(CI/CD) Can I write my Panther detection tests in a different file than the main configuration?
QUESTION
Panther detections are defined by a python file (detection.py) and a YAML file (detection.yml), where the configuration (rule name, description, thresholds, etc.) are defined in the YAML file. Also in that file are the unit tests for the detection. Can I instead write my tests in a separate YAML file (detection_tests.yml), and have panther_analysis_tool read from there to test my detection?
ANSWER
Currently, we do not support partitioning your detection configurations between multiple files, including for unit tests. In order for panther_analysis_tool to function properly, all your unit tests must be defined in the same YAML file as the rest of the detection configuration.