Schemas

Panther GraphQL API schema operations

Overview

The Panther API supports the following schema operations:

Creating or updating a custom schema
Listing schemas

You can invoke Panther's API by using your Console's API Playground, or the GraphQL-over-HTTP API. Learn more about these methods on .

See to learn more about custom schemas in Panther.

Required API token permissions

Before starting to make API calls, ensure your API token has the necessary permissions attached:

View Log Sources: Required for all schema operations.
Manage Log Sources: Required for the schema management operations that are mutations (i.e., CreateOrUpdateSchema).
Read User Info: Required if you would like to retrieve integration fields related to an actor, such as createdBy.

Common schema operations

Creating a custom schema

mutation addSchema {
  createOrUpdateSchema(input:{
    description: "description"
    name:"Custom.NewSchema",
    isFieldDiscoveryEnabled: true,
    spec:"""
    fields:
     - name: foo
       type: string
    """
  }) {
    schema {
      createdAt
      description
      isArchived
      isManaged
      name
      referenceURL
      revision
      isFieldDiscoveryEnabled
      spec
      discoveredSpec
      updatedAt
      version
    }
  }
}

Listing schemas

This query lists all schemas, including custom and Panther-managed schemas.

Pagination is not currently supported by schemas—all schemas will be returned in the first page of results. The cursor field in the input object, below, is a placeholder for when pagination is eventually supported.

query ListSchemas {
  schemas(input:{cursor:""}) {
    edges {
      node {
        createdAt
        description
        isArchived
        isManaged
        name
        referenceURL
        revision
        isFieldDiscoveryEnabled
        spec
        discoveredSpec
        updatedAt
        version
      }
    }
  }
}

PreviousMetrics NextToken Rotation

Last updated 3 months ago

Was this helpful?