"Exhausted retries attempting to perform bulk upload" when trying to upload detections via PAT

Last updated
Save as PDF

Issue

When trying to upload detections via panther_analysis_tool the following error appears:

[INFO]: Uploading items to Panther
Warning: : Exhausted retries attempting to perform bulk upload.

Resolution

If you are uploading Scheduled Queries

Follow the steps in this guide: How to resolve "Bulk upload failed to update a saved query" error in Panther

If you are not uploading Scheduled Queries

Try uploading without the --batch command.
Check to see that you're treating all Mock Testing return values as String. If your code is expecting a different type like Array or JSON, a small tweak to the code is required to handle the Mock value. The example below is pulled from our Diving into the Detection section of Mocks in our documentation.

import json
# Another option is to use: from ast import literal_eval
# --- Snipped ---
def policy(resource):
  # --- Snipped ---
  recorder = resource_lookup(recorder_name)
  if isinstance(recorder, str):
    recorder = json.loads(recorder)

If the above steps do not lead to an obvious solution, reach out to Panther Support.

Cause

This issue can occur when using the --batch option or trying to upload a query that times out or contains an SQL error on a version of panther_analysis_tool that predates v0.19.10.