I onboarded to Panther using Panther Console workflows. I now want to use a CI/CD workflow. What will happen to the artifacts that are already in my Panther instance? Do I need to clear those out? If I try to upload the same code with the same global name, but from a different repository, will it break anything? Do I need to disable all of the Packs I currently have configured in my instance?
If you try to upload the exact same code with the exact same global name but from a different repository, it will cause issues. You cannot have rules with the exact same name or same Rule ID. You will need to disable Packs, because those same Rules will be running from your forked or private-clone copy of the panther_analysis repo.
See the sections below for more information about the effects on other Panther features.
Detections
We recommend that you ensure the Rule in the Panther Console is not enabled before you activate that same Rule in the repository.
Global Helpers
If you develop a helper or global in the Console and you want to move the referencing detection to a repo, you’ll need to rebuild these if and when you move the detection(s) into the repo. A recommendation is to create a Custom Global Helpers folder in your repo for any custom helpers. Please note - you should not modify Panther globals. Please instead make a copy and customize your copy.
Schemas
This is not relevant because schemas are not pushed from PAT.
Lookup Tables
For Panther Managed LUTs: You will need to move to the panther_analysis workflow and disable in the Console.
For Custom LUTs: The same guidance for global helpers applies here - we recommend a custom sub-folder.