Panther-analysis provides built-in detection rules and policies for Panther, a modern scalable SIEM platform enabling security teams to define and automate threat detections as code.
Built-in Panther detection rules and policies
This tool is used by security operations teams to implement, manage, and automate detection rules and security policies within the Panther SIEM platform. It allows users to programmatically upload and test detection logic against various log types and cloud resources to identify malicious activity and misconfigurations at scale.
Users should ensure Python environment variables are correctly set as per instructions for smooth operation. Pre-commit hooks enforce code quality and must be installed once after setup. This tool requires familiarity with Panther SIEM and its detection rule formats. Contributions are welcomed but should follow the repository's contributing guidelines.
git clone git@github.com:panther-labs/panther-analysis.git
cd panther-analysis
python3 -m pip install pipenv
echo "PYTHON_BIN_PATH=\"$(python3 -m site --user-base)/bin\"" >> ~/.zprofile
echo "export PATH=\"$PATH:$PYTHON_BIN_PATH\"" >> ~/.zprofile
. ~/.zprofile
make install
pipenv shell (optional, to spawn a subshell with pipenv environment variables)
make install-pre-commit-hooks (to install Git pre-commit hooks)make install
Installs all necessary dependencies including pre-commit and Python packages.
make install-pre-commit-hooks
Installs Git pre-commit hooks for automatic code formatting and linting.
make run-pre-commit-hooks
Manually runs pre-commit hooks on all files to check formatting and linting.
pipenv run panther_analysis_tool test --path rules/aws_cloudtrail_rules/
Runs detection tests on the specified rules directory.