Question

I want to remove Traildiscover and I've disabled the enrichment by simply setting Enabled: false in the LUT yml, but now I'm getting an error when deploying:

Path: traildiscover_lut.yml
Error: {"errorMessage":"lookup 1540380e-b0db-466b-9d2f-c85a0ddb71f8 is not enabled, 
please enable to upload","errorType":"InvalidInputError"}

Answer

To remove the TrailDiscover lookup table in Panther when disabling it causes deployment errors, follow these steps:

1. Locate the TrailDiscover lookup table files in your project directory.

2. Remove the entire YAML record related to the TrailDiscover lookup table.

3. Attempt to deploy your changes again.

Note on UI-based Management

For CI/CD users with UI access, you may see the message " Unable to change the status because the Detection management settings are configured to PAT only" under "Build > Packs.'" In such cases, the file-based removal method described above is still applicable.

If you continue to experience issues after following these steps, please contact Panther support for further assistance.