Do users often have a dev and prod environment for testing Panther Detections?

Last updated
Save as PDF

QUESTION

Do users often have separate developer / sandbox and production environments for testing Panther Detections?

ANSWER

Generally, we do not see a full dev or prod deployment just for testing detections. To ensure detections are working as expected, many teams rely on the unit testing built into the Panther Console or the panther_analysis_tool with a CI pipeline that enforces passing unit tests with a minimum number of unit tests per detection (with the --minimum-tests flag).

A common way to test new detections is to configure them to send alerts to a specific “dev” destination (e.g., a Slack channel that is muted or a dummy email that no one watches).