Skip to main content
Panther Knowledge Base

Do users often have a dev and prod environment for testing Panther Detections?

  1. Last updated
  2. Save as PDF

QUESTION

Do users often have separate developer / sandbox and production environments for testing Panther Detections?

ANSWER

Generally, full dev or prod deployments are not necessary just for testing detections. To ensure that detections are functioning correctly, many teams rely on the unit testing feature built into the Panther Console or use the panther_analysis_tool with a CI pipeline that enforces passing unit tests, with a minimum number of tests per detection using the --minimum-tests flag (check here for more information).

A common approach for testing new detections, is to configure them to send alerts to a designated "dev" destination. For example, this could be a muted Slack channel or a dummy email address that is not actively monitored.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.