Skip to main content
Panther Knowledge Base

How can I use boto3 in Panther detections?


 Is there any template when I want to use boto3 in my Panther detection?


When using boto3 in your detections, first you'll need a session to assume the role. For accessing it within a detection, you could create a helper function in a global helper file that gets the credentials, and then you need to implement the resource pull in your detection.

You can find relevant details in this AWS documentation: Switching to an IAM role (AWS API).


See an example below:
 import boto3

def get_aws_credentials():
 sts_client = boto3.client('sts')
 RoleArn="to be populated",
 return assumed_role_object['Credentials'] 

Please note that you can find more details about RoleArn, mentioned in the above statement, in step 1 of this article: How can I access my own AWS resources from my Python Detections? Can I store secrets in Panther?

For any resource that you can pull/have access to with your role, you can use the following template to access your AWS account resources.
 from boto3_helper import get_aws_credentials

def rule(event):
 credentials = get_aws_credentials()

 AWS_REGION = "Populate with your AWS Region"

 's3', region_name=AWS_REGION,