get-blocks
Retrieve reusable security finding templates, including vulnerability descriptions, risks, and recommendations, from OnSecurity MCP Server. Filter, sort, and search blocks to identify common findings for pentests and scans.
Instructions
Get all blocks data from OnSecurity. Blocks are reusable security finding templates that can be used across different assessments. They contain standardized vulnerability descriptions, risks, and recommendations. Note that you can get how often a block is used, which is a way to get the most common findings as blocks are the basis of findings across pentests and scans.
Input Schema
Name | Required | Description | Default |
---|---|---|---|
approved | No | Optional filter for approved blocks only | |
automation_approved | No | Optional filter for automation approved blocks only | |
fields | No | Optional comma-separated list of fields to return (e.g. 'id,name,approved'). Use * as wildcard. | |
filters | No | Optional additional filters in format {field: value} or {field-operator: value} where operator can be mt (more than), mte (more than equal), lt (less than), lte (less than equal), eq (equals, default) | |
includes | No | Optional related data to include as comma-separated values. Available: block_business_risks, block_field_variants, block_imports, block_references, block_remediations, block_target_types, block_variables, business_risks, remediations, revisions (e.g. 'block_business_risks,block_remediations') | |
limit | No | Optional limit parameter for max results per page (e.g. 15) | |
page | No | Optional page number to fetch (default: 1) | |
round_type_id | No | Optional round type ID to filter blocks, 1 = pentest round, 3 = scan round | |
search | No | Optional search term to filter blocks by matching text (e.g. 'CSRF', 'SQL Injection') | |
sort | No | Optional sort parameter in format 'field-direction'. Available values: id-asc, round_type_id-asc, name-asc, approved-asc, used_count-asc, created_at-asc, updated_at-asc, id-desc, round_type_id-desc, name-desc, approved-desc, used_count-desc, created_at-desc, updated_at-desc. Default: id-asc |