This rule forwards detections generated by Upwind's API threat telemetry into Panther to enable faster investigation and response for API-layer issues. It covers a range of API security patterns detectable at the API gateway or service layer, including broken authentication, authorization flaws (e.g., BOLA/IDOR), injection, mass assignment, token misuse, and exposure of sensitive data. The rule re-raises qualifying Upwind API detections as Panther alerts, preserving the detection context (resource, initiator, timestamps, severity) to support cross-tool investigations and correlation with other Panther detections.