Policies

REST API operations for policies

Overview

The /policies REST API operations are in open beta starting with Panther version 1.98, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.

Use these API operations to interact with policies in Panther.

To call the API, see the How to use the Panther REST API instructions—including directions for how to invoke it directly from this documentation page.

Required permissions

  • For GET operations, your API token must have the View Policies permission.

  • For POST, PUT, and DELETE operations, your API token must have the Manage Policies permission.

Operations

create policy

post
Authorizations
Query parameters
run-tests-firstbooleanOptional

set this field to false to exclude running tests prior to saving

Default: true
run-tests-onlybooleanOptional

set this field to true if you want to run tests without saving

Default: false
Body
bodystringRequired

The python body of the policy

descriptionstringOptional

The description of the policy

displayNamestringOptional

The display name of the policy

enabledbooleanOptional

Determines whether or not the policy is active

idstringRequired

The id of the policy

managedbooleanOptional

Determines if the policy is managed by panther

outputIDsstring[]Optional

Destination IDs that override default alert routing based on severity

resourceTypesstring[]Optional

Resource types

severitystring · enumRequiredPossible values:
suppressionsstring[]Optional

Resources to ignore via a pattern that matches the resource id

Example: ["aws::s3::*"]
tagsstring[]Optional

The tags for the policy

Responses
200
OK response.
application/json
post
POST /policies HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 367

{
  "body": "text",
  "description": "text",
  "displayName": "text",
  "enabled": true,
  "id": "text",
  "managed": true,
  "outputIDs": [
    "text"
  ],
  "reports": {
    "ANY_ADDITIONAL_PROPERTY": [
      "text"
    ]
  },
  "resourceTypes": [
    "text"
  ],
  "severity": "INFO",
  "suppressions": [
    "aws::s3::*"
  ],
  "tags": [
    "text"
  ],
  "tests": [
    {
      "expectedResult": true,
      "mocks": [
        {
          "ANY_ADDITIONAL_PROPERTY": "text"
        }
      ],
      "name": "text",
      "resource": "text"
    }
  ]
}
{
  "body": "text",
  "createdAt": "text",
  "createdBy": {
    "id": "user",
    "type": "text"
  },
  "createdByExternal": "text",
  "description": "text",
  "displayName": "text",
  "enabled": true,
  "id": "text",
  "lastModified": "text",
  "managed": true,
  "outputIDs": [
    "text"
  ],
  "reports": {
    "ANY_ADDITIONAL_PROPERTY": [
      "text"
    ]
  },
  "resourceTypes": [
    "text"
  ],
  "severity": "INFO",
  "suppressions": [
    "aws::s3::*"
  ],
  "tags": [
    "text"
  ],
  "tests": [
    {
      "expectedResult": true,
      "mocks": [
        {
          "ANY_ADDITIONAL_PROPERTY": "text"
        }
      ],
      "name": "text",
      "resource": "text"
    }
  ]
}

get policy

get
Authorizations
Path parameters
idstringRequired

the id of the policy to fetch

Responses
200
OK response.
application/json
get
GET /policies/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*
{
  "body": "text",
  "createdAt": "text",
  "createdBy": {
    "id": "user",
    "type": "text"
  },
  "createdByExternal": "text",
  "description": "text",
  "displayName": "text",
  "enabled": true,
  "id": "text",
  "lastModified": "text",
  "managed": true,
  "outputIDs": [
    "text"
  ],
  "reports": {
    "ANY_ADDITIONAL_PROPERTY": [
      "text"
    ]
  },
  "resourceTypes": [
    "text"
  ],
  "severity": "INFO",
  "suppressions": [
    "aws::s3::*"
  ],
  "tags": [
    "text"
  ],
  "tests": [
    {
      "expectedResult": true,
      "mocks": [
        {
          "ANY_ADDITIONAL_PROPERTY": "text"
        }
      ],
      "name": "text",
      "resource": "text"
    }
  ]
}

put policy

put

put creates or updates a policy

Authorizations
Path parameters
idstringRequired

the id of the policy

Query parameters
run-tests-firstbooleanOptional

set this field to false to exclude running tests prior to saving

Default: true
run-tests-onlybooleanOptional

set this field to true if you want to run tests without saving

Default: false
Body
bodystringRequired

The python body of the policy

descriptionstringOptional

The description of the policy

displayNamestringOptional

The display name of the policy

enabledbooleanOptional

Determines whether or not the policy is active

idstringRequired

The id of the policy

managedbooleanOptional

Determines if the policy is managed by panther

outputIDsstring[]Optional

Destination IDs that override default alert routing based on severity

resourceTypesstring[]Optional

Resource types

severitystring · enumRequiredPossible values:
suppressionsstring[]Optional

Resources to ignore via a pattern that matches the resource id

Example: ["aws::s3::*"]
tagsstring[]Optional

The tags for the policy

Responses
200
200 returned if the item already existed
application/json
put
PUT /policies/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 367

{
  "body": "text",
  "description": "text",
  "displayName": "text",
  "enabled": true,
  "id": "text",
  "managed": true,
  "outputIDs": [
    "text"
  ],
  "reports": {
    "ANY_ADDITIONAL_PROPERTY": [
      "text"
    ]
  },
  "resourceTypes": [
    "text"
  ],
  "severity": "INFO",
  "suppressions": [
    "aws::s3::*"
  ],
  "tags": [
    "text"
  ],
  "tests": [
    {
      "expectedResult": true,
      "mocks": [
        {
          "ANY_ADDITIONAL_PROPERTY": "text"
        }
      ],
      "name": "text",
      "resource": "text"
    }
  ]
}
{
  "body": "text",
  "createdAt": "text",
  "createdBy": {
    "id": "user",
    "type": "text"
  },
  "createdByExternal": "text",
  "description": "text",
  "displayName": "text",
  "enabled": true,
  "id": "text",
  "lastModified": "text",
  "managed": true,
  "outputIDs": [
    "text"
  ],
  "reports": {
    "ANY_ADDITIONAL_PROPERTY": [
      "text"
    ]
  },
  "resourceTypes": [
    "text"
  ],
  "severity": "INFO",
  "suppressions": [
    "aws::s3::*"
  ],
  "tags": [
    "text"
  ],
  "tests": [
    {
      "expectedResult": true,
      "mocks": [
        {
          "ANY_ADDITIONAL_PROPERTY": "text"
        }
      ],
      "name": "text",
      "resource": "text"
    }
  ]
}

delete policy

delete
Authorizations
Path parameters
idstringRequired

ID of the policy to delete

Responses
204
No Content response.
delete
DELETE /policies/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

No content

list policies

get
Authorizations
Query parameters
cursorstringOptional

the pagination token

limitinteger · int64Optional

the maximum results to return

Default: 100
compliance-statusstring · enumOptional

Only include policies with this compliance status

Possible values:
name-containsstringOptional

Substring search by name (case-insensitive)

statestring · enumOptional

Only include policies in the given state

Possible values:
resource-typestring[]Optional

Only include policies which apply to one of the given resource types

tagstring[]Optional

Only include policies with one of the given tags (case-insensitive)

created-bystringOptional

Only include policies whose creator matches this user ID or actor ID

last-modified-bystringOptional

Only include policies last modified by this user ID or actor ID

Responses
200
OK response.
application/json
get
GET /policies HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*
200

OK response.

{
  "next": "text",
  "results": [
    {
      "body": "text",
      "createdAt": "text",
      "createdBy": {
        "id": "user",
        "type": "text"
      },
      "createdByExternal": "text",
      "description": "text",
      "displayName": "text",
      "enabled": true,
      "id": "text",
      "lastModified": "text",
      "managed": true,
      "outputIDs": [
        "text"
      ],
      "reports": {
        "ANY_ADDITIONAL_PROPERTY": [
          "text"
        ]
      },
      "resourceTypes": [
        "text"
      ],
      "severity": "INFO",
      "suppressions": [
        "aws::s3::*"
      ],
      "tags": [
        "text"
      ],
      "tests": [
        {
          "expectedResult": true,
          "mocks": [
            {
              "ANY_ADDITIONAL_PROPERTY": "text"
            }
          ],
          "name": "text",
          "resource": "text"
        }
      ]
    }
  ]
}

Last updated

Was this helpful?