How to write unit tests for stateful Panther detections
QUESTION
What is the recommended approach to writing/maintaining unit tests in rules that are stateful detections?
ANSWER
We recommend using Mocks, as documented here. Mocks can mimic responses from API calls, or other dynamic information used by detection logic, like counting variables.