CI/CD for Panther Content

Panther customers can automate their , work with custom logs via , and improve security with a CI/CD workflow. Learn about other non-web application-based workflows in the .

For information on web application-based workflows to manage your detections and custom logs directly in the Panther Console, see the and documentation pages.

To learn how to migrate from Console workflows to CI/CD, see .

Panther's CI/CD documentation walks through setting up a workflow such as the following:

Forking or cloning the repo to leverage Panther-managed Python detections.
Currently, only Python Panther-managed detections are available for you to clone, modify, and upload. YAML Panther-managed detections are planned for a future release.
- The Python detections in panther-analysis are broadly applicable, and can be customized to ensure that you are receiving only the alerts that are most important to your organization.
- See for instructions.
Pulling updates from panther-analysis to take advantage of new Python detections and other content updates.
- This process allows you to sync to the upstream panther-analysis repository in order to receive new Python detections and other detection content updates.
- See or for instructions, depending on your organization's chosen method.
Adapting the detections to fit within your CI/CD workflow and uploading them to your Panther Console.
- See for instructions on using PAT and managing Panther content via CircleCI or GitHub Actions.
- If you choose to manually upload your content to the Panther Console, see .

PreviousManaging Lookup Tables and Enrichment Providers with the Panther Analysis Tool NextDeployment Workflows Using Panther Analysis Tool

Last updated 2 months ago

Was this helpful?