guardduty_get_finding_statistics
Retrieve JSON-formatted summary statistics for GuardDuty findings using a specified AWS region and detector ID. Analyze threat data efficiently.
Instructions
Get summary statistics for GuardDuty findings for a given detector.
Parameters:
aws_region (str): The AWS region - use 'us-east-1' if not specified.
detector_id (str): The GuardDuty detector ID.
Returns:
str: JSON-formatted statistics about the findings.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| aws_region | Yes | ||
| detector_id | Yes |
Input Schema (JSON Schema)
{
"properties": {
"aws_region": {
"title": "Aws Region",
"type": "string"
},
"detector_id": {
"title": "Detector Id",
"type": "string"
}
},
"required": [
"aws_region",
"detector_id"
],
"title": "guardduty_get_finding_statisticsArguments",
"type": "object"
}
Implementation Reference
- server.py:659-681 (handler)Handler function implementing the guardduty_get_finding_statistics tool. It uses the AWS GuardDuty client to retrieve finding statistics by severity and returns them as JSON.@mcp.tool() async def guardduty_get_finding_statistics(aws_region: str, detector_id: str) -> str: """ Get summary statistics for GuardDuty findings for a given detector. Parameters: aws_region (str): The AWS region - use 'us-east-1' if not specified. detector_id (str): The GuardDuty detector ID. Returns: str: JSON-formatted statistics about the findings. """ try: client = boto3.client('guardduty', region_name=aws_region) response = client.get_findings_statistics( DetectorId=detector_id, FindingStatisticTypes=['COUNT_BY_SEVERITY'], FindingCriteria={} ) statistics = response.get("FindingStatistics", {}) return json.dumps(statistics, indent=2) except Exception as e: return f"Error getting GuardDuty finding statistics: {str(e)}"