Map detections to compliance frameworks in Panther
Panther supports the ability to map rules, policies, and scheduled rules to compliance frameworks for the purposes of tracking coverage against that framework.
MITRE ATT&CK Matrix
Version 1.37 and newer allows you to directly map your Detection against the MITRE ATT&CK Matrix. To learn how to assign Tactic and Technique combos to your Detections, see the documentation: MITRE ATT&CK Matrix.
How to map a detection to a framework
Panther Analysis Tool
Log in to the Panther Console.
In the left sidebar, click Build > All Detections. Click the three dots icon in the upper right side of a Detection to view its details.
Click the Report Mapping tab.
Under Report Mapping:
Enter the framework name into the Report Key field.
Enter the specific framework requirement name into the Report Values field.
You can enter multiple report values separated by a comma.
Click Update in the upper right corner.
You can view the report mapping in the Detection Details page: