If I fork the panther-analysis repository, how should I stay in sync with your upstream repository?
Staying in sync with our version of the panther-analysis repository is important to ensure you get the latest patches, and detection content. In order to set this up to make it run smoothly, we offer the following suggestions:
- Make sure to pull only from the latest tagged release version of panther-analysis. The master branch contains content that is in active development and may not be ready to be added to your Panther Console.
To find the latest tagged release:
- Navigate to the Panther Labs repository on GitHub
- Click the master branch dropdown
- Click on the "Tags" tab to see a list of all of our tagged releases. The latest should be at the top.
- To minimize merge conflicts when syncing with our upstream version, we recommend to keep your own custom detection content/analyses files in a separate directory within your fork of this repository. This ensures that if Panther makes any modifications to our detections and releases them to panther-analysis, that your own versions will be in a different directory, and thus won't have a merge conflict the next time you run
- Lastly, you can keep this fork up to date either manually, or automatically. We have instructions for either option here in our documentation.