Install, Configure, and Authenticate with the Panther Analysis Tool
Get up and running with PAT
Last updated
Was this helpful?
Get up and running with PAT
Last updated
Was this helpful?
Before using the Panther Analysis Tool (PAT) to manage your Panther assets (on your command line or in a CI/CD pipeline, for example), you'll need to , , and . Once you've completed these steps, start running .
When new versions of PAT are released, you can .
To install PAT, your environment must have the following already installed:
Python 3.11. Install Python using one of the following methods:
The download links on the
Using , by running brew install python@3.11
Using to manage Python versions
Pipenv. To install , run pip install --user pipenv
.
To install PAT, run this command:
If you'd prefer instead to run from source for development reasons, first set up your environment:
If you would rather use PAT outside of the virtual environment, install it directly:
PAT will be installed under the following aliases—either can be used with PAT commands:
panther_analysis_tool
pat
Examples
If you are using pipenv
to manage dependencies, follow the below steps to update PAT:
Update PAT to the latest version in your Pipfile
.
Run pipenv install --dev
.
Alternatively, you can update PAT by running the following command:
PAT can read configuration values from the command line, environment variables, or a configuration file.
The precedence for flag value sources is as follows (highest to lowest):
Values passed with the command
All options can be passed in through environment variables by prepending the variable name with PANTHER_.
For example, the api_token
and api_host
arguments can be set through environment variables named PANTHER_API_TOKEN
and PANTHER_API_HOST
.
To validate your token, run pipenv run pat check-connection --api-token <your-api-token> --api-host <your-api-host>
.
The simplest way to pass API token and host values is with the command, i.e., using --api-token
and --api-host
.
PAT will read options from a configuration file called .panther_settings.yml
located in your working directory. An example configuration file is included in this repo: . It contains example syntax for supported options.
Most PAT commands require authentication against your Panther instance using an API token. Authenticated PAT actions are captured as .
Follow .
Take note of the .
See .
When running PAT commands that require an API token, be sure your API token (and ) are visible to PAT via one of the .
The token does not expire. As a security best practice, we recommend regularly rotating your API token. For instructions, see .
If you are using PAT in CI/CD jobs, be sure to follow your CI/CD provider's instructions on how to manage your API token as a secret—as described on and .