If I fork the panther-analysis repository, how should I stay in sync with your upstream repository?
Staying in sync with our version of the panther-analysis repository is important to ensure you get the latest patches, and detection content. In order to set this up to make it run smoothly, we offer the following suggestions:
Make sure to pull only from the latest tagged release version of panther-analysis. The master branch contains content that is in active development and may not be ready to be added to your Panther Console.
To find the latest tagged release:
Navigate to the Panther Labs repository on GitHub
Click the master branch dropdown
Click on the "Tags" tab to see a list of all of our tagged releases. The latest should be at the top.
To minimize merge conflicts when syncing with our upstream version, we recommend to keep your own custom detection content/analyses files in a separate directory within your fork of this repository. This ensures that if Panther makes any modifications to our detections and releases them to panther-analysis, that your own versions will be in a different directory, and thus won't have a merge conflict the next time you run git pull
.
Lastly, you can keep this fork up to date either manually, or automatically. We have instructions for either option here in our documentation.