How can I access my own AWS resources from my Python Detections? Can I store secrets in Panther?

QUESTION

Is it possible to do advanced actions in my Python detections, such as making external third-party API calls or accessing information about  my AWS account?

ANSWER

To access your own AWS resources from Python Detections, please do the following:

1. Create a role in your AWS account that has the required permissions to access your resources (e.g. Secret Manager). 
2. Reach out to Panther Support to request access to the detection engine, and let Panther Support know the role ARN of the role you created.
3. Panther Support will guide you on the next steps for configuring the role.

We can support this workflow by granting special permissions to the detection engine that runs your Python code and allowing you access to resources in your own AWS account. For example, if you wanted to access a third-party API token, you could store this securely in your own AWS account's AWS Secret Manager. In your detection, you could write code that will first retrieve the secret and then use it to make calls to the third-party API. Examples of creating that API call can be found within the Boto3 documentation.

By default, the detection engine will not allow any access to an external AWS account; even if you create the permissions, you would not be able to access your AWS account from your detections until we explicitly grant permission to do so.