A common pattern in programming is to extract repeated code into helper functions, and Panther supports this pattern with the
global analysis type.
By default, Panther comes with built-in global helpers such as
panther is a default and already set up for you to define your custom logic, and
panther_oss_helpers provides boilerplate helpers to common caching and other use cases.
Import global helpers in your detections by declared
ID at the top of your analysis function body then call the global as if it were any other python library.
import panther_oss_helpersdef rule(event):return event['name'] == 'test-bucket'def title(event):# Lookup the account name from an account Idaccount_name = panther_oss_helpers.lookup_aws_account_name(event['accountId'])return 'Suspicious request made to account ' + account_name
New globals can be created from the Panther Analysis Tool or in the Panther UI.
To create a new global, navigate to
Type your Python functions, then click
CREATE. This global can now be imported in your rules or policies.