CI/CD for Panther Content

Panther customers can automate their detection pipeline, work with custom logs via pantherlog, and improve security with a CI/CD workflow. Learn about other non-web application-based workflows in the Panther Developer Workflows Overview.

For information on web application-based workflows to manage your detections and custom logs directly in the Panther Console, see the Writing and Editing Detections and Custom Logs documentation pages.

To learn how to migrate from Console workflows to CI/CD, see Migrating to a CI/CD Workflow.

Panther's CI/CD documentation walks through setting up a workflow such as the following:

1. Forking or cloning the panther-analysis repo to leverage Panther-managed Python detections.

   Currently, only Python Panther-managed detections are available for you to clone, modify, and upload. YAML Panther-managed detections are planned for a future release.

   • The Python detections in panther-analysis are broadly applicable, and can be customized to ensure that you are receiving only the alerts that are most important to your organization.

   • See Using the Panther detections repo for instructions.

2. Pulling updates from panther-analysis to take advantage of new Python detections and other content updates.

   • This process allows you to sync to the upstream panther-analysis repository in order to receive new Python detections and other detection content updates.

   • See Public fork or Private cloned repo for instructions, depending on your organization's chosen method.

3. Adapting the detections to fit within your CI/CD workflow and uploading them to your Panther Console.

   • See Deployment workflows using Panther Analysis Tool for instructions on using PAT and managing Panther content via CircleCI or GitHub Actions.

   • If you choose to manually upload your content to the Panther Console, see Uploading content in the Panther Console.