> For the complete documentation index, see [llms.txt](https://docs.panther.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.panther.com/detections/panther-managed/content-catalog/browsing-and-installing-catalog-items.md). # Browsing and installing Catalog items {% hint style="warning" %} The [Content Catalog](/detections/panther-managed/content-catalog.md) is in closed beta as of Panther version 1.125. To request access, contact your Panther support team. {% endhint %} ## Overview The [Content Catalog](/detections/panther-managed/content-catalog.md) is the page in your Panther Console where you can browse all Panther-managed analysis items available for your instance, and install the ones you want into your environment. Installed items are fully owned by you, and behave like any custom item—you can edit, disable, or delete them at any time. This page explains how to browse available items and install them. To learn how to update items you have already installed, see [Updating Content Catalog items](/detections/panther-managed/content-catalog/updating-catalog-items.md). ## How to browse Content Catalog items To browse the items available in the Content Catalog: 1. In the left-hand navigation bar of your Panther Console, click **Catalog**. 2. Click the **Browse** tab. Items in the **Browse** tab are organized into sub-tabs by content type: * **Detections**: Includes rules, scheduled rules, correlation rules, and policies. * **Helpers**: Includes [global helpers](/detections/rules/python/globals.md). * **Data Models**: Includes [data models](/detections/rules/python/data-models.md). * **Enrichments**: Includes enrichments, which are [Lookup Tables](/enrichment.md) provided by Panther. * **Queries**: Includes saved queries and [scheduled queries](/search/scheduled-searches.md). You can only see a sub-tab if you have the corresponding read permission for that item type. See [Required permissions](/detections/panther-managed/content-catalog.md#required-permissions) for details. Each sub-tab includes filters appropriate to the content type. You can filter: * **Detections** by name or description, severity, data source, and type * **Helpers** by name or description * **Data Models** by name or description, and log type * **Enrichments** by name or description, schema, and log type * **Queries** by name or description, and type Items you have already installed are marked as installed in the **Browse** tab. You can click through to the installed copy to view it on its details page. ## How to install a Content Catalog item To install an item from the Content Catalog: 1. In the left-hand navigation bar of your Panther Console, click **Catalog**. 2. Click the **Browse** tab. 3. Click the sub-tab for the type of item you want to install. 4. Locate the item, then click **Install**. When you click **Install**, Panther: * Creates a copy of the item in your environment that you fully own. * Identifies and installs any items that the item depends on. For example, installing a rule will also install the global helpers it imports, the data models it references, and (if it is a scheduled rule) the scheduled queries it uses. Installing a correlation rule will also install all of the member rules used in the correlation. * For detections, runs the item's unit tests before installing it. * For data models, runs the unit tests for any detections that use the same log type, because changes to a data model can affect those detections. By default, installed items are enabled. ### When an install is blocked If installing an item would cause unit tests to fail, Panther blocks the install and surfaces the reason. You will need to address the underlying issue—for example, by updating a related item that the new item depends on—before you can install it. ## How to view installed Content Catalog items The **Installed** tab on the Content Catalog page lists every item you have installed via the Content Catalog. The table includes the item's type, name, and description. To view your installed items: 1. In the left-hand navigation bar of your Panther Console, click **Catalog**. 2. Click the **Installed** tab. You can filter installed items by: * Text in the name or ID * Item type To view an installed item on its details page, open the actions menu on the right of the row, and click View. From there, you can edit the item exactly like a custom item. ## How to uninstall a Content Catalog item To remove an item that you installed via the Content Catalog: 1. In the left-hand navigation bar of your Panther Console, click **Catalog**. 2. Click the **Installed** tab. 3. Locate the item you want to remove. 4. In that item's row, open the actions menu and click **Uninstall**. Uninstalling deletes the item from your environment. If you want it back later, you can install it again from the **Browse** tab. You can delete any Installed item the same way you do a custom item, from its Details page, as well. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.panther.com/detections/panther-managed/content-catalog/browsing-and-installing-catalog-items.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.