Is there a CSV file containing all Panther detections and their details?
Panther does not have an existing CSV file containing this information.
However, you can use a Python script to read the YAML files in the rules directory and extract specific fields. The information can then be printed in your CLI output or exported to a CSV file. Here's a basic example that extracts the RuleID
, DisplayName
, Description
, and Severity
of each rule. You can add other fields as needed.
import csv
import yaml
from pathlib import Path
# Walk the ./rules directory and gather rule details from .yml files
repo_rule_details = []
pathlist = Path("./rules").rglob("*.yml")
for path in pathlist:
with open(path, "r") as f:
rule = yaml.safe_load(f)
description = rule.get("Description", "Description not provided") # To account for some rules that don't have a Description tag
repo_rule_details.append({
"RuleID": rule["RuleID"],
"DisplayName": rule["DisplayName"],
"Description": description,
"Severity": rule["Severity"]
})
# Export to CSV
with open("rule_details.csv", "w", newline="") as csvfile:
fieldnames = ["RuleID", "DisplayName", "Description", "Severity"]
writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
writer.writeheader()
writer.writerows(repo_rule_details)
# Print a success message
print("Rule details exported to rule_details.csv")