Last updated
Was this helpful?
Last updated
Was this helpful?
Panther Analysis Tool (PAT) is a CLI tool you can use to test, package and upload locally managed detection content (among other actions—view them all on ). It's designed for developer-centric Panther workflows, such as managing your detection content programmatically, and . PAT is open-source—see its .
If you'd instead prefer to manage detection content in the Panther Console using web application-based workflows, see.
Before you can use PAT to test, package, and upload your detection content, you'll need to install it, set configuration values, and generate an API token for authentication. Learn how to complete each of these steps on .
After you've completed PAT setup, you can start using it to manage your detection content with commands like , , , and . Explore all you can do with PAT on .
Before you use PAT to upload your custom detection content to your Panther instance, you can need to create it locally. Writing detection content locally means creating files that define it on your own machine.
Learn how to write different types of detection content locally on the following pages:
Detections
Other detection content
When you want to pull in the latest changes from the panther-analysis repository, perform the following steps from your private repo:
You can also use PAT to manage detections you've customized. To manage custom detections, you can privately clone or publicly fork the public . Then, upon , you can pull upstream changes.
Learn how to fork or clone the panther-analysis repository on .
It's recommended to pull upstream changes from panther-analysis when there is a new . You can also pull from the . No other branches should be considered stable.
Visit the Panther Knowledge Base to that answer frequently asked questions and help you resolve common errors and issues.
Using Panther Analysis Tool to test and upload locally managed detections