Report Mapping
Map detections to compliance frameworks in Panther

Overview

Panther supports the ability to map rules, policies, and scheduled rules to compliance frameworks for the purposes of tracking coverage against that framework.

MITRE ATT&CK Matrix

Version 1.37 and newer allows you to directly map your Detection against the MITRE ATT&CK Matrix. To learn how to assign Tactic and Technique combos to your Detections, see the documentation: MITRE ATT&CK Matrix.

How to map a detection to a framework

Panther Console
Panther Analysis Tool
  1. 1.
    Log in to the Panther Console.
  2. 2.
    In the left sidebar, click Build > All Detections. Click the three dots icon in the upper right side of a Detection to view its details.
  3. 3.
    Click the Report Mapping tab.
  4. 4.
    Under Report Mapping:
    • Enter the framework name into the Report Key field.
    • Enter the specific framework requirement name into the Report Values field.
      • You can enter multiple report values separated by a comma.
  5. 5.
    Click Update in the upper right corner.
You can view the report mapping in the Detection Details page:
You can add report mappings using the Detection metadata yaml files in source code via Panther Analysis Tool (PAT).
For a given Detection, add the report key and value under the Reports yml tag:
Reports:
Report Key:
- Report Value
Once the detection has been uploaded via Panther Analysis Tool or bulk uploaded, the changes will be reflected in the Panther Console.
Copy link
On this page
Overview
MITRE ATT&CK Matrix
How to map a detection to a framework