How can I run PantherFlow queries via API in Panther?

Currently, PantherFlow queries are not directly supported via the API. However, there is a workaround to achieve this functionality using Panther's GraphQL API.

To achieve this, you can follow these steps:

1. Navigate to Investigate -> Search History in your Panther Console.

2. Find the PantherFlow query you want to run via API in your Search History.

3. Click the triple dots next to your PantherFlow query execution history.

4. Select "Open in Data Explorer" to view the raw SQL of your PantherFlow query.

5. Copy the raw SQL.

6. Use the copied SQL to make an API call via the Public API for Data Lake Queries.

For more information on executing queries via the API, you can refer to the example in Panther's documentation.

While this workaround allows you to run PantherFlow queries indirectly via the API, direct support for PantherFlow in data lake queries via the API is not currently available. If you are interested in this feature, please contact our Support Team!