Panther Analysis Tool Overview
Using Panther Analysis Tool to test and upload locally managed detections
Panther Analysis Tool (PAT) is a CLI tool you can use to test, package and upload locally managed detections (among other actions—view them all on PAT Commands). It's designed for developer-centric Panther workflows, such as managing your detections programmatically, and integrating with CI/CD pipelines. PAT is open source; see its GitHub repository here.
If you'd instead prefer to manage detection content in the Panther Console using web application-based workflows, see Detections.
Before you can use PAT to test, package, and upload your detection content, you'll need to install it, set configuration values, and generate an API token for authentication. Learn how to complete each of these steps on Install, Configure, and Authenticate with PAT.
After you've completed PAT setup, you can start using it to manage your detection content with popular commands like test, zip, and upload. Explore all you can do with PAT on Panther Analysis Tool Commands.
Before you use PAT to upload your detections to your Panther instance, you'll need to write detections locally. Writing detections locally means creating Python and metadata files that define a Panther detection on your own machine.
Learn how to write different types of detections locally on the following pages:
You can also use PAT to manage Panther-managed detections you've customized. To manage custom detections, you can privately clone or publicly fork the public panther-analysis GitHub repository. Then, upon tagged releases, you can pull upstream changes.
When you want to pull in the latest changes from the panther-analysis repository, perform the following steps from your private repo:
# add the public repository as a remote
git remote add panther-upstream [email protected]:panther-labs/panther-analysis.git
# Pull in the latest changes
# Note: You may need to use the `--allow-unrelated-histories`
# flag if you did not maintain the history originally
git pull panther-upstream master
# Push the latest changes up to your forked repo and merge them
git push
Visit the Panther Knowledge Base to view articles about the Panther Analysis Tool that answer frequently asked questions and help you resolve common errors and issues.