Can I mock API calls made from a decorator function in Panther detection code?

Last updated: September 3, 2024

QUESTION

Does Panther support mocking API calls made from a decorator function in Panther detection code?

For example, I'd like to do something like this:

@alert_context_decorator
def alert_context(event):
   return log_source_context(event)

where @alert_context_decorator invokes a custom function, find_oncall_engineer() , and adds the oncall field to the results returned by alert_context(event) .

ANSWER

Panther currently does not support this. If you are interested in support of this feature, please contact Panther Support to put in a request.

As a workaround, you can skip the decorator function, as shown below:

from helping_mock_finder_func import finder_func

def rule(event):
    # Return True to match the log event and trigger an alert.
    return False

def alert_context(event):
    return {'key':'value'} | {"oncall": finder_func()}