Panther Analysis Tool (PAT)

Articles

• How do I resolve a "Panther cannot import X helper file" error?
• How long does it take to see my detection update in Panther once the GitHub Action is completed in my CI/CD workflow?
• What API permission do I need for running commands with PAT?
• Does Panther Analysis Tool test if the destinations of a detection are valid?
• Why does the lastModified timestamp for Panther rules change after CI/CD updates?
• How can I test just one detection with Panther Analysis Tool?
• Error "argument --api-host: expected one argument" when running Panther test command in GitHub Actions
• Panther error: cannot install panther_analysis_tool because package versions have conflicting dependencies
• How can I run the Panther Analysis Tool on Windows?
• What happens to my detection code if I make changes in both the Panther Console and PAT?
• How to resolve the error "AccessDeniedException" for Panther federated roles when used with PAT
• How to make Panther Analysis Tool tests ignore disabled detections
• Error 'could not find uploaded item: scheduled_rule_default.py' when uploading rules via Panther Analysis Tool (PAT) in Panther
• How do I resolve the PAT error "Missing key: 'AnalysisType'"?
• Can I use rule filters when using CI/CD to upload to Panther?
• What do I do if GitHub workflow tests via PAT are failing due to a missing library?
• Why do I see 'access denied' when trying to upload via Panther Analysis Tool?
• Does Panther Analysis Tool offer an option to output JSON describing the results of an upload?
• How can I avoid overwriting global helpers while using PAT?
• How do I resolve the error "ImportError: cannot import name 'Final' from 'typing' (/usr/local/lib/python3.7/typing.py)" when using Panther Analysis Tool?
• Error: "No backend client provided, skipping InlineFilters during testing" when testing Panther detections with PAT
• When trying to install Panther Analysis Tool I encounter the following error: "AttributeError: module 'lib' has no attribute 'OpenSSL_add_all_algorithms'"
• Panther Analysis Tool reports an AnalysisIDConflictException
• How can I resolve the error "None should be instance of 'dict'" in panther analysis tool?
• Why am I getting a 403 or 401 error when uploading content using Panther Analysis Tool (PAT)?
• Running tests and uploading only the modified files from the previous commit when working with the Panther Analysis Tool
• Error "AttributeError: 'PathDistribution' object has no attribute '_normalized_name'" when installing or updating PAT
• How do I troubleshoot panther_analysis_tool installation issues on macOS?
• Why does my bulk upload pass the PAT test command, but still fails to upload?
• Why do duplicate rules appear in Panther after renaming a rule and how can I delete the old one?
• What is the configuration precedence for Panther Analysis Tool (PAT) and will .panther_settings.yml override options passed via the command line?
• Error message "not in list of valid keys" when running tests with PAT
• Panther Analysis Tool error when uploading tests: cannot unmarshal map or seq into string
• Detections with same name failed to upload to backend when using Panther Analysis Tool
• How to make Panther Analysis Tool upload faster
• How to fix "TypeError: 'type' object is not subscriptable" when uploading to my Panther repo
• Why am I getting "pyenv: pipenv: command not found" when installing PAT?
• How do I resolve the error "LOG_TYPE_REGEX does not match 'Snyk.*'" in Panther Analysis Tool?
• Why does my PAT query upload fail with the message "No SQL supplied"?
• How to resolve "cannot access local variable 'yaml'" error in Panther Analysis Tool
• How do I resolve "AnalysisContainsDuplicatesException" when uploading a rule to Panther?
• Can I ignore multiple files using the Panther Analysis Tool (PAT) --ignore-files flag?
• Who is listed as the detection creator when using the Panther Analysis Tool vs the console?
• PAT shows "Failed to parse query / Skipping table name validation" in Panther
• How do I resolve the PAT error "name 'Optional' is not defined"?
• Error: "PantherEvent has no attribute 'deep_walk'" when testing Panther detections with PAT
• How to Resolve the "NoRegionError: You Must Specify a Region" Error in Panther
• Upload specific files using Panther Analysis Tool (PAT)
• Can I run a single test in a single detection with Panther Analysis Tool (PAT)?
• Saved queries appear in Panther Console after local deletion
• Is there a limit to how many detections can be deleted at once with PAT?
• How do I resolve "attempted to add item for FileName multiple times" when uploading with PAT?
• I received a "Validation failed" error when running Panther’s PAT validate command. How can I troubleshoot this?
• How do I read the code for panther_detection_helpers?
• 502 responses when uploading with Github Actions and PAT
• How to ignore non-Panther files when using panther-analysis-tool
• Error: "Object 'PANTHER_LOGS.*' does not exist or not authorized." in Panther. How can I solve it?
• Why didn't my GitHub Actions workflow apply changes when I changed a rule status from Enabled: true to Enabled: false in the rule YAML file in my panther-analysis repo?
• What does the pipe character do in GitHub Actions workflows used with Panther?
• Why am I getting timestamp errors from PAT test?
• How do I remove accidentally uploaded queries using Panther Analysis Tool (PAT)?
• Does a scheduled query deployed from Git overwrite an existing one with the same name from the Panther Console?
• Can't attach new custom schema to a log source after uploading via the panther_analysis_tool
• Why is PAT showing the error "LOG_TYPE_REGEX does not match '...'" or "LOG_TYPE_REGEX(\\.[A-Z][A-Za-z0-9]*){0,5})$')) did not validate 'Github.Audit'"?
• How do I resolve "resolve body reference: could not find uploaded item" while using PAT to upload detections?
• Getting 502 Bad Gateway at my API host when enabling CI/CD in GitHub Actions for Panther
• How can I verify if the Panther Analysis Tool (PAT) is using the .env variables?
• Error: Panther Analysis Tool cannot save an enabled policy with failing unit tests
• Why do schema updates with Panther Analysis Tool (PAT) fail when using test files?
• Error: 'git rev-parse --show-toplevel returned non-zero exit status 128' when running 'pat init' in the Panther Analysis Tool (PAT)
• How are global helpers included with Panther Analysis Tool uploads?
• Do CI/CD processes affect rule filters for Panther detections?
• "Exhausted retries attempting to perform bulk upload" when trying to upload detections via PAT
• Error message "rule has an invalid log type" when uploading to Panther