Install, Configure, and Authenticate with the Panther Analysis Tool
Get up and running with PAT
Overview
Before using the Panther Analysis Tool (PAT) to manage your Panther assets (on your command line or in a CI/CD pipeline, for example), you'll need to install it, provide configuration values, and generate an API token to authenticate. Once you've completed these steps, start running PAT Commands.
When new versions of PAT are released, you can update PAT.
Installing PAT
Prerequisites
To install PAT, your environment must have the following already installed:
Python 3.9
To install Python 3.9 using Homebrew, run
brew install python3.9
.
To install Pipenv, run
pip install --user pipenv
.
Installing with pip
To install PAT, run this command:
Building from source
If you'd prefer instead to run from source for development reasons, first set up your environment:
Using PAT outside of the virtual environment
If you would rather use PAT outside of the virtual environment, install it directly:
PAT CLI aliases
PAT will be installed under the following aliases—either can be used with PAT commands:
panther_analysis_tool
pat
Examples
Updating PAT
If you are using pipenv
to manage dependencies, follow the below steps to update PAT:
Update PAT to the latest version in your
Pipfile
.Run
pipenv install --dev
.
Alternatively, you can update PAT by running the following command:
Configuring PAT
PAT can read configuration values from the command line, environment variables, or a configuration file.
Configuration value precedence
The precedence for flag value sources is as follows (highest to lowest):
Values passed with the command
Environment variables
All options can be passed in through environment variables by prepending the variable name with PANTHER_.
For example, the AWS_TOKEN
argument can be passed in through an environment variable named PANTHER_AWS_TOKEN
.
PAT configuration file
PAT will read options from a configuration file called .panther_settings.yml
located in your working directory. An example configuration file is included in this repo: example_panther_config.yml. It contains example syntax for supported options.
Authenticating with an API token
PAT requires an API token to authenticate against your Panther instance. Follow these instructions to generate an API token, taking note of the required permissions per PAT command.
When running PAT commands that require an API token, such as upload
and delete
, you will pass it with the --api-token
option, in addition to the --api-host
option with the GraphQL host.
Using an API token to authenticate with PAT means your PAT actions will be captured as Panther Audit Logs.
Rotating the API token
The token does not expire. As a security best practice, we recommend regularly rotating your API token. For instructions, see Rotating API tokens.
Managing your API token as a secret
If you are using PAT in CI/CD jobs, be sure to follow your CI/CD provider's instructions on how to manage your API token as a secret—as described on Managing Panther Content via GitHub Actions and Managing Panther Content via CircleCI.
Last updated