Managing Panther Content via CircleCI
Manage detection content in Panther with a CI/CD workflow using CircleCI
You can configure CircleCI to automate testing and upload your detection pipeline from your source repository to your Panther Console.
This guide explains how to:
- Configure your repository to support CircleCI.
- Configure CircleCI to automatically upload detection content you commit to your repository to your Panther instance.
To use CircleCI to upload detection content to your Panther instance, you'll create a CircleCI job on your repository, then configure environment variables for Panther API credentials.
- Generate an API token from your Panther Console.
- If you do not already have a repository set up for your Panther detection content, create one. It is recommended to either privately clone or publicly fork Panther's panther-analysis repository.
In order for CircleCI to upload the detection content you commit to the
master
branch of your panther-analysis
repository, you need to create a CircleCI job.- 1.On the command line, navigate to the root of your private local repository:
cd path/to/your/repository
- 2.Create a new directory for the CircleCI configuration, as well as a new configuration file:
mkdir .circleci && touch .circleci/config.yml
- 3.Open
config.yml
and paste the following:version: 2.1jobs:upload:docker:- image: 'circleci/python:3.10'steps:- checkout- run:name: Setup the Virtual Environment and install dependenciescommand: make venv- run:name: upload to internal securitycommand: |PANTHER_API_HOST=$INTERNAL_API_HOST \PANTHER_API_TOKEN=$INTERNAL_API_TOKEN \pipenv run -- panther_analysis_tool upload --filter Enabled=trueworkflows:panther:jobs:- upload:filters:branches:only:- master - 4.Add, commit, and push the changes to your repository:
git add . && git commit -m 'adding initial circleci configuration' && git push
Ensure that the environment variables
PANTHER_API_TOKEN
and PANTHER_API_HOST
are set to allow for correct authentication.- 1.
- 2.In the left-hand navigation menu, click Projects.
- 3.In your projects list, locate the
panther-analysis
repository. On the right side of the project, click ... then Project Settings. - 4.In the left-hand navigation menu, click Environment Variables.
- 5.Click Add Environment Variable, and add
INTERNAL_API_TOKEN
andINTERNAL_API_HOST
.