Skip to main content
Panther Knowledge Base

(CI/CD) Can I write my Panther detection tests in a different file than the main configuration?


Panther detections are defined by a python file ( and a YAML file (detection.yml), where the configuration (rule name, description, thresholds, etc.) are defined in the YAML file. Also in that file are the unit tests for the detection. Can I instead write my tests in a separate YAML file (detection_tests.yml), and have panther_analysis_tool read from there to test my detection?


Currently, we do not support partitioning your detection configurations between multiple files, including for unit tests. In order for panther_analysis_tool to function properly, all your unit tests must be defined in the same YAML file as the rest of the detection configuration.