Skip to main content
Panther Knowledge Base

How do I resolve the PAT error "Missing key: 'AnalysisType'"?

  1. Last updated
  2. Save as PDF

ISSUE

Panther Analysis Tool (PAT) throws the error "Missing key: 'AnalysisType'" while trying to read a custom schema.

RESOLUTION

Make sure your directory does not use the name "lookup_tables."

For example, if your directory is: .../custom_schemas/lookup_tables/...
you could rename it to: .../custom_schemas/lut_schemas/...

 

Additionally, this problem can occur if the PAT upload directory path contains the name "lookup_tables" for a schema. In such cases, PAT may incorrectly parse it as a lookup table.

To resolve this issue, please ensure the following:

  1. Make sure your schemas are stored in a separate folder.
  2. Check that the directory path to the schema does not include the name "lookup_tables".

CAUSE

This issue occurs because PAT mistakenly tries to parse these schema files as Detection or Lookup Table (LUT) YAML files. During the upload process, PAT searches for the key "AnalysisType" in each YAML file to determine its purpose, such as Rule, Data Model, LUT, Query, etc. However, schemas do not require an "AnalysisType" key, resulting in an error during processing.