Can I run a single test in a single detection with Panther Analysis Tool (PAT)?
Last updated: July 8, 2025
QUESTION
Is it possible to run a single detection test case using PAT's test command, rather than running all tests for a given RuleID?
ANSWER
Yes, you can run a single (or multiple) detection test case by using the flag --test-names.
Example for running a single test:
panther_analysis_tool test --filter RuleID=AWS.IAM.AccessKeyCompromised
--test-names "An AWS Access Key was Uploaded to Github"Example for running multiple tests:
panther_analysis_tool test --filter RuleID=AWS.CloudTrail.Stopped
--test-names "CloudTrail Was Stopped" "Error Stopping CloudTrail"