Simple Detection Error Codes
Troubleshoot Simple Detections errors
Overview
This functionality, as part of the Simple Detections feature set, is in closed beta starting with Panther version 1.81. To request access to the feature or share any bug reports or feature requests, please contact your Panther support team.
Error codes from the Simple Detections model are stable, meaning they do not change over time and are formatted consistently.
Error codes have 10 characters, and each character group represents something different. To demonstrate this, take the error code SD00100001
. It is broken down as follows:
First and second characters: Always
SD
Third, fourth, and fifth characters: Represent the category:
001
- generalSixth through tenth characters: Unique error code:
00001
- no rule specified
001 errors: general
Error code | Description |
---|---|
SD00100001 | This error code is returned when a rule is not specified in the provided Simple Detections YAML. For example, if a Simple Detections YAML file has a top level key of |
SD00100002 | This error code is returned when a file could not be read at the specified path. |
SD00100003 | This error code is returned when an unexpected type is encountered. This usually happens when you try to use a |
SD00100004 | This error code is returned when a |
SD00100005 | This error code is returned when a |
SD00100006 | This error code is returned when a |
SD00100007 | This error code is returned when a |
002 errors: unmarshaler
Error code | Description |
---|---|
SD00200001 | This error code is returned when a YAML file could not be unmarshaled. This most often occurs when the YAML file is malformed. |
SD00200002 | This error code is returned when a YAML node could not be unmarshaled. This most often occurs when the |
SD00200003 | This error code is returned when the key specifier is invalid. This occurs when:
|
SD00200004 | This error code is returned when the YAML match expression for an existence |
SD00200005 | This error code is returned when, after we finish unmarshaling the YAML, the resulting struct is invalid. Simple Detections runs a number of validations at this stage, including:
|
003 errors: core
Error code | Description |
---|---|
SD00300001 | This error is returned when a Simple Detection Rule Data Model could not be created. Most commonly, this will be a catch all for less specific errors. Check the "Inner Error" for additional details. |
SD00300002 | This error is returned when a Simple Detection Filter Data Model could not be created. Most commonly, this will be a catch all for less specific errors. Check the "Inner Error" for additional details. |
SD00300003 | This error is returned when Simple Detections was able to unmarshal the provided YAML but was unable to create a valid Simple Detections data model. This error should rarely occur, but if it does, it is likely due to a bug in the Simple Detections data models. |
SD00300004 | This error is returned when Simple Detections was able to create a valid Simple Detections data model but was unable to validate the constructed match expression. Validations that are run on constructed match expressions include, by type:
|
SD00300005 | This error code is returned when Simple Detections was able to create a valid Simple Detections data model but was unable to validate the
|
SD00300006 | This error code is returned when a Simple Detection |
SD00300007 | This error code is returned when a Match Expression was expected to be a list comprehension but is not a list comprehension. This is most commonly returned when:
|
SD00300008 | This error code is returned when a Simple Detection Alert Context Data Model could not be created. Most commonly, this will be a catch all for less specific errors. Check the "Inner Error" for additional details. |
SD00300009 | This error code is returned when Simple Detections was able to create a valid Simple Detections data model but was unable to validate the
|
SD00300010 | This error code is returned when Simple Detections was unable to validate the provided
|
SD00300011 | This error code is returned when a Simple Detection |
SD00300012 | This error code is returned when a Simple Detection Dynamic Severities Data Model could not be created. Most commonly, this will be a catch all for less specific errors. Check the "Inner Error" for additional details. |
SD00300013 | This error code is returned when a Dynamic Severity is specified but has no conditions: |
SD00300014 | This error code is returned when Simple Detections was able to create the Dynamic Severities Data Model, but was unable to validate it. Validations that are run on the Dynamic Severities include:
|
004 errors: transpiler
Error code | Description |
---|---|
SD00400001 | This error code is returned when a match expression could not be converted to Python. See the "Inner Error" for additional details. |
SD00400002 | This error code is returned when a match expression could not be converted to a Python comment. This is unlikely to occur and is probably a bug in Simple Detections. |
SD00400003 | This error code is returned when Simple Detections was able to convert all of the match expressions under the |
SD00400004 | This error code is returned when a Match Expression is not yet supported for transpilation to Python. This is unlikely to occur and is probably a bug in Simple Detections. |
005 errors: filters
Error code | Description |
---|---|
SD00500001 | This error code is returned when a match expression could not be converted to an Inline Filter. See the "Inner Error" for additional details. Most commonly, this occurs when the provided Match Expression uses an unsupported Match Expression form or Inline Filters only support the following conditions:
Inline Filters only support the following Match Expression forms: |
SD00500002 | This error code is returned when a Inline Filter could not be converted to a match expression. This is unlikely to occur and is probably a bug in Simple Detections. |
Last updated