How do I remove deprecated Panther-managed rules from my UI?
QUESTION
I see deprecated Panther-managed rules in my Panther Console. I tried deleting them, but they keep reappearing. How do I remove them?
ANSWER
There are a couple ways to do this:
- Filter out the deprecated rules using Filter or Ignore. With this approach, the files don't get deleted and you may have to run the command again when your repo syncs.
- Ensure that you have disabled those rules in your repo
- Run this command:
pipenv run panther_analysis_tool upload --filter Enabled=true
- That will limit the upload to rules where
Enabled:
True
is set
- That will limit the upload to rules where
- After that, you can delete the rules through the UI without them reappearing when you upload using PAT
- Git remove the files. This approach is more permanent, as it actually deletes the files. However, there is still a chance for the files to reappear in your repo when it syncs if Panther performs a bulk update.
- Ensure that you have disabled those rules in your repo. Then run the following commands:
panther_analysis_tool delete --analysis-id $RULE_ID
git rm $PATH_TO_PY_FILE $PATH_TO_YAML_FILE
git commit
andgit push
those changes before the next pull from upstream
- NOTE: Replace
RULE_ID
with the rule_id of which rule you want to remove. ReplacePATH_TO_PY_FILE
andPATH_TO_YAML_FILE
with the actual paths to the PY and YAML files you want to remove.