| get_user | Get the current user of the Intruder API that we are authenticated as |
| get_status | Get the status of the Intruder API |
| list_targets | List all targets in the Intruder account and their associated IDs and status (one of 'live', 'license_exceeded', 'unscanned', 'unresponsive', 'agent_uninstalled').
|
| list_issues | List issues in the Intruder account with optional filters.
Args:
target_addresses: Filter by a list of target addresses
tag_names: Filter by a list of tag names
snoozed: Filter by snoozed status (true or false)
severity: Filter by severity level (one of 'critical', 'high', 'medium', 'low')
|
| list_scans | List scans in the Intruder account with optional filters.
Args:
status: Filter by scan status (in_progress, completed, cancelled, cancelled_no_active_targets,
cancelled_no_valid_targets, analysing_results)
scan_type: Filter by scan type (assessment_schedule, new_service, cloudbot_new_target,
rapid_remediation, advisory, cloud_security)
The scan_type parameters mean:
- assessment_schedule: Scans that run on a regular schedule
- new_service: Scans that are triggered when a new service is exposed on a target
- cloudbot_new_target: Scans that are triggered when CloudBot discovers a new target in a connected cloud account
- rapid_remediation: Scans that a user can trigger to test if a specific issue has been remediated
- advisory: An issue created by the Intruder security team based on their manual work
- cloud_security: Scans of cloud accounts, checking the configuration of the resources in the cloud account
|
| list_tags | List all tags in the Intruder account with optional filters. Tags are applied to targets.
Args:
target_address: Filter by a list of target address
|
| list_occurrences | List all occurrences for a specific issue with optional filters.
Args:
issue_id: The ID of the issue to list occurrences for
target_addresses: Filter by a list of target addresses
tag_names: Filter by a list of tag names
snoozed: Filter by snoozed status (true or false)
|
| get_scanner_output | Get scanner output for a specific occurrence of an issue.
Args:
issue_id: The ID of the issue
occurrence_id: The ID of the occurrence
|
| create_scan | Create a new scan.
Args:
target_addresses: List of target addresses to scan
tag_names: List of tag names to scan targets with these tags
|
| get_scan | Get details of a specific scan.
Args:
scan_id: The ID of the scan to get
|
| cancel_scan | Cancel a running scan.
Args:
scan_id: The ID of the scan to cancel
|
| delete_target | Delete a target.
Args:
target_id: The ID of the target to delete
|
| create_targets | Create one or more targets.
Args:
addresses: List of target addresses to create
Example: ['example.com'] for a single target
Example: ['example.com', 'test.com'] for multiple targets
|
| create_target_tag | Add a tag to a target.
Args:
target_id: The ID of the target to add the tag to
name: The name of the tag to add (max 40 characters)
|
| delete_target_tag | Remove a tag from a target.
Args:
target_id: The ID of the target to remove the tag from
tag_name: The name of the tag to remove
|
| list_licenses | List license information for the Intruder account. Shows usage and limits for infrastructure and application licenses. When a license is used, it is tied to the target that used it for 30 days.
|
| snooze_issue | Snooze an issue and all its current and future occurrences.
Args:
issue_id: The ID of the issue to snooze
reason: Reason for snoozing (required, must one of ACCEPT_RISK, FALSE_POSITIVE, MITIGATING_CONTROLS)
details: Optional details for the snooze
duration: Optional duration for the snooze (in seconds)
duration_type: Optional duration type (e.g., 'days', 'hours')
The reasons mean:
- ACCEPT_RISK - Risk accepted for the issue and all of its occurrences
- FALSE_POSITIVE - False positive - issue and all occurrences have been verified as not exploitable
- MITIGATING_CONTROLS - Mitigating controls are in place
|
| snooze_occurrence | Snooze a specific occurrence of an issue.
Args:
issue_id: The ID of the issue
occurrence_id: The ID of the occurrence to snooze
reason: Reason for snoozing (required, must be one of ACCEPT_RISK, FALSE_POSITIVE, MITIGATING_CONTROLS)
details: Optional details for the snooze
duration: Optional duration for the snooze (in seconds)
duration_type: Optional duration type (e.g., 'days', 'hours')
The reasons mean:
- ACCEPT_RISK - Risk accepted for the issue and all of its occurrences
- FALSE_POSITIVE - False positive - issue and all occurrences have been verified as not exploitable
- MITIGATING_CONTROLS - Mitigating controls are in place
|