get_detection
Retrieve comprehensive details about a security detection, including its body and associated tests, by providing the detection ID and type. Requires permissions for viewing rules and policies.
Instructions
Get detailed information about a Panther detection, including the detection body and tests.
Permissions:{'all_of': ['View Rules', 'View Policies']}
Input Schema
Name | Required | Description | Default |
---|---|---|---|
detection_id | Yes | The ID of the detection to fetch | |
detection_type | No | One or more detection types - rules, scheduled_rules, simple_rules, or policies. |
Input Schema (JSON Schema)
{
"properties": {
"detection_id": {
"description": "The ID of the detection to fetch",
"examples": [
"AWS.Suspicious.S3.Activity",
"GCP.K8S.Privileged.Pod.Created"
],
"title": "Detection Id",
"type": "string"
},
"detection_type": {
"default": [
"rules"
],
"description": "One or more detection types - rules, scheduled_rules, simple_rules, or policies.",
"examples": [
[
"rules",
"simple_rules",
"scheduled_rules"
],
[
"policies"
]
],
"items": {
"type": "string"
},
"title": "Detection Type",
"type": "array"
}
},
"required": [
"detection_id"
],
"type": "object"
}