How to programmatically update a lookup table in Panther
Last updated: August 30, 2024
QUESTION
How do I programmatically update a lookup table? I have some lookup tables that need to be updated very often.
ANSWER
This requires two tasks:
Create the lookup tables automatically, for example by writing a script that generates the LUTs in the form of a CSV file.
Put the lookup tables in Panther automatically. The best ways to do this are via AWS S3 as documented here, or using GitHub Actions to automate the upload using
panther_analysis_tool.Please see a working prototype of an example Github Actions workflow here.