Managing Panther Content via CircleCI

Manage detection content in Panther with a CI/CD workflow using CircleCI

Overview

You can configure CircleCI to automate testing and upload your detection pipeline from your source repository to your Panther Console.

This guide explains how to:

  • Configure your repository to support CircleCI.

  • Configure CircleCI to automatically upload detection content you commit to your repository to your Panther instance.

See CI/CD for Panther Content for information on starting your CI/CD workflow with Panther.

Setting up CircleCI

To use CircleCI to upload detection content to your Panther instance, you'll create a CircleCI job on your repository, then configure environment variables for Panther API credentials.

Prerequisites

Step 1: Set up your detections repository

Step 2: Add a CircleCI job to your repository

In order for CircleCI to test and upload the detection content you commit to the main branch of your panther-analysis repository, you need to create a CircleCI job.

  1. On the command line, navigate to the root of your private local repository: cd path/to/your/repository

  2. Create a new directory for the CircleCI configuration, as well as a new configuration file:

    mkdir .circleci && touch .circleci/config.yml

  3. Open config.yml and paste the following:

    version: 2.1
    jobs:
      upload:
        docker:
          - image: 'cimg/python:3.11'
        steps:
          - checkout
          - run:
              name: Setup the Virtual Environment and install dependencies
              command: make venv
          - run:
              name: Run unit tests
              command: pipenv run panther_analysis_tool test
          - run:
              name: upload to internal security
              command:  |
                PANTHER_API_HOST=$INTERNAL_API_HOST \
                PANTHER_API_TOKEN=$INTERNAL_API_TOKEN \
                pipenv run -- panther_analysis_tool upload --filter Enabled=true
    workflows:
      panther:
        jobs:
          - upload:
              filters:
                branches:
                  only:
                    - main
  4. Add, commit, and push the changes to your repository:

    git add . && git commit -m 'adding initial circleci configuration' && git push

Step 3: Add Panther API credentials as environment variables

Ensure that the environment variables PANTHER_API_TOKEN and PANTHER_API_HOST are set to allow for correct authentication.

  1. Sign in to CircleCI and select the organization your project is in.

  2. In the left-hand navigation menu, click Projects.

  3. In your projects list, locate the panther-analysis repository. On the right side of the project, click ... then Project Settings.

  4. In the left-hand navigation menu, click Environment Variables.

  5. Click Add Environment Variable, and add INTERNAL_API_TOKEN and INTERNAL_API_HOST.

Check out Panther Analysis Tool Commands for more information on the Panther Analysis tool.

Last updated