Links

Using the Panther detections repo

This page describes the methods you can use to leverage Panther-managed detections in the panther-analysis repository within your CI/CD workflow.
For information on UI-based workflows to manage your detections directly in the Panther Console, see the Writing Detections documentation.

Methods for leveraging Panther-managed detections

There are two methods you can use to create a copy of Panther-managed detections from the panther-analysis repository:
    • When you use a public fork, your detection content will be publicly visible.
    • A public fork can be used to create Pull Requests to bring new detection content to the panther-analysis upstream repo.
    • If you want to keep your detection content private, we recommend using a private cloned repo. With a private cloned repo, the repository settings will control who has access to the content inside the repo.
    • Note that in this configuration, you cannot use a Pull Request to bring changes upstream.