How should I handle the Panther-managed detections when using CI/CD if I only want to use a subset of them?

When transitioning to a CI/CD workflow and wanting to maintain only specific Panther-managed detections (e.g., AWS-related packs), we recommend keeping all the source code in your private repository to avoid potential merge conflicts when pulling updates from the upstream Panther repository.

Important Considerations

• If you delete Panther-managed rules from your forked repository, you will encounter merge conflicts each time you pull updates from the upstream repository.

• When the "Use Panther Analysis Tool to manage detections" setting is enabled, you won't be able to enable or disable Detection Packs from the Panther Console.

Additional Resources

For more detailed information, refer to:

• How to transition to using Panther with just a CI/CD workflow

• Migrating to a CI/CD Workflow