What should the AnalysisType
be for a query I want to manage via my repo, but it is not a Scheduled Query? I use AnalysisType: scheduled_query
for Scheduled Queries, but what should it be if I want to define or manage a Saved Query in my repo that people would run ad-hoc via the Panther Console?
You can use AnalysisType: scheduled_query
for uploading a Saved Query that is not scheduled via your repo. You can create your query and place it in a directory inside your repo. Then, from that directory you can execute the following command:
panther_analysis_tool upload --filter AnalysisType=scheduled_query --skip-tests
When your query is not scheduled, you can omit the Schedule: part from the yml file that you want to upload.