Skip to content
/ panther-content-template Public

Panther Config SDK template repo for content modules

panther.com/
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

panther-labs/panther-content-template

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.github
.github
 
 
panther_content
panther_content
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
Pipfile
Pipfile
 
 
Pipfile.lock
Pipfile.lock
 
 
README.md
README.md
 
 
mypy.ini
mypy.ini
 
 

Repository files navigation

panther-content-template

Panther SDK template repo for content modules.

Setup a new repo

  1. Clone this repo
git clone [email protected]:panther-labs/panther-content-template.git my-panther-content
cd my-panther-content
  1. Initialize the repo. This will remove the existing git data, delete CODEOWNERS and start a new git repository:
make init
  1. Optionally, start a docker shell to run python 3.9. If docker is not available or you prefer to run on your host operating system, you can skip this step. Please ensure your machine has a proper Python 3.9 environment with pip installed.
make shell
  1. Run the install command to bootstrap the repository's dependencies. If you are running in docker, there may be warnings about running as a root user. These can be ignored. You can confirm this was successful by running the tests.
make install
make test

Project structure

While any directory structure that implements a valid python module will work, this template includes a basic directory structure to provide some guidance on how to organize your content. The list below provides a brief description of this included structure:

/panther_content
    /__main__.py   # module entry point

    /filters       # reusable filters for use in Panther Rules, Policies and Scheduled Rules
    /rules         # Panther Rule content
    /queries       # Panther Saved/Scheduled Query content

/tests             # directory structure mirroring "panther_content" that includes unit tests.
/Makefile          # sample Makefile provided with lint, format and testing targets
/mypy.ini          # recommened mypy configuration for python type checking
/requirements.txt  # PIP requirements file

/.github           # example automation pipeline using GitHub Actions

Importing & updating content

You can import & update filters, detections and other panther_sdk-based content via PIP modules. As with any other PIP module, this can be done by editing the requirements.txt file. Panther-authored content follows semantic versioning. Please refer to the (Py-Pkgs guidance)[https://py-pkgs.org/07-releasing-versioning.html] on how to use this file and to decide how to version.

Using Automation

This repo includes configuration for GitHub Actions in .github/workflows. You can either use these as-is or use them as a reference while setting up your own automation pipeline.

Publish as a content library

If you want to make your panther_sdk based content available to other repositories, you can do so by publishing to PyPi or another PIP-based pacakge host. As with any published PIP package, you will have to include configuration to do so. See Packaging Python Projects for more details. You can refer to the source code of panther-utils for a Panther-provided example of doing this.

About

Panther Config SDK template repo for content modules

panther.com/

Topics

python security cloud

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

11 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages