Last updated
Was this helpful?
Last updated
Was this helpful?
Before using the Panther Analysis Tool (PAT) to manage your Panther assets (on your command line or in a CI/CD pipeline, for example), you'll need to , , and . Once you've completed these steps, start running .
When new versions of PAT are released, you can .
To install PAT, your environment must have the following already installed:
Python 3.9
To install Python 3.9 using , run brew install python3.9.
To install Pipenv, run pip install --user pipenv.
To install PAT, run this command:
If you'd prefer instead to run from source for development reasons, first set up your environment:
If you would rather use PAT outside of the virtual environment, install it directly:
PAT will be installed under the following aliases—either can be used with PAT commands:
panther_analysis_tool
pat
Examples
If you are using pipenv to manage dependencies, follow the below steps to update PAT:
Update PAT to the latest version in your Pipfile.
Run pipenv install --dev.
Alternatively, you can update PAT by running the following command:
PAT can read configuration values from the command line, environment variables, or a configuration file.
The precedence for flag value sources is as follows (highest to lowest):
Values passed with the command
All options can be passed in through environment variables by prepending the variable name with PANTHER_.
For example, the AWS_TOKEN argument can be passed in through an environment variable named PANTHER_AWS_TOKEN.
PAT will read options from a configuration file called .panther_settings.yml located in your working directory. An example configuration file is included in this repo: . It contains example syntax for supported options.
PAT requires an API token to authenticate against your Panther instance. Follow to generate an API token, taking note of the .
When running PAT commands that require an API token, such as upload and delete, you will pass it with the --api-token option, in addition to the --api-host option with the .
Using an API token to authenticate with PAT means your PAT actions will be captured as .
The token does not expire. As a security best practice, we recommend regularly rotating your API token. For instructions, see .
If you are using PAT in CI/CD jobs, be sure to follow your CI/CD provider's instructions on how to manage your API token as a secret—as described on and .
Get up and running with PAT