Issue

When attempting to upload resources to Panther via panther_analysis_tool (PAT), you get an error similar to the following:

[ERROR]: {'message': 'access denied', 'path': ['uploadDetectionEntities'], 'extensions': {'reportable': False}}

Resolution

This solution assumes you are using an API token to authenticate PAT. If you are using the legacy IAM role for authentication, please reach out to our support team.

To resolve this error, you must ensure the API token used for authentication has the Bulk Upload permission.

  1. In the Panther Console, click the gear icon in the upper right, then select API Tokens from the drop-down menu.

  2. Scroll through the resulting list of API tokens until you find the one you're using for PAT. Beneath the title and metadata, you'll see a list of permissions allowed by the token, See the below image for reference:

    Screen Shot 2022-10-07 at 10.28.07 AM.png

If you do not see the Bulk Upload permission, you can add it to the token with the following steps:

  1. Click the token title to edit the properties.

  2. An edit view will open, and you'll see a text box where you can edit the name of the token, as well as several checkboxes below for different permissions.

  3. Under the Analysis section check the box for Bulk Upload.

  4. Save your changes by scrolling to the bottom of the page and clicking Update API Token.

Cause

If you use a token which is not permitted to bulk upload, Panther will block the upload to prevent malicious activity. This leads to the "access denied" message appearing in your terminal.

For the permissions needed for using PAT in other regards, please review the complete list of PAT actions and required permissions in our docs.