guardduty_get_finding_statistics
Retrieve summary statistics for AWS GuardDuty findings to analyze security threats and monitor detection patterns.
Instructions
Get summary statistics for GuardDuty findings for a given detector.
Parameters:
aws_region (str): The AWS region - use 'us-east-1' if not specified.
detector_id (str): The GuardDuty detector ID.
Returns:
str: JSON-formatted statistics about the findings.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| aws_region | Yes | ||
| detector_id | Yes |
Implementation Reference
- server.py:659-681 (handler)The @mcp.tool()-decorated handler function implementing the tool logic. It uses boto3 to call GuardDuty's get_findings_statistics API with COUNT_BY_SEVERITY, returns JSON-formatted statistics, or an error message.@mcp.tool() async def guardduty_get_finding_statistics(aws_region: str, detector_id: str) -> str: """ Get summary statistics for GuardDuty findings for a given detector. Parameters: aws_region (str): The AWS region - use 'us-east-1' if not specified. detector_id (str): The GuardDuty detector ID. Returns: str: JSON-formatted statistics about the findings. """ try: client = boto3.client('guardduty', region_name=aws_region) response = client.get_findings_statistics( DetectorId=detector_id, FindingStatisticTypes=['COUNT_BY_SEVERITY'], FindingCriteria={} ) statistics = response.get("FindingStatistics", {}) return json.dumps(statistics, indent=2) except Exception as e: return f"Error getting GuardDuty finding statistics: {str(e)}"
- server.py:659-659 (registration)The @mcp.tool() decorator registers the function as an MCP tool, inferring schema from type hints and docstring.@mcp.tool()