETECTION_ENTITIES_UPLOAD_STATUS

  • DETECTION_STATS

  • DOWNLOAD_DATA_LAKE_QUERY

  • DOWNLOAD_DETECTIONS

  • DOWNLOAD_UBER_SEARCH_QUERY

  • EXECUTE_ALERT_ACTOR_PROFILE_QUERY

  • EXECUTE_DATA_LAKE_QUERY

  • EXECUTE_INDICATOR_SEARCH_QUERY

  • EXECUTE_SIMPLE_SEARCH_QUERY

  • EXECUTE_UBER_SEARCH

  • EXECUTE_UBER_SEARCH_PROPERTY_SUMMARY

  • GENERATE_CUSTOM_SCHEMA_SAMPLE

  • GENERATE_CUSTOM_SCHEMA_SAMPLE_UPLOAD_URL

  • GENERATE_DATA_LAKE_SQL_QUERY_SNIPPET

  • GENERATE_ENRICHED_EVENT

  • GENERATE_LOOKUP_TABLE_IMPORT_URL

  • GENERATE_SIMPLE_SEARCH_QUERY

  • GENERATE_UBER_SEARCH_QUERY

  • GET_ACTOR_INFO

  • GET_ALERT

  • GET_ALERT_DESTINATION

  • GET_ALERT_METRIC_DATA

  • GET_ALL_DATA_LAKE_TABLES

  • GET_API_TOKEN

  • GET_APP_CONFIG

  • GET_BULK_UPLOAD_DETECTIONS_STATUS

  • GET_BULK_UPLOAD_PRESIGNED_URL

  • GET_CLOUD_ACCOUNT

  • GET_CLOUD_RESOURCE

  • GET_CORRELATION_RULE

  • GET_CUSTOM_SCHEMA

  • GET_DASHBOARD

  • GET_DATA_LAKE_DATABASE

  • GET_DATA_LAKE_QUERY

  • GET_DATA_LAKE_QUERY_SUMMARY

  • GET_DATA_LAKE_TABLE

  • GET_DATA_MODEL

  • GET_DETECTION

  • GET_DETECTION_ALERT_METRICS

  • GET_DETECTION_FILTER

  • GET_DETECTION_PACK

  • GET_DETECTION_PACK_SOURCE

  • GET_ENRICHMENT

  • GET_FEATURE_FLAGS

  • GET_GENERAL_SETTINGS

  • GET_GLOBAL_HELPER

  • GET_HOLDING_TANK_SOURCE_RUNNING_TASK

  • GET_INGESTION_MONITORING_METRICS

  • GET_JIRA_ORG_METADATA

  • GET_LOG_SCHEMA_TEST_RESULTS

  • GET_LOG_SOURCE

  • GET_LOG_SOURCE_JOB

  • GET_LOG_SOURCE_RAW_DATA

  • GET_LOOKUP_TABLE

  • GET_MITRE_MATRIX

  • GET_MITRE_MATRIX_TREE

  • GET_MITRE_TACTIC_AND_TECHNIQUE

  • GET_NOTIFICATIONS

  • GET_NOTIFICATION_PREFERENCES

  • GET_ORGANIZATION_COMPLIANCE_STATS

  • GET_ORGANIZATION_METRICS

  • GET_POLICY

  • GET_PYPANTHER_VERSION

  • GET_REPLAY

  • GET_REPLAY_ALERT

  • GET_REPLAY_PREVIEW

  • GET_REPORT_SETTING

  • GET_RULE

  • GET_RULE_V2

  • GET_SAML_SETTINGS

  • GET_SAVED_DATA_LAKE_QUERY

  • GET_SOURCE_METRICS

  • GET_SOURCE_STATISTICS

  • GET_SUPPORTED_LOG_PROVIDER

  • GET_SUPPORT_LOGIN_CONFIG

  • GET_THREAT_INTEL

  • GET_UBER_SEARCH

  • GET_UBER_SEARCH_VISUALIZATION

  • GET_UNIVERSAL_SETTINGS

  • GET_USER

  • GET_USER_ROLE

  • IMPORT_LOOKUP_TABLE_DATA

  • INFER_CUSTOM_SCHEMA

  • INFER_SCHEMA_FROM_BUCKET_DATA

  • INFER_SCHEMA_FROM_RAW_DATA

  • ISSUE_ALERT_SUMMARY_QUERIES

  • JIRA_EVENT

  • LIST_ALERTS

  • LIST_ALERT_DESTINATIONS

  • LIST_API_TOKENS

  • LIST_CLOUD_ACCOUNTS

  • LIST_CLOUD_RESOURCES

  • LIST_DASHBOARDS

  • LIST_DATA_LAKE_DATABASES

  • LIST_DATA_LAKE_PROPERTIES

  • LIST_DATA_LAKE_QUERIES

  • LIST_DATA_MODELS

  • LIST_DETECTIONS

  • LIST_DETECTION_PACKS

  • LIST_DETECTION_PACK_SOURCES

  • LIST_FILTER_FIELDS

  • LIST_FILTER_FIELDS_FLAT

  • LIST_GLOBAL_HELPERS

  • LIST_HOLDING_TANK_TASKS

  • LIST_LOG_SOURCES

  • LIST_LOG_TYPES

  • LIST_LOOKUP_TABLES

  • LIST_POLICIES

  • LIST_REPLAYS

  • LIST_REPLAY_ALERTS

  • LIST_RESOURCES

  • LIST_SAVED_DATA_LAKE_QUERIES

  • LIST_SCHEMAS

  • LIST_SOURCE_BUCKET_KEYS

  • LIST_SUPPORTED_LOG_PROVIDERS

  • LIST_USERS

  • LIST_USER_ROLES

  • LOOKUP_TABLE_ENRICH

  • MARK_ALL_NOTIFICATIONS_AS_READ

  • MARK_NOTIFICATION_AS_READ

  • PUT_CORRELATION_RULE

  • PUT_NOTIFICATION_PREFERENCES

  • RESET_USER_PASSWORD

  • RESOLVE_SOURCE_ALARM

  • RESTORE_DASHBOARD

  • RETRY_ALERT_DELIVERY

  • ROTATE_API_TOKEN

  • RULE_PYTHON_BODY

  • SEND_TEST_ALERT

  • SEND_USER_FEEDBACK

  • SIGN_IN

  • STOP_REPLAY

  • SUMMARIZE_DATA_LAKE_QUERY

  • SUPPRESS_POLICY

  • SYNC_LOOKUP_TABLE_DATA

  • TEST_CORRELATION_RULE

  • TEST_CORRELATION_RULE_YAML

  • TEST_CUSTOM_SCHEMA

  • TEST_FILTER_EVENT

  • TEST_LOG_SCHEMA_WITH_RAW_DATA

  • TEST_POLICY

  • TEST_RULE

  • TRANSPILE_FILTERS

  • TRANSPILE_SIMPLE_DETECTIONS_TO_PYTHON

  • UBER_SEARCH_COLUMN_SUMMARY

  • UBER_SEARCH_PROPERTY_SUMMARY

  • UBER_SEARCH_TABLES

  • UPDATE_ALERT_ASSIGNEE

  • UPDATE_ALERT_DESTINATION

  • UPDATE_ALERT_STATUS

  • UPDATE_API_TOKEN

  • UPDATE_BOOMERANG

  • UPDATE_CLOUD_ACCOUNT

  • UPDATE_CUSTOM_SCHEMA_STATE

  • UPDATE_DASHBOARD

  • UPDATE_DATA_MODEL

  • UPDATE_DETECTION_FILTER

  • UPDATE_DETECTION_PACK_SOURCE

  • UPDATE_DETECTION_PACK_STATE

  • UPDATE_DETECTION_STATE

  • UPDATE_GENERAL_SETTINGS

  • UPDATE_GLOBAL_HELPER

  • UPDATE_LOG_SOURCE

  • UPDATE_LOG_SOURCE_FILTERS

  • UPDATE_LOOKUP_TABLE

  • UPDATE_MITRE_REPORT_SETTING

  • UPDATE_NOTIFICATION

  • UPDATE_POLICY

  • UPDATE_RULE_AND_FILTER

  • UPDATE_RULE_V2

  • UPDATE_SAML_SETTINGS

  • UPDATE_SAVED_DATA_LAKE_QUERY

  • UPDATE_SUPPORT_LOGIN_SETTINGS

  • UPDATE_USER

  • UPDATE_USER_NOTIFICATIONS

  • UPDATE_USER_ROLE

  • UPLOAD_DETECTION_ENTITIES

  • UPLOAD_DETECTION_ENTITIES_ASYNC

  • VALIDATE_BULK_UPLOAD

  • VALIDATE_BULK_UPLOAD_STATUS

  • VIEW_SOURCE_BUCKET_DATA

  • VIEW_SOURCE_PARSED_EVENTS

PreviousQuerying and Writing Detections for Panther Audit LogsNextNotifications and Errors (Beta)

Last updated 28 days ago

Was this helpful?