Automatically convert a Simple Rule to the corresponding Python rule code in Panther

Last updated: September 3, 2024

QUESTION

Is there a way to automatically convert a Simple Rule to the corresponding Python rule code in my Panther Console?

ANSWER

Panther does not currently offer a way to automatically convert a Simple Rule to a Python rule, so if you're interested in seeing this feature please reach out to our Support Team.

However, there is a way to see what the generated Python is for the Simple Rule using our REST API. The following details will be required:

An API token with View Rules permissions
The RuleID of the aforementioned Simple Rule
The rest endpoint you can hit:
- {{yourAPIHost}}/simple-rules/{{RULE_ID_HERE}}?include-python=true
Here are our Simple Detection REST API docs for more details.

The Python code will be in the pythonBody object of the response.

Please note that the generated Python code following the above approach may be rather verbose.