QUESTION

I want to share some variables across my functions within my Python detection code. How can I define them so that changes made in one function persist into the next?

ANSWER

Panther supports defining variables that are scoped to the lifetime of the detection's invocation. To do so, define them outside the functions, and use the global keyword inside the functions, like the example below:

my_global = "foo"      # Create an invocation-scoped variable, and set it to foo

def rule(event):
    global my_global   # Tells Panther that this is the same `my_global` as above
    my_global = "bar"  # Overwrite the value we initially defined
    return True

def title(event):
    global my_global   # Again, we tell panther to use the global variable
    return my_global   # Returns "bar", since we overwrote "foo" in the rule() function

There are a few caveats: