get_detection

Retrieve comprehensive details about a security detection, including its body and associated tests, by providing the detection ID and type. Requires permissions for viewing rules and policies.

Instructions

Get detailed information about a Panther detection, including the detection body and tests.

Permissions:{'all_of': ['View Rules', 'View Policies']}

Input Schema

Name	Required	Description	Default
`detection_id`	Yes	The ID of the detection to fetch
`detection_type`	No	One or more detection types - rules, scheduled_rules, simple_rules, or policies.

Input Schema (JSON Schema)

{
  "properties": {
    "detection_id": {
      "description": "The ID of the detection to fetch",
      "examples": [
        "AWS.Suspicious.S3.Activity",
        "GCP.K8S.Privileged.Pod.Created"
      ],
      "title": "Detection Id",
      "type": "string"
    },
    "detection_type": {
      "default": [
        "rules"
      ],
      "description": "One or more detection types - rules, scheduled_rules, simple_rules, or policies.",
      "examples": [
        [
          "rules",
          "simple_rules",
          "scheduled_rules"
        ],
        [
          "policies"
        ]
      ],
      "items": {
        "type": "string"
      },
      "title": "Detection Type",
      "type": "array"
    }
  },
  "required": [
    "detection_id"
  ],
  "type": "object"
}

Panther MCP Server

get_detection

Instructions

Input Schema

Input Schema (JSON Schema)

Other Tools from Panther MCP Server

Related Tools

MCP directory API