I'm wondering what would be the correct way to customize the enriched log types via developer workflow? I'd like to add a custom log source and I'm wondering if Panther automatically adds any logs that have p_any_emails or p_any_usernames indicators?
Panther won't automatically add new log types to your enrichment provider after the initial creation.
In order to update your Okta enrichment providers through CI/CD:
Download the YAML file that Panther automatically generated for your Okta enrichment providers (the names should be *_devices.yml
and *_users.yml
). You can easily download these YAML files through your Panther Console by navigating to Build > Bulk Uploader > Download all entities.
Edit the YAML files by adding your new log types and the associated selectors.
Finally, proceed with uploading the YAML files through CI/CD by using Panther's API.
The enrichment providers will be updated to reflect the new YAML file.