QUESTION

As mentioned in Panther's documentation, if you use the Panther Analysis Tool for managing detections, you should not enable the GreyNoise pack in the Panther Console. What is the process to enable and start taking advantage of the GreyNoise pack while keeping the existing CI/CD workflows?

ANSWER

As a CI/CD user, you can pull the latest version of panther-analysis to access the GreyNoise Lookup Tables. Then, set Enabled: true in the YML files of the lookup tables you want to use. 

If you make any changes to the lookup tables, do not enable the packs via the Panther Console. Simultaneous use of both the Panther Console and PAT to manage this pack is not supported.

If you keep your own repo, you can copy the files for the Lookup Tables from Panther's GitHub repo here.