# 정책

## 개요

다음 API 작업을 사용하여 상호 작용하세요 [정책](/ko/detections/policies.md) Panther에서.

API를 호출하려면 다음을 참조하세요. [Panther REST API 사용 방법](/ko/panther/api/rest.md#how-to-use-the-panther-rest-api) 지침—포함하여 [이 문서 페이지에서 직접 호출하는 방법에 대한 안내](/ko/panther/api/rest.md#step-3-invoke-the-panther-rest-api).

## 필수 권한

* 에 대해 `GET` 작업을 수행하려면 API 토큰에 다음 권한이 있어야 합니다. `정책 보기` 권한.
* 에 대해 `POST`, `PUT`및 `DELETE` 작업을 수행하려면 API 토큰에 다음 권한이 있어야 합니다. `정책 관리` 권한.

## 작업

{% hint style="info" %}
아래 API 엔드포인트는 클라우드 정책에만 해당합니다. 다른 디택션 유형과 상호작용하려면 해당 페이지를 참조하세요: [Python 기반 규칙](https://docs.panther.com/panther-developer-workflows/api/rest/rules), [예약 규칙](https://docs.panther.com/panther-developer-workflows/api/rest/scheduled-rules)및 [Simple 디택션](https://docs.panther.com/panther-developer-workflows/api/rest/simple-rules).
{% endhint %}

## POST /policies

> create policy

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"policy","description":"The policy api handles all operations for policies"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"PolicyAPI.ModifyPolicy":{"type":"object","properties":{"body":{"type":"string","description":"The python body of the policy"},"description":{"type":"string","description":"The description of the policy"},"displayName":{"type":"string","description":"The display name of the policy"},"enabled":{"type":"boolean","description":"Determines whether or not the policy is active"},"id":{"type":"string","description":"The id of the policy"},"managed":{"type":"boolean","description":"Determines if the policy is managed by panther"},"outputIDs":{"type":"array","items":{"type":"string"},"description":"Destination IDs that override default alert routing based on severity"},"reference":{"type":"string","description":"A URL or note for additional reference material"},"reports":{"type":"object","description":"Reports","additionalProperties":{"items":{"type":"string"},"type":"array"}},"resourceTypes":{"type":"array","items":{"type":"string"},"description":"Resource types"},"severity":{"type":"string","enum":["INFO","LOW","MEDIUM","HIGH","CRITICAL"]},"suppressions":{"type":"array","items":{"type":"string"},"description":"Resources to ignore via a pattern that matches the resource id"},"tags":{"type":"array","items":{"type":"string"},"description":"The tags for the policy"},"tests":{"type":"array","items":{"$ref":"#/components/schemas/PolicyAPI.UnitTest"},"description":"Unit tests for the Policy. Best practice is to include a positive and negative case"}},"required":["id","body","severity"]},"PolicyAPI.UnitTest":{"type":"object","properties":{"expectedResult":{"type":"boolean","description":"The expected result"},"log":{"description":"A test event object that your detection will receive as input."},"mocks":{"type":"array","items":{"$ref":"#/components/schemas/PolicyAPI.UnitTestMock"},"description":"mocks"},"name":{"type":"string","description":"name"},"resource":{"type":"string","description":"A test event object that your detection will receive as input, JSON-encoded. Prefer `log`."}},"required":["name","expectedResult"]},"PolicyAPI.UnitTestMock":{"type":"object","additionalProperties":{"type":"string"}},"PolicyAPI.Policy":{"type":"object","properties":{"body":{"type":"string","description":"The python body of the policy"},"createdAt":{"type":"string"},"createdBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who created the rule"},"createdByExternal":{"type":"string","description":"The text of the user-provided CreatedBy field when uploaded via CI/CD"},"description":{"type":"string","description":"The description of the policy"},"displayName":{"type":"string","description":"The display name of the policy"},"enabled":{"type":"boolean","description":"Determines whether or not the policy is active"},"id":{"type":"string","description":"The id of the policy"},"lastModified":{"type":"string"},"managed":{"type":"boolean","description":"Determines if the policy is managed by panther"},"outputIDs":{"type":"array","items":{"type":"string"},"description":"Destination IDs that override default alert routing based on severity"},"reference":{"type":"string","description":"A URL or note for additional reference material"},"reports":{"type":"object","description":"Reports","additionalProperties":{"items":{"type":"string"},"type":"array"}},"resourceTypes":{"type":"array","items":{"type":"string"},"description":"Resource types"},"severity":{"type":"string","enum":["INFO","LOW","MEDIUM","HIGH","CRITICAL"]},"suppressions":{"type":"array","items":{"type":"string"},"description":"Resources to ignore via a pattern that matches the resource id"},"tags":{"type":"array","items":{"type":"string"},"description":"The tags for the policy"},"tests":{"type":"array","items":{"$ref":"#/components/schemas/PolicyAPI.UnitTest"},"description":"Unit tests for the Policy. Best practice is to include a positive and negative case"}}},"PolicyAPI.BadRequestWithTestResultsErr":{"type":"object","properties":{"message":{"type":"string"},"testResults":{"type":"array","items":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionRecord"}}},"required":["message"]},"PolicyAPI.TestDetectionRecord":{"type":"object","properties":{"error":{"$ref":"#/components/schemas/PolicyAPI.TestErr"},"errored":{"type":"boolean"},"functions":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionRecordFunctions"},"name":{"type":"string"},"passed":{"type":"boolean"},"triggerAlert":{"type":"boolean"}}},"PolicyAPI.TestErr":{"type":"object","properties":{"code":{"type":"string"},"message":{"type":"string"}}},"PolicyAPI.TestDetectionRecordFunctions":{"type":"object","properties":{"alertContext":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"dedup":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"description":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"destinations":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"detection":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"reference":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"runbook":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"severity":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"title":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"}}},"PolicyAPI.TestDetectionSubRecord":{"type":"object","properties":{"error":{"$ref":"#/components/schemas/PolicyAPI.TestErr"},"output":{"type":"string"}}},"PolicyAPI.ExistsError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/policies":{"post":{"tags":["policy"],"summary":"create policy","operationId":"policy#create","parameters":[{"name":"run-tests-first","in":"query","description":"set this field to false to exclude running tests prior to saving","allowEmptyValue":true,"schema":{"type":"boolean","description":"set this field to false to exclude running tests prior to saving","default":true}},{"name":"run-tests-only","in":"query","description":"set this field to true if you want to run tests without saving","allowEmptyValue":true,"schema":{"type":"boolean","description":"set this field to true if you want to run tests without saving","default":false}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyAPI.ModifyPolicy"}}}},"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyAPI.Policy"}}}},"204":{"description":"No Content response."},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyAPI.BadRequestWithTestResultsErr"}}}},"409":{"description":"exists: Conflict response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyAPI.ExistsError"}}}}}}}}}
```

## GET /policies/{id}

> get policy

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"policy","description":"The policy api handles all operations for policies"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"PolicyAPI.Policy":{"type":"object","properties":{"body":{"type":"string","description":"The python body of the policy"},"createdAt":{"type":"string"},"createdBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who created the rule"},"createdByExternal":{"type":"string","description":"The text of the user-provided CreatedBy field when uploaded via CI/CD"},"description":{"type":"string","description":"The description of the policy"},"displayName":{"type":"string","description":"The display name of the policy"},"enabled":{"type":"boolean","description":"Determines whether or not the policy is active"},"id":{"type":"string","description":"The id of the policy"},"lastModified":{"type":"string"},"managed":{"type":"boolean","description":"Determines if the policy is managed by panther"},"outputIDs":{"type":"array","items":{"type":"string"},"description":"Destination IDs that override default alert routing based on severity"},"reference":{"type":"string","description":"A URL or note for additional reference material"},"reports":{"type":"object","description":"Reports","additionalProperties":{"items":{"type":"string"},"type":"array"}},"resourceTypes":{"type":"array","items":{"type":"string"},"description":"Resource types"},"severity":{"type":"string","enum":["INFO","LOW","MEDIUM","HIGH","CRITICAL"]},"suppressions":{"type":"array","items":{"type":"string"},"description":"Resources to ignore via a pattern that matches the resource id"},"tags":{"type":"array","items":{"type":"string"},"description":"The tags for the policy"},"tests":{"type":"array","items":{"$ref":"#/components/schemas/PolicyAPI.UnitTest"},"description":"Unit tests for the Policy. Best practice is to include a positive and negative case"}}},"PolicyAPI.UnitTest":{"type":"object","properties":{"expectedResult":{"type":"boolean","description":"The expected result"},"log":{"description":"A test event object that your detection will receive as input."},"mocks":{"type":"array","items":{"$ref":"#/components/schemas/PolicyAPI.UnitTestMock"},"description":"mocks"},"name":{"type":"string","description":"name"},"resource":{"type":"string","description":"A test event object that your detection will receive as input, JSON-encoded. Prefer `log`."}},"required":["name","expectedResult"]},"PolicyAPI.UnitTestMock":{"type":"object","additionalProperties":{"type":"string"}},"PolicyAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/policies/{id}":{"get":{"tags":["policy"],"summary":"get policy","operationId":"policy#get","parameters":[{"name":"id","in":"path","description":"the id of the policy to fetch","required":true,"schema":{"type":"string","description":"the id of the policy to fetch"}}],"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyAPI.Policy"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyAPI.NotFoundError"}}}}}}}}}
```

## put policy

> put creates or updates a policy

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"policy","description":"The policy api handles all operations for policies"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"PolicyAPI.ModifyPolicy":{"type":"object","properties":{"body":{"type":"string","description":"The python body of the policy"},"description":{"type":"string","description":"The description of the policy"},"displayName":{"type":"string","description":"The display name of the policy"},"enabled":{"type":"boolean","description":"Determines whether or not the policy is active"},"id":{"type":"string","description":"The id of the policy"},"managed":{"type":"boolean","description":"Determines if the policy is managed by panther"},"outputIDs":{"type":"array","items":{"type":"string"},"description":"Destination IDs that override default alert routing based on severity"},"reference":{"type":"string","description":"A URL or note for additional reference material"},"reports":{"type":"object","description":"Reports","additionalProperties":{"items":{"type":"string"},"type":"array"}},"resourceTypes":{"type":"array","items":{"type":"string"},"description":"Resource types"},"severity":{"type":"string","enum":["INFO","LOW","MEDIUM","HIGH","CRITICAL"]},"suppressions":{"type":"array","items":{"type":"string"},"description":"Resources to ignore via a pattern that matches the resource id"},"tags":{"type":"array","items":{"type":"string"},"description":"The tags for the policy"},"tests":{"type":"array","items":{"$ref":"#/components/schemas/PolicyAPI.UnitTest"},"description":"Unit tests for the Policy. Best practice is to include a positive and negative case"}},"required":["id","body","severity"]},"PolicyAPI.UnitTest":{"type":"object","properties":{"expectedResult":{"type":"boolean","description":"The expected result"},"log":{"description":"A test event object that your detection will receive as input."},"mocks":{"type":"array","items":{"$ref":"#/components/schemas/PolicyAPI.UnitTestMock"},"description":"mocks"},"name":{"type":"string","description":"name"},"resource":{"type":"string","description":"A test event object that your detection will receive as input, JSON-encoded. Prefer `log`."}},"required":["name","expectedResult"]},"PolicyAPI.UnitTestMock":{"type":"object","additionalProperties":{"type":"string"}},"PolicyAPI.Policy":{"type":"object","properties":{"body":{"type":"string","description":"The python body of the policy"},"createdAt":{"type":"string"},"createdBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who created the rule"},"createdByExternal":{"type":"string","description":"The text of the user-provided CreatedBy field when uploaded via CI/CD"},"description":{"type":"string","description":"The description of the policy"},"displayName":{"type":"string","description":"The display name of the policy"},"enabled":{"type":"boolean","description":"Determines whether or not the policy is active"},"id":{"type":"string","description":"The id of the policy"},"lastModified":{"type":"string"},"managed":{"type":"boolean","description":"Determines if the policy is managed by panther"},"outputIDs":{"type":"array","items":{"type":"string"},"description":"Destination IDs that override default alert routing based on severity"},"reference":{"type":"string","description":"A URL or note for additional reference material"},"reports":{"type":"object","description":"Reports","additionalProperties":{"items":{"type":"string"},"type":"array"}},"resourceTypes":{"type":"array","items":{"type":"string"},"description":"Resource types"},"severity":{"type":"string","enum":["INFO","LOW","MEDIUM","HIGH","CRITICAL"]},"suppressions":{"type":"array","items":{"type":"string"},"description":"Resources to ignore via a pattern that matches the resource id"},"tags":{"type":"array","items":{"type":"string"},"description":"The tags for the policy"},"tests":{"type":"array","items":{"$ref":"#/components/schemas/PolicyAPI.UnitTest"},"description":"Unit tests for the Policy. Best practice is to include a positive and negative case"}}},"PolicyAPI.BadRequestWithTestResultsErr":{"type":"object","properties":{"message":{"type":"string"},"testResults":{"type":"array","items":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionRecord"}}},"required":["message"]},"PolicyAPI.TestDetectionRecord":{"type":"object","properties":{"error":{"$ref":"#/components/schemas/PolicyAPI.TestErr"},"errored":{"type":"boolean"},"functions":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionRecordFunctions"},"name":{"type":"string"},"passed":{"type":"boolean"},"triggerAlert":{"type":"boolean"}}},"PolicyAPI.TestErr":{"type":"object","properties":{"code":{"type":"string"},"message":{"type":"string"}}},"PolicyAPI.TestDetectionRecordFunctions":{"type":"object","properties":{"alertContext":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"dedup":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"description":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"destinations":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"detection":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"reference":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"runbook":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"severity":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"title":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"}}},"PolicyAPI.TestDetectionSubRecord":{"type":"object","properties":{"error":{"$ref":"#/components/schemas/PolicyAPI.TestErr"},"output":{"type":"string"}}}}},"paths":{"/policies/{id}":{"put":{"tags":["policy"],"summary":"put policy","description":"put creates or updates a policy","operationId":"policy#put","parameters":[{"name":"run-tests-first","in":"query","description":"set this field to false to exclude running tests prior to saving","allowEmptyValue":true,"schema":{"type":"boolean","description":"set this field to false to exclude running tests prior to saving","default":true}},{"name":"run-tests-only","in":"query","description":"set this field to true if you want to run tests without saving","allowEmptyValue":true,"schema":{"type":"boolean","description":"set this field to true if you want to run tests without saving","default":false}},{"name":"id","in":"path","description":"the id of the policy","required":true,"schema":{"type":"string","description":"the id of the policy"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyAPI.ModifyPolicy"}}}},"responses":{"200":{"description":"200 returned if the item already existed","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyAPI.Policy"}}}},"201":{"description":"201 returned if the item was created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyAPI.Policy"}}}},"204":{"description":"No Content response."},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyAPI.BadRequestWithTestResultsErr"}}}}}}}}}
```

## DELETE /policies/{id}

> delete policy

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"policy","description":"The policy api handles all operations for policies"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"PolicyAPI.BadRequestWithTestResultsErr":{"type":"object","properties":{"message":{"type":"string"},"testResults":{"type":"array","items":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionRecord"}}},"required":["message"]},"PolicyAPI.TestDetectionRecord":{"type":"object","properties":{"error":{"$ref":"#/components/schemas/PolicyAPI.TestErr"},"errored":{"type":"boolean"},"functions":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionRecordFunctions"},"name":{"type":"string"},"passed":{"type":"boolean"},"triggerAlert":{"type":"boolean"}}},"PolicyAPI.TestErr":{"type":"object","properties":{"code":{"type":"string"},"message":{"type":"string"}}},"PolicyAPI.TestDetectionRecordFunctions":{"type":"object","properties":{"alertContext":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"dedup":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"description":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"destinations":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"detection":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"reference":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"runbook":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"severity":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"},"title":{"$ref":"#/components/schemas/PolicyAPI.TestDetectionSubRecord"}}},"PolicyAPI.TestDetectionSubRecord":{"type":"object","properties":{"error":{"$ref":"#/components/schemas/PolicyAPI.TestErr"},"output":{"type":"string"}}},"PolicyAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/policies/{id}":{"delete":{"tags":["policy"],"summary":"delete policy","operationId":"policy#delete","parameters":[{"name":"id","in":"path","description":"ID of the policy to delete","required":true,"schema":{"type":"string","description":"ID of the policy to delete"}}],"responses":{"204":{"description":"No Content response."},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyAPI.BadRequestWithTestResultsErr"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyAPI.NotFoundError"}}}}}}}}}
```

## GET /policies

> list policies

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"policy","description":"The policy api handles all operations for policies"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"PolicyAPI.ListResp":{"type":"object","properties":{"next":{"type":"string","description":"pagination token for the next page of results"},"results":{"type":"array","items":{"$ref":"#/components/schemas/PolicyAPI.Policy"}}}},"PolicyAPI.Policy":{"type":"object","properties":{"body":{"type":"string","description":"The python body of the policy"},"createdAt":{"type":"string"},"createdBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who created the rule"},"createdByExternal":{"type":"string","description":"The text of the user-provided CreatedBy field when uploaded via CI/CD"},"description":{"type":"string","description":"The description of the policy"},"displayName":{"type":"string","description":"The display name of the policy"},"enabled":{"type":"boolean","description":"Determines whether or not the policy is active"},"id":{"type":"string","description":"The id of the policy"},"lastModified":{"type":"string"},"managed":{"type":"boolean","description":"Determines if the policy is managed by panther"},"outputIDs":{"type":"array","items":{"type":"string"},"description":"Destination IDs that override default alert routing based on severity"},"reference":{"type":"string","description":"A URL or note for additional reference material"},"reports":{"type":"object","description":"Reports","additionalProperties":{"items":{"type":"string"},"type":"array"}},"resourceTypes":{"type":"array","items":{"type":"string"},"description":"Resource types"},"severity":{"type":"string","enum":["INFO","LOW","MEDIUM","HIGH","CRITICAL"]},"suppressions":{"type":"array","items":{"type":"string"},"description":"Resources to ignore via a pattern that matches the resource id"},"tags":{"type":"array","items":{"type":"string"},"description":"The tags for the policy"},"tests":{"type":"array","items":{"$ref":"#/components/schemas/PolicyAPI.UnitTest"},"description":"Unit tests for the Policy. Best practice is to include a positive and negative case"}}},"PolicyAPI.UnitTest":{"type":"object","properties":{"expectedResult":{"type":"boolean","description":"The expected result"},"log":{"description":"A test event object that your detection will receive as input."},"mocks":{"type":"array","items":{"$ref":"#/components/schemas/PolicyAPI.UnitTestMock"},"description":"mocks"},"name":{"type":"string","description":"name"},"resource":{"type":"string","description":"A test event object that your detection will receive as input, JSON-encoded. Prefer `log`."}},"required":["name","expectedResult"]},"PolicyAPI.UnitTestMock":{"type":"object","additionalProperties":{"type":"string"}}}},"paths":{"/policies":{"get":{"tags":["policy"],"summary":"list policies","operationId":"policy#list","parameters":[{"name":"cursor","in":"query","description":"the pagination token","allowEmptyValue":true,"schema":{"type":"string","description":"the pagination token"}},{"name":"limit","in":"query","description":"the maximum results to return","allowEmptyValue":true,"schema":{"type":"integer","description":"the maximum results to return","default":100,"format":"int64"}},{"name":"compliance-status","in":"query","description":"Only include policies with this compliance status","allowEmptyValue":true,"schema":{"type":"string","description":"Only include policies with this compliance status","enum":["PASS","FAIL","ERROR"]}},{"name":"name-contains","in":"query","description":"Substring search by name (case-insensitive)","allowEmptyValue":true,"schema":{"type":"string","description":"Substring search by name (case-insensitive)"}},{"name":"state","in":"query","description":"Only include policies in the given state","allowEmptyValue":true,"schema":{"type":"string","description":"Only include policies in the given state","enum":["enabled","disabled"]}},{"name":"resource-type","in":"query","description":"Only include policies which apply to one of the given resource types","allowEmptyValue":true,"schema":{"type":"array","items":{"type":"string"},"description":"Only include policies which apply to one of the given resource types"}},{"name":"severity","in":"query","description":"Only include policies with one of the given severities","allowEmptyValue":true,"schema":{"type":"array","items":{"type":"string","enum":["INFO","LOW","MEDIUM","HIGH","CRITICAL"]},"description":"Only include policies with one of the given severities"}},{"name":"tag","in":"query","description":"Only include policies with one of the given tags (case-insensitive)","allowEmptyValue":true,"schema":{"type":"array","items":{"type":"string"},"description":"Only include policies with one of the given tags (case-insensitive)"}},{"name":"created-by","in":"query","description":"Only include policies whose creator matches this user ID or actor ID","allowEmptyValue":true,"schema":{"type":"string","description":"Only include policies whose creator matches this user ID or actor ID"}},{"name":"last-modified-by","in":"query","description":"Only include policies last modified by this user ID or actor ID","allowEmptyValue":true,"schema":{"type":"string","description":"Only include policies last modified by this user ID or actor ID"}}],"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyAPI.ListResp"}}}}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.panther.com/ko/panther/api/rest/policies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.