Skip to main content
Panther Knowledge Base

Why do I receive rule import errors after removing helper functions from my Panther detection?

  1. Last updated
  2. Save as PDF

Issue

I had a reference to a function in a helper. I removed all references from my rules and from the helper, and now we are receiving alerts with rule import errors similar to the following:

New rule error: ImportError(“cannot import name from ‘helpers’”)

Resolution

To resolve this issue, stagger changes that remove dependencies. For example: 

  1. Remove references to the helper function in all the detections.
  2. Wait 30 minutes.
  3. Remove the function from the helper.

Cause

This issue can occur if you make changes to a helper and detection, then the detection engine starts a new run with the updated helper but not with the updated version of the detection. Note: This can also occur if a Pack is switched to an older version.