Migrating to a CI/CD Workflow

Panther does not support simultaneous use of the Console and CI/CD workflows to manage detection content. If you'd like to transition from managing detections in the Panther Console to managing them via a CI/CD workflow, and you have not yet cloned or forked the panther-analysis repo, follow the process below:

Step 1: Download content created in the Console

CI/CD overwrites anything included on upload, which includes rules, policies, global helpers, and data models. If you have created your own copy of Panther-managed enrichment provider helpers, global helpers or data models, you will need to download these as well.

There are two options available: Bulk-download all entities at once, or download entities individually:

Step 2: Enable the Developer Workflow option

To prevent Panther detection Packs from being enabled from the Console, self-declare as a developer workflow account:

1. In the Panther Console, navigate to Settings > General.

2. Click Developer Workflow.

3. Toggle the option to ON to disallow Panther Detection Packs from being enabled in the Console.

Step 3: Mark users as read-only

To prevent users from making edits in the Panther Console that may conflict with your source control, mark them as read-only:

1. In the Panther Console, navigate to Settings > Users.

2. In the user list, locate your developers who are using a CI/CD workflow.

3. Click ... on the right side of a user tile. In the dropdown menu that appears, click Edit.

4. Change the user's role to Read Only.

5. Click Update.

6. Repeat these steps for each developer who is using a CI/CD workflow.

Step 4: Set up your CI/CD workflow

• See either Managing Panther Content via GitHub Actions or Managing Panther Content via CircleCI to set up your CI/CD workflow.