QUESTION

Is it possible to set up a Custom Enrichment from a Scheduled Search via PAT or YAML, so the configuration can be committed to a git repo?

ANSWER

Yes, this is supported. Panther provides a way to manage SQL-based custom enrichments (including those sourced from a Scheduled Search) through YAML configuration files, allowing you to version-control them in your detections repo.

For the full YAML configuration schema and step-by-step instructions, see the Managing Enrichment with PAT — SQL Custom Enrichments (Beta) section of the Panther documentation.

For reference on setting up the enrichment from the Scheduled Search side, see Option 1: Import Custom Enrichment Data with a Scheduled Search.