Skip to main content
Panther Knowledge Base

How can I add enrichment to my Panther detection test events for local CI/CD development?

  1. Last updated
  2. Save as PDF

QUESTION

When developing detections locally using panther_analysis_tool (PAT), how can I add enrichment (GreyNoise, IPInfo, etc.) to an event I wish to use as a test case?

ANSWER

We do not currently offer a means to enrich events locally. Instead, you need to navigate to the detection in the Panther Console and create the test event there. Within the Console, there is a button you can use when creating a test which will add enrichment to your event. See Enrich Test Data in our docs for more information.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.