Is it possible to upload Saved Queries using Panther Analysis Tool (PAT)?
Yes, it is possible to upload your saved queries through CI/CD by running the PAT upload command using your API key <api-token>
,<your-panther-instance-name>
and locating the YAML (.yml) metadata file of your saved query <path-to-your-query>
.
Example command:
panther_analysis_tool upload --path <path-to-your-query> --api-token <api-token>
--api-host https://api.<your-panther-instance-name>.runpanther.net/public/graphql --skip-tests
An example of the metadata .yml template that can be used to create your saved query:
AnalysisType: scheduled_query
Enabled: false
Query: |-
SELECT *
FROM panther_logs.public.custom_logs
WHERE p_source_id = 'my-source-id'
LIMIT 10
QueryName: my saved query name
You can also limit your upload, filtering by the AnalysisType
value within your command --filter AnalysisType=scheduled_query.
See 📄 What AnalysisType can I use for non-scheduled queries that I upload via PAT?