policyfunction with a
resourceargument that returns
Trueif the resource is compliant and the policy should not send an alert, or
Falseif the resource is not complaint and the policy should send an alert
policy()function that accepts one argument
boolfrom the policy function
policy()body, returning a value of
Trueindicates the resource is compliant and no alert should be sent. Returning a value of
Falseindicates the resource is non-compliant and an alert or automatic remediation should be sent.
Configuration Requiredtag. These policies are designed to be modified by you, the security professional, based on your organization's business logic.
Create Newin the top right corner. You have the option of creating a single new policy, or uploading a zip file containing policies created with the
panther_analysis_tool. Clicking single will take you to the policy editor page.
Resources, and apply a filter of the resource type you intend to emulate in your test. Select a resource in your environment, and on the
Attributescard you can copy the full JSON representation of that resource by selecting copy button next to the word
Resourcefield if you are working locally. Now you can manually modify the fields relevant to your policy and the specific test case you are trying to emulate.
Erroron a given resource, that means that the policy threw an exception. The best method for troubleshooting these errors is to use option 1 in the Constructing test resources section above and create a test case from the resource causing the exception.