Policies

REST API operations for policies

Overview

The /policies REST API operations are in open beta starting with Panther version 1.98, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.

Use these API operations to interact with policies in Panther.

To call the API, see the How to use the Panther REST API instructions—including directions for how to invoke it directly from this documentation page.

Required permissions

For GET operations, your API token must have the View Policies permission.
For POST, PUT, and DELETE operations, your API token must have the Manage Policies permission.

Operations

create policy

POSThttps://your-api-host/policies

Query parameters

Body

body*string

The python body of the policy

descriptionstring

The description of the policy

displayNamestring

The display name of the policy

enabledboolean

Determines whether or not the policy is active

id*string

The id of the policy

managedboolean

Determines if the policy is managed by panther

reportsobject

Reports

resourceTypesarray of string

Resource types

severity*enum

INFOLOWMEDIUMHIGHCRITICAL

suppressionsarray of string

Resources to ignore via a pattern that matches the resource id

tagsarray of string

The tags for the policy

testsarray of PolicyAPI.UnitTest (object)

Unit tests for the Policy. Best practice is to include a positive and negative case

Response

OK response.

Body

PolicyAPI.PolicycreateResponseBody (any)

Request

Response

get policy

GEThttps://your-api-host/policies/{id}

Path parameters

id*string

the id of the policy to fetch

Response

OK response.

Body

bodystring

The python body of the policy

createdAtstring

descriptionstring

The description of the policy

displayNamestring

The display name of the policy

enabledboolean

Determines whether or not the policy is active

idstring

The id of the policy

lastModifiedstring

managedboolean

Determines if the policy is managed by panther

reportsobject

Reports

resourceTypesarray of string

Resource types

severityenum

INFOLOWMEDIUMHIGHCRITICAL

suppressionsarray of string

Resources to ignore via a pattern that matches the resource id

tagsarray of string

The tags for the policy

testsarray of PolicyAPI.UnitTest (object)

Unit tests for the Policy. Best practice is to include a positive and negative case

Request

Response

put policy

put creates or updates a policy

PUThttps://your-api-host/policies/{id}

Path parameters

id*string

the id of the policy

Query parameters

Body

body*string

The python body of the policy

descriptionstring

The description of the policy

displayNamestring

The display name of the policy

enabledboolean

Determines whether or not the policy is active

id*string

The id of the policy

managedboolean

Determines if the policy is managed by panther

reportsobject

Reports

resourceTypesarray of string

Resource types

severity*enum

INFOLOWMEDIUMHIGHCRITICAL

suppressionsarray of string

Resources to ignore via a pattern that matches the resource id

tagsarray of string

The tags for the policy

testsarray of PolicyAPI.UnitTest (object)

Unit tests for the Policy. Best practice is to include a positive and negative case

Response

200 returned if the item already existed

Body

PolicyAPI.PolicycreateResponseBody (any)

Request

Response

delete policy

DELETEhttps://your-api-host/policies/{id}

Path parameters

id*string

ID of the policy to delete

Response

No Content response.

Request

const response = await fetch('https://your-api-host/policies/{id}', {
    method: 'DELETE',
    headers: {},
});
const data = await response.json();

Response

{
  "message": "text",
  "testResults": [
    {
      "error": {
        "code": "text",
        "message": "text"
      },
      "errored": false,
      "functions": {
        "alertContext": {
          "error": {
            "code": "text",
            "message": "text"
          },
          "output": "text"
        },
        "dedup": {
          "error": {
            "code": "text",
            "message": "text"
          },
          "output": "text"
        },
        "description": {
          "error": {
            "code": "text",
            "message": "text"
          },
          "output": "text"
        },
        "destinations": {
          "error": {
            "code": "text",
            "message": "text"
          },
          "output": "text"
        },
        "detection": {
          "error": {
            "code": "text",
            "message": "text"
          },
          "output": "text"
        },
        "reference": {
          "error": {
            "code": "text",
            "message": "text"
          },
          "output": "text"
        },
        "runbook": {
          "error": {
            "code": "text",
            "message": "text"
          },
          "output": "text"
        },
        "severity": {
          "error": {
            "code": "text",
            "message": "text"
          },
          "output": "text"
        },
        "title": {
          "error": {
            "code": "text",
            "message": "text"
          },
          "output": "text"
        }
      },
      "name": "text",
      "passed": false,
      "triggerAlert": false
    }
  ]
}

list policies

GEThttps://your-api-host/policies

Query parameters

Response

OK response.

Body

nextstring

pagination token for the next page of results

resultsarray of PolicyAPI.PolicycreateResponseBody (any)

Request

Response

PreviousSimple Rules NextGraphQL API

Last updated 6 months ago