Skip to main content
Glama
DynamicEndpoints

Microsoft 365 Core MCP Server

by DynamicEndpoints
OverviewSchemaRelated ServersScoreDiscussions
JavaScript
Remote

manage_dlp_incidents

Investigate and manage Data Loss Prevention policy violations and incidents, including user notifications and remediation actions for Microsoft 365 security compliance.

Instructions

Investigate and manage DLP policy violations and incidents including user notifications and remediation actions.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
actionYesDLP incident management action
incidentIdNoDLP incident ID
dateRangeNoDate range filter
severityNoIncident severity
statusNoIncident status
policyIdNoAssociated policy ID

Implementation Reference

  • src/handlers/dlp-handler.ts:82-145 (handler)
    Core handler function implementing manage_dlp_incidents tool logic. Handles actions: list (filter by date/severity), get, resolve, escalate DLP incidents via Microsoft Graph /security/alerts_v2 API.
    export async function handleDLPIncidents( graphClient: Client, args: DLPIncidentArgs ): Promise<{ content: { type: string; text: string }[] }> { let apiPath = ''; let result: any; switch (args.action) { case 'list': // List DLP incidents from security events apiPath = '/security/alerts_v2'; const filterConditions: string[] = []; if (args.dateRange) { filterConditions.push(`createdDateTime ge ${args.dateRange.startDate} and createdDateTime le ${args.dateRange.endDate}`); } if (args.severity) { filterConditions.push(`severity eq '${args.severity}'`); } if (filterConditions.length > 0) { apiPath += `?$filter=${filterConditions.join(' and ')}`; } result = await graphClient.api(apiPath).get(); break; case 'get': if (!args.incidentId) { throw new McpError(ErrorCode.InvalidParams, 'incidentId is required for get action'); } apiPath = `/security/alerts_v2/${args.incidentId}`; result = await graphClient.api(apiPath).get(); break; case 'resolve': if (!args.incidentId) { throw new McpError(ErrorCode.InvalidParams, 'incidentId is required for resolve action'); } apiPath = `/security/alerts_v2/${args.incidentId}`; result = await graphClient.api(apiPath).patch({ status: 'resolved', feedback: 'truePositive' }); break; case 'escalate': if (!args.incidentId) { throw new McpError(ErrorCode.InvalidParams, 'incidentId is required for escalate action'); } apiPath = `/security/alerts_v2/${args.incidentId}`; result = await graphClient.api(apiPath).patch({ severity: 'high', classification: 'truePositive' }); break; default: throw new McpError(ErrorCode.InvalidParams, `Invalid action: ${args.action}`); } return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] }; }
  • src/tool-definitions.ts:242-252 (schema)
    Zod input schema for manage_dlp_incidents tool, defining parameters for actions like list, get, resolve, escalate with filters for date range, severity, status.
    export const dlpIncidentSchema = z.object({ action: z.enum(['list', 'get', 'resolve', 'escalate']).describe('DLP incident management action'), incidentId: z.string().optional().describe('DLP incident ID'), dateRange: z.object({ startDate: z.string().describe('Start date'), endDate: z.string().describe('End date'), }).optional().describe('Date range filter'), severity: z.enum(['Low', 'Medium', 'High', 'Critical']).optional().describe('Incident severity'), status: z.enum(['Active', 'Resolved', 'InProgress', 'Dismissed']).optional().describe('Incident status'), policyId: z.string().optional().describe('Associated policy ID'), });
  • src/server.ts:701-719 (registration)
    MCP server registration of manage_dlp_incidents tool, associating the schema with handleDLPIncidents handler, including metadata annotations.
    "manage_dlp_incidents", "Investigate and manage DLP policy violations and incidents including user notifications and remediation actions.", dlpIncidentSchema.shape, {"readOnlyHint":false,"destructiveHint":false,"idempotentHint":false}, wrapToolHandler(async (args: DLPIncidentArgs) => { this.validateCredentials(); try { return await handleDLPIncidents(this.getGraphClient(), args); } catch (error) { if (error instanceof McpError) { throw error; } throw new McpError( ErrorCode.InternalError, `Error executing tool: ${error instanceof Error ? error.message : 'Unknown error'}` ); } }) );
  • src/types/dlp-types.ts:43-53 (schema)
    TypeScript interface DLPIncidentArgs defining input types for the DLP incidents handler, matching the Zod schema.
    export interface DLPIncidentArgs { action: 'list' | 'get' | 'resolve' | 'escalate'; incidentId?: string; dateRange?: { startDate: string; endDate: string; }; severity?: 'Low' | 'Medium' | 'High' | 'Critical'; status?: 'Active' | 'Resolved' | 'InProgress' | 'Dismissed'; policyId?: string; }
  • src/tool-metadata.ts:115-118 (schema)
    Tool metadata for manage_dlp_incidents providing description, title 'DLP Incident Manager', and annotations used in MCP tool discovery and UI hints.
    manage_dlp_incidents: { description: "Investigate and manage DLP policy violations and incidents including user notifications and remediation actions.", title: "DLP Incident Manager", annotations: { title: "DLP Incident Manager", readOnlyHint: false, destructiveHint: false, idempotentHint: false, openWorldHint: true }
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/DynamicEndpoints/m365-core-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server