Test, manage, package, and deploy all of your detections using Panther’s CLI tool

Why?

As a DevOps and security engineer, you likely prefer using the command line as much as possible for simple tasks like editing and organizing files.

What?

Panther automates the security operations pipeline by using code to detect suspicious behaviors and cloud misconfigurations. Panther provides two primary mechanisms to create this code: in the UI, or with a CLI tool.

With the Panther analysis CLI tool, you can test, package, and deploy all of your Cloud Security Policies and Log Analysis Rules via the command-line interface (CLI). This enables detections to be managed in code and tracked in version control systems like GitHub, GitLab, and SVN.

The Panther Analysis Tool can assist with creation, local testing, zipping, and uploading detections to Panther to support developer-oriented workflows. For many DevOps and security engineers, this is a more natural workflow that supplements the use of the Panther user interface.

How does this impact you?

In addition to working with Rules and Policies, you can also use our CLI tool to:

  • Access and operate Panther from machines that don’t have a GUI, e.g. an EC2 instance
  • Enable team collaboration for building detections
  • Perform operational tasks such as listing sources, rules, alerts, etc
  • Automate tasks like uploading Rules and Policies
  • Onboard new log and cloud security sources
  • Run Panther upgrade scripts

Get Started

The Panther analysis tool is available on pip.

Simply install with:

pip3 install panther-analysis-tool

For running tests, use:

panther_analysis_tool test --path <path-to-python-code>

Find documentation to write detections with the Panther Analysis Tool:

TL;DR

Panther’s Analysis Tool helps security practitioners test, package, and deploy Policies and Rules from the CLI.