Error:".technique the requested element is null which the schema does not allow" in Panther
Last updated: July 30, 2025
Issue
When navigating to an alert page in Panther, I encounter the error ".technique the requested element is null which the schema does not allow" . How can I resolve this?
Resolution
To resolve this issue:
Open the detection file (e.g., YAML file) that's causing the error.
Locate the
Reportssection in the file.Find the MITRE ATT&CK technique specification.
Ensure the technique is formatted as
TacticID:TechniqueID. For example:Reports: MITRE ATT&CK: - TA0005:T1556.006If the tactic ID is missing (e.g., only "T1556.006" is present), add the appropriate tactic ID followed by a colon.
Save the detection.
Cause
This issue occurs when the MITRE ATT&CK report in a detection file is not properly formatted. Panther expects the MITRE ATT&CK techniques to include both the tactic ID and the technique ID, separated by a colon.
The MITRE ATT&CK dashboard in the Panther Console has been updated to version 16.1 (from 11.1), which introduces a number of new attack techniques.
Always double-check the format of your MITRE ATT&CK techniques when creating or modifying detection files. The correct format is "TacticID:TechniqueID" (e.g., TA0005:T1556.006).