I see deprecated Panther-managed rules in my Panther Console. I tried deleting them, but they keep reappearing. How do I remove them?
There are a couple ways to do this:
Filter out the deprecated rules using Filter or Ignore. With this approach, the files don't get deleted and you may have to run the command again when your repo syncs.
Ensure that you have disabled those rules in your repo
Run this command: pipenv run panther_analysis_tool upload --filter Enabled=true
That will limit the upload to rules where Enabled:True
is set
After that, you can delete the rules through the UI without them reappearing when you upload using PAT
Git remove the files. This approach is more permanent, as it actually deletes the files. However, there is still a chance for the files to reappear in your repo when it syncs if Panther performs a bulk update.
Ensure that you have disabled those rules in your repo. Then run the following commands:
panther_analysis_tool delete --analysis-id $RULE_ID
git rm $PATH_TO_PY_FILE $PATH_TO_YAML_FILE
git commit
and git push
those changes before the next pull from upstream
NOTE: Replace RULE_ID
with the rule_id of which rule you want to remove. Replace PATH_TO_PY_FILE
and PATH_TO_YAML_FILE
with the actual paths to the PY and YAML files you want to remove.