panther-labs

Scaffold a new Panther detection (rule, policy, or scheduled rule) end to end: pick the right directory and paradigm, copy from templates/, ground field names in the real log schema, generate matching RuleID/Filename/DisplayName, write redacted positive+negative unit tests, add MITRE mapping, and verify with a scoped `pat test`. Use when the user asks to "create / write / add / scaffold a (new) Panther rule / detection / policy / signal" for a specific log type, log source, or behavior — especially for log sources or behaviors not already covered in the repo. Do NOT use for editing or tuning existing detections; for that, just edit the file directly.