get_severity_alert_metrics

Analyze alert metrics by severity across rule and policy types within a specified time period. Identify alert hotspots, track trends, and group data by intervals for detailed insights.

Instructions

Gets alert metrics grouped by severity for rule and policy alert types within a given time period. Use this tool to identify hot spots in your alerts, and use the list_alerts tool for specific details. Keep in mind that these metrics combine errors and alerts, so there may be inconsistencies from what list_alerts returns.

Returns:
    Dict:
    - alerts_per_severity: List of series with breakdown by severity
    - total_alerts: Total number of alerts in the period
    - from_date: Start date of the period
    - to_date: End date of the period
    - interval_in_minutes: Grouping interval for the metrics

Input Schema

Name	Required	Description
`alert_types`	No	The specific Panther alert types to get metrics for.
`from_date`	No	The start date of the metrics period.
`interval_in_minutes`	No	How data points are aggregated over time, with smaller intervals providing more granular detail of when events occurred, while larger intervals show broader trends but obscure the precise timing of incidents.
`severities`	No	The specific Panther alert severities to get metrics for.
`to_date`	No	The end date of the metrics period.

Input Schema (JSON Schema)

{
  "$defs": {
    "AlertSeverity": {
      "enum": [
        "CRITICAL",
        "HIGH",
        "MEDIUM",
        "LOW",
        "INFO"
      ],
      "title": "AlertSeverity",
      "type": "string"
    },
    "MetricAlertType": {
      "enum": [
        "Rule",
        "Policy"
      ],
      "title": "MetricAlertType",
      "type": "string"
    }
  },
  "properties": {
    "alert_types": {
      "default": [
        "Rule"
      ],
      "description": "The specific Panther alert types to get metrics for.",
      "items": {
        "$ref": "#/$defs/MetricAlertType"
      },
      "title": "Alert Types",
      "type": "array"
    },
    "from_date": {
      "anyOf": [
        {
          "format": "date-time",
          "type": "string"
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "description": "The start date of the metrics period.",
      "title": "From Date"
    },
    "interval_in_minutes": {
      "default": 1440,
      "description": "How data points are aggregated over time, with smaller intervals providing more granular detail of when events occurred, while larger intervals show broader trends but obscure the precise timing of incidents.",
      "enum": [
        15,
        30,
        60,
        180,
        360,
        720,
        1440
      ],
      "title": "Interval In Minutes",
      "type": "integer"
    },
    "severities": {
      "default": [
        "CRITICAL",
        "HIGH",
        "MEDIUM",
        "LOW"
      ],
      "description": "The specific Panther alert severities to get metrics for.",
      "items": {
        "$ref": "#/$defs/AlertSeverity"
      },
      "title": "Severities",
      "type": "array"
    },
    "to_date": {
      "anyOf": [
        {
          "format": "date-time",
          "type": "string"
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "description": "The end date of the metrics period.",
      "title": "To Date"
    }
  },
  "type": "object"
}

Panther MCP Server