Is it possible to upload Saved Queries using Panther Analysis Tool?

Last updated
Save as PDF

QUESTION

Is it possible to upload Saved Queries using Panther Analysis Tool (PAT)?

ANSWER

Yes, it is possible to upload your saved queries through CI/CD by running the PAT upload command using your API key <api-token> ,<your-panther-instance-name> and locating the YAML (.yml) metadata file of your saved query <path-to-your-query>.

You can use the Panther Analysis Tool upload command:

panther_analysis_tool upload --path <path-to-your-query> --api-token <api-token> 
--api-host https://api.<your-panther-instance-name>.runpanther.net/public/graphql --skip-tests

An example of the metadata .yml template that can be used to create your saved query:

AnalysisType: scheduled_query
Enabled: false
Query: |-
    SELECT *
    FROM panther_logs.public.custom_logs
    WHERE p_source_id = 'my-source-id'
    LIMIT 10
QueryName: my saved query name

You can also limit your upload, filtering by the AnalysisType value within your command --filter AnalysisType=scheduled_query.