Knowledge Base Community Release Notes Request Demo

Policies

REST API operations for policies

Overview

The /policies REST API operations are in open beta starting with Panther version 1.98, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.

Use these API operations to interact with policies in Panther.

To call the API, see the How to use the Panther REST API instructions—including directions for how to invoke it directly from this documentation page.

Required permissions

For GET operations, your API token must have the View Policies permission.
For POST, PUT, and DELETE operations, your API token must have the Manage Policies permission.

Operations

PreviousSimple Rules NextGraphQL API

Last updated 9 months ago

Was this helpful?

delete policy

delete

/policies/{id}

Authorizations

Path parameters

idstringrequired

ID of the policy to delete

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --request DELETE \
  --url 'https://your-api-host/policies/{id}' \
  --header 'X-API-Key: YOUR_API_KEY'

204

400

404

No body

No Content response.

create policy

post

/policies

Authorizations

Query parameters

run-tests-firstboolean · default: true

set this field to false to exclude running tests prior to saving

run-tests-onlyboolean

set this field to true if you want to run tests without saving

Body

bodystringrequired

The python body of the policy

descriptionstring

The description of the policy

displayNamestring

The display name of the policy

enabledboolean

Determines whether or not the policy is active

idstringrequired

The id of the policy

managedboolean

Determines if the policy is managed by panther

severitystring · enumrequired

Options: INFO, LOW, MEDIUM, HIGH, CRITICAL

resourceTypesstring[]

Resource types

suppressionsstring[]

Resources to ignore via a pattern that matches the resource id

Example: ["aws::s3::*"]

tagsstring[]

The tags for the policy

testsobject[]

Unit tests for the Policy. Best practice is to include a positive and negative case

reportsobject

Reports

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url 'https://your-api-host/policies' \
  --header 'X-API-Key: YOUR_API_KEY' \
  --header 'Content-Type: application/json' \
  --data '{"body":"text","id":"text","severity":"INFO","resourceTypes":[null],"suppressions":["aws::s3::*"],"tags":[null],"tests":[{"expectedResult":true,"name":"text","resource":"text","mocks":[{}]}],"reports":{"ANY_ADDITIONAL_PROPERTY":[null]}}'

200

204

400

409

{
  "body": "text",
  "createdAt": "text",
  "description": "text",
  "displayName": "text",
  "enabled": true,
  "id": "text",
  "lastModified": "text",
  "managed": true,
  "severity": "INFO",
  "resourceTypes": [
    "text"
  ],
  "suppressions": [
    "aws::s3::*"
  ],
  "tags": [
    "text"
  ],
  "tests": [
    {
      "expectedResult": true,
      "name": "text",
      "resource": "text",
      "mocks": [
        {}
      ]
    }
  ],
  "reports": {
    "ANY_ADDITIONAL_PROPERTY": [
      "text"
    ]
  }
}

OK response.

get policy

get

/policies/{id}

Authorizations

Path parameters

idstringrequired

the id of the policy to fetch

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'https://your-api-host/policies/{id}' \
  --header 'X-API-Key: YOUR_API_KEY'

200

404

{
  "body": "text",
  "createdAt": "text",
  "description": "text",
  "displayName": "text",
  "enabled": true,
  "id": "text",
  "lastModified": "text",
  "managed": true,
  "severity": "INFO",
  "resourceTypes": [
    "text"
  ],
  "suppressions": [
    "aws::s3::*"
  ],
  "tags": [
    "text"
  ],
  "tests": [
    {
      "expectedResult": true,
      "name": "text",
      "resource": "text",
      "mocks": [
        {}
      ]
    }
  ],
  "reports": {
    "ANY_ADDITIONAL_PROPERTY": [
      "text"
    ]
  }
}

OK response.

put policy

put creates or updates a policy

put

/policies/{id}

Authorizations

Path parameters

idstringrequired

the id of the policy

Query parameters

run-tests-firstboolean · default: true

set this field to false to exclude running tests prior to saving

run-tests-onlyboolean

set this field to true if you want to run tests without saving

Body

bodystringrequired

The python body of the policy

descriptionstring

The description of the policy

displayNamestring

The display name of the policy

enabledboolean

Determines whether or not the policy is active

idstringrequired

The id of the policy

managedboolean

Determines if the policy is managed by panther

severitystring · enumrequired

Options: INFO, LOW, MEDIUM, HIGH, CRITICAL

resourceTypesstring[]

Resource types

suppressionsstring[]

Resources to ignore via a pattern that matches the resource id

Example: ["aws::s3::*"]

tagsstring[]

The tags for the policy

testsobject[]

Unit tests for the Policy. Best practice is to include a positive and negative case

reportsobject

Reports

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --request PUT \
  --url 'https://your-api-host/policies/{id}' \
  --header 'X-API-Key: YOUR_API_KEY' \
  --header 'Content-Type: application/json' \
  --data '{"body":"text","id":"text","severity":"INFO","resourceTypes":[null],"suppressions":["aws::s3::*"],"tags":[null],"tests":[{"expectedResult":true,"name":"text","resource":"text","mocks":[{}]}],"reports":{"ANY_ADDITIONAL_PROPERTY":[null]}}'

200

201

204

400

{
  "body": "text",
  "createdAt": "text",
  "description": "text",
  "displayName": "text",
  "enabled": true,
  "id": "text",
  "lastModified": "text",
  "managed": true,
  "severity": "INFO",
  "resourceTypes": [
    "text"
  ],
  "suppressions": [
    "aws::s3::*"
  ],
  "tags": [
    "text"
  ],
  "tests": [
    {
      "expectedResult": true,
      "name": "text",
      "resource": "text",
      "mocks": [
        {}
      ]
    }
  ],
  "reports": {
    "ANY_ADDITIONAL_PROPERTY": [
      "text"
    ]
  }
}

200 returned if the item already existed

list policies

get

/policies

Authorizations

Query parameters

cursorstring

the pagination token

limitinteger · int64 · default: 100

the maximum results to return

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'https://your-api-host/policies' \
  --header 'X-API-Key: YOUR_API_KEY'

200

{
  "next": "text",
  "results": [
    {
      "body": "text",
      "createdAt": "text",
      "description": "text",
      "displayName": "text",
      "enabled": true,
      "id": "text",
      "lastModified": "text",
      "managed": true,
      "severity": "INFO",
      "resourceTypes": [
        "text"
      ],
      "suppressions": [
        "aws::s3::*"
      ],
      "tags": [
        "text"
      ],
      "tests": [
        {
          "expectedResult": true,
          "name": "text",
          "resource": "text",
          "mocks": [
            {}
          ]
        }
      ],
      "reports": {
        "ANY_ADDITIONAL_PROPERTY": [
          "text"
        ]
      }
    }
  ]
}

OK response.