Panther Developer Workflows
Use the search bar above or navigate the categories below to find articles about Panther Developer Workflows.
For setup instructions, check out the Panther documentation: Panther API | Panther Analysis Tool | Detection Packs
- Packs
- Error "input: server timeout: please try again" when trying to enable or update my Packs in Panther
- How do I check the contents of a Panther-managed detection pack?
- How do I make edits to Panther-managed Pack rules?
- How do I resolve getting alerts from an IP address listed in Panther’s Sunburst IP range list?
- How often do Packs update in the Panther Console?
- How to choose between Packs and panther_analysis_tool for managing detections
- Should I use a Detection Packs workflow or a CI/CD workflow with Panther?
- panther-analysis
- "Cannot import name 'Draft202012Validator' from 'jsonschema.validators'" when performing panther-analysis unit tests in CI/CD
- Can I organize my Panther global helpers into subfolders?
- Can I rename my own panther-analysis fork?
- Do DisplayName fields in Panther need to have double quotes?
- Error 'fatal: refusing to merge unrelated histories' when running GitHub action sync-panther-analysis-from-upstream over private mirrored panther-analysis repo
- How can I transition to using Panther with just a CI/CD workflow for our cloned repo?
- How do I resolve errors while trying to run the "make install" command in my cloned panther-analysis repo?
- How do I resolve merge conflicts and failed syncs when using the GitHub Action sync-panther-analysis-from-upstream?
- How do I resolve the Panther CI/CD developer role error "OpenIDConnect provider's HTTPS certificate doesn't match configured thumbprint"?
- How often should I sync my forked panther-analysis repo with the main repository?
- How should I keep my fork of panther-analysis up to date with the upstream version?
- How to install the Prettier formatter for panther-analysis version 3.47.0 and later
- If I onboard using the Panther Console, do I need to clear out existing work I've done in the Panther Console before migrating to a CI/CD workflow?
- Should I receive merge conflicts every time I sync using the Panther GitHub Action Script?
- The pipeline is hanging while uploading IPInfo lookup tables to Panther
- Total number of downloaded detections doesn't match the total in the Panther Console
- When trying to sync panther-analysis, I see the Github error "Failed to push some refs"
- Why doesn’t Panther store native schema yml files in the panther-analysis repository?
- Why does pantherlog think my event time is Jan 2, 2006?
- Panther Analysis Tool (PAT)
- "Exhausted retries attempting to perform bulk upload" when trying to upload detections via PAT
- 502 responses when uploading with Github Actions and PAT
- Can't attach new custom schema to a log source after uploading via the panther_analysis_tool
- Can I use rule filters when using CI/CD to upload to Panther?
- Detections with same name failed to upload to backend when using Panther Analysis Tool
- Does Panther Analysis Tool offer an option to output JSON describing the results of an upload?
- Do CI/CD processes affect rule filters for Panther detections?
- Error: "PantherEvent has no attribute 'deep_walk'" when testing Panther detections with PAT
- Error: Panther Analysis Tool cannot save an enabled policy with failing unit tests
- Error "AttributeError: 'PathDistribution' object has no attribute '_normalized_name'" when installing or updating PAT
- Error message "not in list of valid keys" when running tests with PAT
- Error message "rule has an invalid log type" when uploading to Panther
- Getting 502 Bad Gateway at my API host when enabling CI/CD in GitHub Actions for Panther
- How are global helpers included with Panther Analysis Tool uploads?
- How can I resolve the error "None should be instance of 'dict'" in panther analysis tool?
- How can I run the Panther Analysis Tool on Windows?
- How do I resolve "AnalysisContainsDuplicatesException" when uploading a rule to Panther?
- How do I resolve "attempted to add item for FileName multiple times" when uploading with PAT?
- How do I resolve "resolve body reference: could not find uploaded item" while using PAT to upload detections?
- How do I resolve a "Panther cannot import X helper file" error?
- How do I resolve the error "ImportError: cannot import name 'Final' from 'typing' (/usr/local/lib/python3.7/typing.py)" when using Panther Analysis Tool?
- How do I resolve the error "LOG_TYPE_REGEX does not match 'Snyk.*'" in Panther Analysis Tool?
- How do I resolve the PAT error "Missing key: 'AnalysisType'"?
- How do I resolve the PAT error "name 'Optional' is not defined"?
- How do I troubleshoot panther_analysis_tool installation issues on macOS?
- How long does it take to see my detection update in Panther once the GitHub Action is completed in my CI/CD workflow?
- How to fix "TypeError: 'type' object is not subscriptable" when uploading to my Panther repo
- How to ignore non-Panther files when using panther-analysis-tool
- How to make Panther Analysis Tool tests ignore disabled detections
- How to make Panther Analysis Tool upload faster
- How do I read the code for panther_detection_helpers?
- How to resolve "cannot access local variable 'yaml'" error in Panther Analysis Tool
- How to resolve the error "AccessDeniedException" for Panther federated roles when used with PAT
- How to test just one single detection at a time with Panther Analysis Tool
- How can I avoid overwriting global helpers while using PAT?
- Is there a limit to how many detections can be deleted at once with PAT?
- Panther Analysis Tool error when uploading tests: cannot unmarshal map or seq into string
- Panther Analysis Tool reports an AnalysisIDConflictException
- Panther error: cannot install panther_analysis_tool because package versions have conflicting dependencies
- Running tests and uploading only the modified files from the previous commit when working with the Panther Analysis Tool
- Saved queries appear in Panther Console after local deletion
- Test and Upload Look Up Table (LUT) using Panther Analysis Tool (PAT)
- Upload specific files using Panther Analysis Tool (PAT)
- What API permission do I need for running commands with PAT?
- What does the pipe character do in GitHub Actions workflows used with Panther?
- What do I do if GitHub workflow tests via PAT are failing due to a missing library?
- What happens to my detection code if I make changes in both the Panther Console and PAT?
- When trying to install Panther Analysis Tool I encounter the following error: "AttributeError: module 'lib' has no attribute 'OpenSSL_add_all_algorithms'"
- Why am I getting timestamp errors from PAT test?
- Why does my bulk upload pass the PAT test command, but still fails to upload?
- Why does my PAT query upload fail with the message "No SQL supplied"?
- Why do duplicate rules appear in Panther after renaming a rule and how can I delete the old one?
- Why do I see 'access denied' when trying to upload via Panther Analysis Tool?
- Why is PAT showing the error "LOG_TYPE_REGEX does not match '...'"?
- Panther API
- Can I query for an alert's alert_context via the Panther API?
- Can I retrieve my schema using Panther API?
- Can I use API or IaC to create Log Sources in Panther?
- Can I use the API to get all detection IDs of detections on my Panther instance?
- Can I use the Panther API to find how many enabled detections have fired recently?
- How can I add multiple CIDR ranges to an API token's IP restrictions?
- How can I use the next token for pagination in the Panther REST API?
- How do I query alert events through the Panther API?
- How do I resolve the Panther API error "Must Provide Document"?
- How do I rotate my Panther API token?
- How to programmatically get information about detections via the Panther API or PAT
- Is there any way to extract "Framework Mapping" from a specific detection/alert using API in Panther?
- The Panther API sometimes yields inconsistent or empty results when querying my alerts in the data lake
- Which permission does a Panther user need to use the API Playground?