When trying to upload detections with panther_analysis_tool
, I see an error like the following, reporting a "same name" or "same ID" between two detections.
Error: : Failed to upload to backend:
[{'message': '{"issues":[{"path":"detection.yml",
"errorMessage":"attempted to add item for FileName multiple times.
\'path1/detection.yml\' has the same name as
\'path2/detection.yml\'"}]}',
'path': ['uploadDetectionEntities'], 'extensions': {'reportable': False, 'statusCode': 400}}]
To resolve this issue, you will need to change the name or ID of one of the conflicting detections, and attempt the upload operation again. You may want to test the detections with panther_analysis_tool
again as well.
This issue occurs due to two factors:
A collision, where two or more detections have the same name or ID.
A Panther bug where panther_analysis_tool test
does not realize that there are two detections with the same name or ID. The Panther engineering team has captured this in their development backlog.
If you have further questions or would like to report a sighting of this issue, please contact Panther support.