get_alert
Retrieve detailed information about a specific security alert using its unique ID on Panther's MCP Server. Requires 'Read Alerts' permissions to access alert data.
Instructions
Get detailed information about a specific Panther alert by ID
Permissions:{'all_of': ['Read Alerts']}
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| alert_id | Yes | The ID of the alert to fetch |
Implementation Reference
- The handler function for the 'get_alert' MCP tool. It fetches detailed information about a specific Panther alert by ID using the REST API endpoint `/alerts/{alert_id}`. Handles 404 (not found) and 400 (bad request) errors gracefully, returning structured success/failure responses.async def get_alert( alert_id: Annotated[ str, Field(min_length=1, description="The ID of the alert to fetch"), ], ) -> dict[str, Any]: """Get detailed information about a specific Panther alert by ID""" logger.info(f"Fetching alert details for ID: {alert_id}") try: # Execute the REST API call async with get_rest_client() as client: alert_data, status = await client.get( f"/alerts/{alert_id}", expected_codes=[200, 400, 404] ) if status == 404: logger.warning(f"No alert found with ID: {alert_id}") return {"success": False, "message": f"No alert found with ID: {alert_id}"} if status == 400: logger.error(f"Bad request when fetching alert ID: {alert_id}") return { "success": False, "message": f"Bad request when fetching alert ID: {alert_id}", } logger.info(f"Successfully retrieved alert details for ID: {alert_id}") # Format the response return {"success": True, "alert": alert_data} except Exception as e: logger.error(f"Failed to fetch alert details: {str(e)}") return {"success": False, "message": f"Failed to fetch alert details: {str(e)}"}