You may find yourself repeating the same logic over and over again when writing rules or policies.
A common pattern in programming is to extract repeated code into helper functions, and Panther supports this pattern with the
global analysis type.
By default, Panther comes with two built-in globals named
panther is a default and already set up for you to define your custom logic, and
panther_oss_helpers provides boilerplate helpers to common caching and other use cases.
To use globals,
import them by their defined ID at the top of your analysis function body. Then, call the global as if it were any other python library.
import panther_oss_helpersdef rule(event):return event['name'] == 'test-bucket'def title(event):# Lookup the account name from an account Idaccount_name = panther_oss_helpers.lookup_aws_account_name(event['accountId'])return 'Suspicious request made to account ' + account_name
New globals can be created either with the Panther Analysis Tool (found here) or from within the Panther UI.
To create a new global, navigate to
Type your Python functions, then click
CREATE. This global can now be imported in your rules or policies.