How do I test quickly test a change in the logic of a Panther policy, rather than wait up to 24 hours for the system to scan my cloud resource and run the policy?
One way to make a policy run is to flip its return value, then flip it back again. For example, where the Python code for a detection says return True
, edit this to say return False
. At this point, any cloud resources that fail this policy should appear as passing the policy. Now you can edit your policy logic, and when this is done, edit the return value back to True
. Then, Panther will re-evaluate your cloud resources and generate an alert for any that don't satisfy the policy.
Please note that this operation does not induce a scan of the cloud resources. If any changes are made to these resources during the process described above, these changes may have no effect on the policy's performance until Panther scans them again later.
If you have any questions about this process, please contact Panther Support.