Where in my Panther code repository can I store my YAML-only detections? Are there any specific guidelines?
The documentation for setting up folders and files while using YAML-only detections with the CLI can be found here.
As described, if you group your rules into folders, each folder name must include the word "rules" so that they can be identified during upload (using either PAT or the bulk uploader in the Console). It is also recommended to group your rules into folders based on the log/resource type, such as "suricata_rules" or "aws_s3_policies".
The structure of the rules is similar to Python rules, but without the Python ".py" file.