Managing PyPanther Detections in the Panther Console
Create, update, and delete PyPanther Detections in the Console
PreviousRegistering, Testing, and Uploading PyPanther DetectionsNextPyPanther Detections Style Guide
Last updated
Was this helpful?
Create, update, and delete PyPanther Detections in the Console
Last updated
Was this helpful?
You can manage PyPanther Detections in the Panther Console in addition to the CLI workflow.
The PyPanther Detections Console workflows described on this page do not have parity with the functionality available in the CLI workflow described on . See for more information.
It's possible to manage PyPanther Detections using both the CLI workflow and the Panther Console. When doing so, take note of the following interactions:
You may not create a detection in the Console or the CLI workflow with the same id as a detection already created in either the Console or CLI workflow.
If you create a detection in the CLI workflow, edit it in the Console, then upload it again in the CLI workflow, the edits you made in the Console will be overwritten.
It's not possible to on Panther-managed (or custom) detections through the Panther console.
In addition to not being able to make overrides on a Panther-managed rule, it's not possible to enable a Panther-managed PyPanther rule as-is in the Console (as you can in the v1 model using Detection Packs).
If you make overrides on a Panther-managed detection in the CLI workflow, upload it, and are viewing it in the Panther Console, your overrides will not be visible (i.e., it will appear as the "plain" Panther-managed version).
It's not possible to delete a PyPanther Detection in the Console that was uploaded through the CLI workflow.
It's not possible to view or edit the main.py file as you can in the CLI workflow, which means:
It's not possible to .
To create a custom PyPanther Detection in the Console:
In the left-hand navigation bar of your Panther Console, click Detections.
Click Create New.
At the top of the page, in the Name field, enter a name for your detection.
In the Python code editor in the Detection section, configure your rule.
Click Deploy.
To edit a PyPanther Detection in the Console:
In the left-hand navigation bar of your Panther Console, click Detections.
From the list of detections, click the name of the detection you're like to edit.
Make any desired updates to the detection in the Detection code editor.
To update the detection's display name, edit the value of the display_name attribute in the code editor.
Click Deploy.
In the Console, it is currently only possible to delete detections that were created in the Console. Rules uploaded in the CLI workflow can only deleted in the CLI workflow.
To delete a PyPanther Detection in the Console:
In the left-hand navigation bar of your Panther Console, click Detections.
From the list of detections, click the name of the detection you're like to delete.
In the upper-right corner, click on the three dots icon (...).
Click Delete.
On the Pypanther Streaming Rule tile, click Start.
Learn more about PyPanther Detection composition in , and see the for a full list of required and optional fields.
If you'd like to create a detection that , you can edit (Rule) in class CustomRuleName(Rule).
If you to your detection, click Run Tests to verify they all pass.
In the Panther Console, you can edit PyPanther Detections that were created in either the Console or uploaded using the CLI workflow (except for Panther-managed detections, which are read-only—even if you've made your own on them in the CLI workflow).
Learn more about PyPanther Detection composition in , and see the for a full list of required and optional fields.
If you to your detection, click Run Tests to verify they all pass.
