Using Panther Analysis Tool to test and upload locally managed detections
Last updated
Was this helpful?
Panther Analysis Tool (PAT) is a CLI tool you can use to test, package and upload locally managed detections (among other actions—view them all on ). It's designed for developer-centric Panther workflows, such as managing your detections programmatically, and . PAT is open source; see its .
If you'd instead prefer to manage detection content in the Panther Console using web application-based workflows, see.
Before you can use PAT to test, package, and upload your detection content, you'll need to install it, set configuration values, and generate an API token for authentication. Learn how to complete each of these steps on .
After you've completed PAT setup, you can start using it to manage your detection content with popular commands like , , , and . Explore all you can do with PAT on .
Before you use PAT to upload your detections to your Panther instance, you'll need to write detections locally. Writing detections locally means creating Python and metadata files that define a Panther detection on your own machine.
Learn how to write different types of detection content locally on the following pages:
When you want to pull in the latest changes from the panther-analysis repository, perform the following steps from your private repo:
You can also use PAT to manage Panther-managed detections you've customized. To manage custom detections, you can privately clone or publicly fork the public . Then, upon , you can pull upstream changes.
Learn how to fork or clone the panther-analysis repository on .
Visit the Panther Knowledge Base to that answer frequently asked questions and help you resolve common errors and issues.