QUESTION

What is the workflow or process to build scheduled tests for detections in Panther? I want to automate periodic testing of detection logic without needing to wait for an actual log event to trigger the detection.

ANSWER

To automate detection testing, Panther recommends using Panther Analysis Tool (PAT).

You can run tests with PAT and use something as lightweight as cron

Note that we have guides for setting up PAT with automation tools like CircleCI and GitHub Actions to automate testing during detection development and upload.