get_severity_alert_metrics

Analyze alert metrics grouped by severity for rule and policy alerts within a specified time period to identify high-priority issues. Provides total alerts, severity breakdowns, and customizable time intervals for detailed insights.

Instructions

Gets alert metrics grouped by severity for rule and policy alert types within a given time period. Use this tool to identify hot spots in your alerts, and use the list_alerts tool for specific details. Keep in mind that these metrics combine errors and alerts, so there may be inconsistencies from what list_alerts returns.

Returns: Dict: - alerts_per_severity: List of series with breakdown by severity - total_alerts: Total number of alerts in the period - start_date: Start date of the period - end_date: End date of the period - interval_in_minutes: Grouping interval for the metrics

Permissions:{'all_of': ['Read Panther Metrics']}

Input Schema

Name	Required	Description
`alert_types`	No	The specific Panther alert types to get metrics for.
`end_date`	No	Optional end date in ISO-8601 format. If provided, defaults to the end of the current day UTC.
`interval_in_minutes`	No	How data points are aggregated over time, with smaller intervals providing more granular detail of when events occurred, while larger intervals show broader trends but obscure the precise timing of incidents.
`severities`	No	The specific Panther alert severities to get metrics for.
`start_date`	No	Optional start date in ISO-8601 format. If provided, defaults to the start of the current day UTC.

Input Schema (JSON Schema)

{
  "properties": {
    "alert_types": {
      "default": [
        "Rule"
      ],
      "description": "The specific Panther alert types to get metrics for.",
      "examples": [
        [
          "Rule"
        ],
        [
          "Policy"
        ],
        [
          "Rule",
          "Policy"
        ]
      ],
      "items": {
        "type": "string"
      },
      "title": "Alert Types",
      "type": "array"
    },
    "end_date": {
      "anyOf": [
        {
          "type": "string"
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "description": "Optional end date in ISO-8601 format. If provided, defaults to the end of the current day UTC.",
      "examples": [
        "2024-03-20T00:00:00Z"
      ],
      "title": "End Date"
    },
    "interval_in_minutes": {
      "default": 1440,
      "description": "How data points are aggregated over time, with smaller intervals providing more granular detail of when events occurred, while larger intervals show broader trends but obscure the precise timing of incidents.",
      "examples": [
        15,
        30,
        60,
        180,
        360,
        720,
        1440
      ],
      "title": "Interval In Minutes",
      "type": "integer"
    },
    "severities": {
      "default": [
        "CRITICAL",
        "HIGH",
        "MEDIUM",
        "LOW"
      ],
      "description": "The specific Panther alert severities to get metrics for.",
      "examples": [
        [
          "CRITICAL",
          "HIGH"
        ],
        [
          "MEDIUM",
          "LOW"
        ],
        [
          "CRITICAL",
          "HIGH",
          "MEDIUM",
          "LOW",
          "INFO"
        ]
      ],
      "items": {
        "type": "string"
      },
      "title": "Severities",
      "type": "array"
    },
    "start_date": {
      "anyOf": [
        {
          "type": "string"
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "description": "Optional start date in ISO-8601 format. If provided, defaults to the start of the current day UTC.",
      "examples": [
        "2024-03-20T00:00:00Z"
      ],
      "title": "Start Date"
    }
  },
  "type": "object"
}

Panther MCP Server