Issue

When trying to run a test with pantherlog on sample CSV input, the test fails even though the input is correct. 

Resolution

Cause

This issue can occur when you use multiple lines for your CSV input. For example if you have something like:

Screen Shot 2022-06-27 at 2.35.40 PM.png

Panther will treat these 2 lines as 2 separate events, but a test case can only have 1 event. In this case, the first line will be used as the event, and if your first line is just the CSV header line, this will either fail to classify, and/or simply not match your expected result for this test case.