get_alert_events

Retrieve recent events associated with a specific alert ID using the Panther MCP Server. Limits results to a maximum of 10 events per query to ensure efficient data retrieval.

Instructions

Get events for a specific Panther alert by ID.
We make a best effort to return the first events for an alert, but order is not guaranteed.

This tool does not support pagination to prevent long-running, expensive queries.

Args:
    alert_id: The ID of the alert to get events for
    limit: Maximum number of events to return (default: 10, maximum: 10)

Returns:
    Dict containing:
    - success: Boolean indicating if the request was successful
    - events: List of most recent events if successful
    - message: Error message if unsuccessful

Input Schema

Name	Required	Description	Default
`alert_id`	Yes
`limit`	No

Input Schema (JSON Schema)

{
  "properties": {
    "alert_id": {
      "title": "Alert Id",
      "type": "string"
    },
    "limit": {
      "default": 10,
      "title": "Limit",
      "type": "integer"
    }
  },
  "required": [
    "alert_id"
  ],
  "type": "object"
}

Panther MCP Server

get_alert_events

Instructions

Input Schema

Input Schema (JSON Schema)

Other Tools from Panther MCP Server

Related Tools

MCP directory API