No project description provided

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Development Status
- 1 - Planning
Environment
- Console
Intended Audience
- Developers
License
- OSI Approved :: GNU Affero General Public License v3
Programming Language
- Python :: 3
Topic
- Security
Typing
- Typed

Project description

Panther Config SDK

The Panther Config module allows you to configure detections for your Panther instance.

Install

The Panther Config SDK can be installed using PIP.

pip3 install panther-config==0.0.9

query module

CronSchedule

Cron expression based schedule definition for a query

Field	Description	Type
`expression`	`Defines how often queries using this schedule run`	str
`timeout_minutes`	`Defines the timeout applied to queries with this schedule`	int

IntervalSchedule

Interval based schedule definition for a query

Field	Description	Type
`rate_minutes`	`Defines how often queries using this schedule run`	int
`timeout_minutes`	`Defines the timeout applied to queries with this schedule`	int

Query

A saved or scheduled query

Field	Description	Type
`name`	`Unique name for the query`	str
`description`	`Short description for the query`	str
`default_database`	`Default database for the query`	str
`sql`	`SQL statement`	str
`enabled`	`Short description for the query`	bool
`tags`	`Tags for the query`	typing.Optional[typing.Union[str, typing.List[str]]]
`schedule`	`Schedule attached to the query`	typing.Optional[typing.Optional[typing.Union[IntervalSchedule, CronSchedule]]]

detection module

DynamicStringField

Make a field dynamic based on the detection input

Field	Description	Type
`fallback`	`Fallback value in case the dynamic handler fails`	str
`func`	`Dynamic handler`	typing.Callable[[typing.Any], str]

DynamicDestinations

Make destinations dynamic based on the detection input

Field	Description	Type
`fallback`	`Fallback value in case the dynamic handler fails`	typing.Optional[typing.List[str]]
`func`	`Dynamic handler`	typing.Callable[[typing.Any], typing.List[str]]

AlertGrouping

Configuration for how an alert is grouped

Field	Description	Type
`period_minutes`	`How long should matches be grouped into an alert after the first match`	int
`group_by`	`Function to generate a key for grouping matches`	typing.Optional[typing.Callable[[typing.Any], str]]

PythonFilter

Custom python filter

Field	Description	Type
`func`	`Custom python filter`	typing.Callable[[typing.Optional[typing.Any], typing.Optional[typing.Dict[str, typing.Union[str, int, float, bool]]]], bool]
`params`	`Custom python filter`	typing.Optional[typing.Dict[str, typing.Union[str, int, float, bool]]]

JSONUnitTest

Unit test with json content

Field	Description	Type
`name`	`name of the unit test`	str
`expect_match`	`should this event trigger the rule?`	bool
`data`	`json data`	str

Rule

Define a rule

Field	Description	Type
`rule_id`	`ID for the rule`	str
`severity`	`Severity for the rule`	typing.Union[str, DynamicStringField]
`threshold`	`Number of matches received before an alert is triggered`	int
`group`	`Number of matches received before an alert is triggered`	int
`name`	`Display name for the rule`	typing.Optional[str]
`log_types`	`Log Types to associate with this rule`	typing.Union[str, typing.List[str]]
`filters`	`Define event filters for the rule`	typing.Union[_BaseFilter, typing.List[_BaseFilter]]
`enabled`	`Short description for the query`	bool
`unit_tests`	`Define event filters for the rule`	typing.Optional[typing.Union[_BaseUnitTest, typing.List[_BaseUnitTest]]]
`tags`	`Tags for the rule`	typing.Optional[typing.Union[str, typing.List[str]]]
`reference`	`Reference for the rule`	typing.Optional[typing.Union[str, DynamicStringField]]
`runbook`	`Runbook for the rule`	typing.Optional[typing.Union[str, DynamicStringField]]
`description`	`Description for the rule`	typing.Optional[typing.Union[str, DynamicStringField]]
`summary_attrs`	`Summary Attributes for the rule`	typing.Optional[typing.List[str]]
`reports`	`Report mappings for the rule`	typing.Optional[typing.Dict[str, typing.List[str]]]
`destinations`	`Alert destinations for the rule`	typing.Optional[typing.Union[str, typing.List[str], DynamicDestinations]]
`alert_title`	`Title to use in the alert`	typing.Optional[typing.Callable[[typing.Any], str]]
`alert_context`	`Optional JSON to attach to alerts generated by this rule`	typing.Optional[typing.Callable[[typing.Any], typing.Dict[str, typing.Any]]]
`alert_grouping`	`Configuration for how an alert is grouped`	typing.Optional[AlertGrouping]

Project details

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Development Status
- 1 - Planning
Environment
- Console
Intended Audience
- Developers
License
- OSI Approved :: GNU Affero General Public License v3
Programming Language
- Python :: 3
Topic
- Security
Typing
- Typed

Release history Release notifications | RSS feed

0.0.19

Sep 23, 2022

0.0.18

Sep 20, 2022

0.0.17

Sep 7, 2022

0.0.16

Aug 31, 2022

0.0.15

Aug 29, 2022

0.0.13

Aug 28, 2022

0.0.12

Aug 25, 2022

0.0.11

Aug 24, 2022

0.0.10

Aug 24, 2022

This version

0.0.9

Aug 24, 2022

0.0.8

Aug 24, 2022

0.0.7

Aug 23, 2022

0.0.6

Aug 18, 2022

0.0.5

Aug 18, 2022

0.0.4

Aug 17, 2022

0.0.2

Aug 17, 2022

0.0.1

Aug 4, 2022

0.0.0

Aug 3, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

panther_config-0.0.9.tar.gz (19.4 kB view hashes)

Uploaded Aug 24, 2022 Source

Hashes for panther_config-0.0.9.tar.gz

Hashes for panther_config-0.0.9.tar.gz
Algorithm	Hash digest
SHA256	`6612310869bb03a63c983a99cdcc1ccb423d31fd1dce37288c73ddc43fc35f31`
MD5	`a1ca3c9276ef30ebca62429a14fe21a2`
BLAKE2b-256	`e01db8e789a58e354e6cf0d900f418cc654f07e32e9c2fc2d448061d7bc7bc6a`