Panther MCP Server

This function is the RECOMMENDED tool for quickly exploring sample log data with minimal effort. This function constructs a SQL query to fetch recent sample events and executes it against the data lake. The query automatically filters events from the last 7 days to ensure quick results. NOTE: After calling this function, you MUST call get_data_lake_query_results with the returned query_id to retrieve the actual log events. Example usage: # Step 1: Get query_id for sample events result = get_sample_log_events(schema_name="Panther.Audit") # Step 2: Retrieve the actual results using the query_id events = get_data_lake_query_results(query_id=result["query_id"]) # Step 3: Display results in a markdown table format Returns: Dict containing: - success: Boolean indicating if the query was successful - query_id: ID of the executed query for retrieving results with get_data_lake_query_results - message: Error message if unsuccessful Post-processing: After retrieving results, it's recommended to: 1. Display data in a table format (using artifacts for UI display) 2. Provide sample JSON for a single record to show complete structure 3. Highlight key fields and patterns across records

{ "properties": { "schema_name": { "description": "The schema name to query for sample log events", "example": "Panther.Audit", "title": "Schema Name", "type": "string" } }, "required": [ "schema_name" ], "type": "object" }