I am trying to upload my detections with panther_analysis_tool, but I am getting an error saying that one of my files has "the same name as" one of my other files. The error says: "attempted to add item for FileName multiple times".
To resolve this issue:
Check the error message for the file names/paths that it says have the same name.
For each file path that it found, please edit the name of the file to ensure it is unique from the other files you are attempting to upload. For example, if you have github_repo_created.py
, try renaming it to github_repo_created1.py
If you renamed a python file, make sure to also change that name in the corresponding yml file. So in the above example, if you renamed one of your python detections to github_repo_created1.py
, then you would also want to edit the corresponding yml file and ensure it has Filename: github_repo_created1.py
This error happens when you attempt to upload detections where 2 or more of your files have the same name. When Panther uploads your detections, it flattens the directory structure and uploads every detection/analysis file inside the same virtual folder. Because of this, you will get an error if you have 2 folders that have the same file name. For example, consider you have the following files/folders:
my_detections/github_repo_created.py
my_detections/github_repo_created.yml
github_rules/github_repo_created.py
github_rules/github_repo_created.yml
This would cause an error because even though these files are in different folders, they still have the same name. So to resolve this, you can edit the file names under my_detections/
to ensure they are unique from the file names under github_rules/