get_security_posture
Assess organizational security posture by retrieving security scores, vulnerability trends, and risk assessments to identify and address security gaps.
Instructions
Get the overall security posture metrics for the organization. Returns security score, vulnerability trends, and risk assessment.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Implementation Reference
- The primary handler function for the 'get_security_posture' tool. Decorated with @mcp.tool() which both registers the tool with the MCP server and defines its execution logic. It calls the ZeroPath API endpoint 'stats/securityPosture' and formats the response using a helper function.@mcp.tool() def get_security_posture() -> str: """ Get the overall security posture metrics for the organization. Returns security score, vulnerability trends, and risk assessment. """ response, error = make_api_request("stats/securityPosture") if error: return error if response.status_code == 200: return process_stats_response(response.json(), "Security Posture") elif response.status_code == 401: return "Error: Unauthorized - check API credentials" elif response.status_code == 400: return f"Error: Bad request - {response.text}" else: return f"Error: API returned status {response.status_code}: {response.text}"
- Helper utility function called by get_security_posture to process and format the raw API response from the security posture endpoint into a human-readable string format, handling nested data structures recursively.def process_stats_response(raw_response, title): """Process stats response into readable format.""" # Handle list response directly if isinstance(raw_response, list): result = f"=== {title} ===\n\n" for i, item in enumerate(raw_response, 1): if isinstance(item, dict): result += f"Item {i}:\n" for k, v in item.items(): formatted_key = ''.join(' ' + c if c.isupper() else c for c in str(k)).strip().title() result += f" {formatted_key}: {v}\n" result += "\n" else: result += f" - {item}\n" return result if isinstance(raw_response, dict) and "error" in raw_response: return f"Error: {raw_response['error']}" result = f"=== {title} ===\n\n" def format_value(key, value, indent=0): """Format a key-value pair with proper indentation.""" prefix = " " * indent if isinstance(value, dict): output = f"{prefix}{key}:\n" for k, v in value.items(): output += format_value(k, v, indent + 1) return output elif isinstance(value, list): output = f"{prefix}{key}:\n" for i, item in enumerate(value): if isinstance(item, dict): output += f"{prefix} Item {i + 1}:\n" for k, v in item.items(): output += format_value(k, v, indent + 2) else: output += f"{prefix} - {item}\n" return output else: # Format the key nicely (camelCase to Title Case) formatted_key = ''.join(' ' + c if c.isupper() else c for c in key).strip().title() return f"{prefix}{formatted_key}: {value}\n" for key, value in raw_response.items(): result += format_value(key, value) return result
- General helper function used by get_security_posture (and other tools) to make authenticated POST requests to the ZeroPath API, handling credentials from environment variables and adding organization ID.def make_api_request(endpoint, payload=None, include_org=True): """Make authenticated API request to ZeroPath.""" if not token_id or not token_secret: return None, "Error: Zeropath API credentials not found in environment variables" headers = { "X-ZeroPath-API-Token-Id": token_id, "X-ZeroPath-API-Token-Secret": token_secret, "Content-Type": "application/json" } if payload is None: payload = {} if include_org and org_id: payload["organizationId"] = org_id try: response = requests.post( f"{API_BASE_URL}/{endpoint}", headers=headers, json=payload ) return response, None except Exception as e: return None, f"Error: {str(e)}"