QUESTION

What's the difference between a Fail and an Error error state in Panther's detection unit testing?

ANSWER

If a unit test returns an Error, it means that there is a compiling error in your Python code for the detection being tested.

If a unit test returns a Fail, it means that the logic of your Python code in the detection tested with the event you provided is returning a Fail and will not trigger an alert.

Note that the button "The detection should trigger based on the example event"  in your Panther Console directly affects the outcome of your test (Pass/Fail).

Screenshot 2023-06-12 at 4.31.13 PM.png

For more in-depth information on creating and editing a detection, please refer to our documentation page "Writing and Editing Detections".