Migrating to a CI/CD Workflow
Transition from managing detection content in the Console to a CI/CD workflow
Panther does not support simultaneous use of the Console and CI/CD workflows to manage detection content. If you'd like to transition from managing detections in the Panther Console to managing them via a CI/CD workflow, and you have not yet cloned or forked the panther-analysis repo, follow the process below:
Step 1: Download content created in the Console
CI/CD overwrites anything included on upload, which includes rules, policies, global helpers, and data models. If you have created your own copy of Panther-managed enrichment provider helpers, global helpers or data models, you will need to download these as well.
There are two options available: Bulk-download all entities at once, or download entities individually:
When you use this option, you can download all detections, global helpers, saved searches, and data models from your Panther Console. Note that this download will include everything that is enabled (including Panther standard rules) and outputs every file under one folder. You will need to move files to the proper repository structure.
In the left-hand navigation bar of your Panther Console, click Detections.
In the upper-right corner, click Upload.
In the Bulk Uploader modal, click Download all entities.
Download detections
In the left-hand navigation bar of your Panther Console, click Detections.
Click the Filters icon. In the Created by filter, select Created by team.
Click Apply Filters.
Download each page of detections.
Check the bulk Select All box in the upper-left corner of the list.
At the top of the list, click Download.
The detections will be downloaded in a zip that you can incorporate into your version control system.
Download helpers
In the left-hand navigation bar of your Panther Console, click Detections.
Click the Helpers tab.
On the right side of a helper tile, click ... then click Download.
Repeat for each separate helper.
Download data models
In the left-hand navigation bar of your Panther Console, click Detections.
Click the Data Models tab.
On the right side of a data model tile, click ... then click Download.
Repeat for each separate data model.
Step 2: Enable the Developer Workflow option
To prevent Panther detection Packs from being enabled from the Console, self-declare as a developer workflow account:
In the Panther Console, navigate to Settings > General.
Click Developer Workflow.
Toggle the option to ON to disallow Panther Detection Packs from being enabled in the Console.
Step 3: Mark users as read-only
To prevent users from making edits in the Panther Console that may conflict with your source control, mark them as read-only:
In the Panther Console, navigate to Settings > Users.
In the user list, locate your developers who are using a CI/CD workflow.
Click ... on the right side of a user tile. In the dropdown menu that appears, click Edit.
Change the user's role to Read Only.
Click Update.
Repeat these steps for each developer who is using a CI/CD workflow.
Step 4: Set up your CI/CD workflow
See either Managing Panther Content via GitHub Actions or Managing Panther Content via CircleCI to set up your CI/CD workflow.
Last updated
Was this helpful?