What options do I have to manage my detections in Panther, and which options are best for my workflow?
Panther supports creating and managing detections via these workflows:
Panther Console
Manually edit and write detections in the Panther Console, or use Panther's built-in detections or Packs.
This is the easiest way to get started, as it does not require additional configuration. This option is suitable for less technical users or organizations that will not have a large number of detections or users.
Panther Developer Workflows:
Upload detections via Panther Analysis Tool in a CI/CD workflow.
This option is suitable for users who feel comfortable managing content via CI/CD and using Python.
Read more about these options in our documentation: Getting started with detections.
Note: Using Detections Packs and PAT at the same time is not recommended. These workflows could potentially overwrite each other's detections if there are detections that have the same ID. For more information on choosing Packs or PAT, see this article:📄 How to choose between Packs and panther_analysis_tool for managing detections