Skip to main content
Glama

Panther MCP Server

Official
by panther-labs
GitHub
Python
Apache 2.0
27
  • Apple
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

list_alerts

Retrieve and filter alerts from Panther MCP Server by date range, severity, status, detection ID, log sources, resource types, and more. Customize pagination and search alert titles for efficient monitoring and investigation.

Instructions

List alerts from Panther with comprehensive filtering options

Args: start_date: Optional start date in ISO 8601 format (e.g. "2024-03-20T00:00:00Z") end_date: Optional end date in ISO 8601 format (e.g. "2024-03-21T00:00:00Z") severities: Optional list of severities to filter by (e.g. ["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFO"]) statuses: Optional list of statuses to filter by (e.g. ["OPEN", "TRIAGED", "RESOLVED", "CLOSED"]) cursor: Optional cursor for pagination from a previous query detection_id: Optional detection ID to filter alerts by. If provided, date range is not required. event_count_max: Optional maximum number of events that returned alerts must have event_count_min: Optional minimum number of events that returned alerts must have log_sources: Optional list of log source IDs to filter alerts by log_types: Optional list of log type names to filter alerts by name_contains: Optional string to search for in alert titles page_size: Number of results per page (default: 25, maximum: 50) resource_types: Optional list of AWS resource type names to filter alerts by subtypes: Optional list of alert subtypes. Valid values depend on alert_type: - When alert_type="ALERT": ["POLICY", "RULE", "SCHEDULED_RULE"] - When alert_type="DETECTION_ERROR": ["RULE_ERROR", "SCHEDULED_RULE_ERROR"] - When alert_type="SYSTEM_ERROR": subtypes are not allowed alert_type: Type of alerts to return (default: "ALERT"). One of: - "ALERT": Regular detection alerts - "DETECTION_ERROR": Alerts from detection errors - "SYSTEM_ERROR": System error alerts

Permissions:{'all_of': ['Read Alerts']}

Input Schema

NameRequiredDescriptionDefault
alert_typeNoType of alerts to returnALERT
cursorNoOptional cursor for pagination returned from a previous call
detection_idNoOptional detection ID to filter alerts by; if provided, the date range is not required
end_dateNoOptional end date in ISO-8601 format. If provided, defaults to the end of the current day UTC.
event_count_maxNoOptional maximum number of events an alert may contain
event_count_minNoOptional minimum number of events an alert must contain
log_sourcesNoOptional list of log‑source IDs to filter alerts by
log_typesNoOptional list of log‑type names to filter alerts by
name_containsNoOptional substring to match within alert titles
page_sizeNoNumber of results per page (max 50, default 25)
resource_typesNoOptional list of AWS resource‑type names to filter alerts by
severitiesNoOptional list of severities to filter by
start_dateNoOptional start date in ISO-8601 format. If provided, defaults to the start of the current day UTC.
statusesNoOptional list of statuses to filter by
subtypesNoOptional list of alert subtypes (valid values depend on alert_type)

Input Schema (JSON Schema)

{ "properties": { "alert_type": { "default": "ALERT", "description": "Type of alerts to return", "examples": [ "ALERT", "DETECTION_ERROR", "SYSTEM_ERROR" ], "title": "Alert Type", "type": "string" }, "cursor": { "anyOf": [ { "minLength": 1, "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional cursor for pagination returned from a previous call", "title": "Cursor" }, "detection_id": { "anyOf": [ { "minLength": 1, "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional detection ID to filter alerts by; if provided, the date range is not required", "title": "Detection Id" }, "end_date": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional end date in ISO-8601 format. If provided, defaults to the end of the current day UTC.", "examples": [ "2024-03-20T00:00:00Z" ], "title": "End Date" }, "event_count_max": { "anyOf": [ { "minimum": 1, "type": "integer" }, { "type": "null" } ], "default": null, "description": "Optional maximum number of events an alert may contain", "title": "Event Count Max" }, "event_count_min": { "default": 1, "description": "Optional minimum number of events an alert must contain", "minimum": 1, "title": "Event Count Min", "type": "integer" }, "log_sources": { "default": [], "description": "Optional list of log‑source IDs to filter alerts by", "items": { "type": "string" }, "title": "Log Sources", "type": "array" }, "log_types": { "default": [], "description": "Optional list of log‑type names to filter alerts by", "items": { "type": "string" }, "title": "Log Types", "type": "array" }, "name_contains": { "anyOf": [ { "minLength": 1, "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional substring to match within alert titles", "title": "Name Contains" }, "page_size": { "default": 25, "description": "Number of results per page (max 50, default 25)", "maximum": 50, "minimum": 1, "title": "Page Size", "type": "integer" }, "resource_types": { "default": [], "description": "Optional list of AWS resource‑type names to filter alerts by", "items": { "type": "string" }, "title": "Resource Types", "type": "array" }, "severities": { "default": [ "CRITICAL", "HIGH", "MEDIUM", "LOW" ], "description": "Optional list of severities to filter by", "examples": [ [ "CRITICAL", "HIGH", "MEDIUM", "LOW", "INFO" ] ], "items": { "type": "string" }, "title": "Severities", "type": "array" }, "start_date": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "description": "Optional start date in ISO-8601 format. If provided, defaults to the start of the current day UTC.", "examples": [ "2024-03-20T00:00:00Z" ], "title": "Start Date" }, "statuses": { "default": [ "OPEN", "TRIAGED", "RESOLVED", "CLOSED" ], "description": "Optional list of statuses to filter by", "examples": [ [ "OPEN", "TRIAGED", "RESOLVED", "CLOSED" ], [ "RESOLVED", "CLOSED" ], [ "OPEN", "TRIAGED" ] ], "items": { "type": "string" }, "title": "Statuses", "type": "array" }, "subtypes": { "default": [ "RULE", "SCHEDULED_RULE" ], "description": "Optional list of alert subtypes (valid values depend on alert_type)", "examples": [ [ "RULE" ], [ "SCHEDULED_RULE" ], [ "POLICY" ], [ "RULE", "SCHEDULED_RULE" ], [ "RULE_ERROR", "SCHEDULED_RULE_ERROR" ] ], "items": { "type": "string" }, "title": "Subtypes", "type": "array" } }, "type": "object" }

This server cannot be installed

Other Tools from Panther MCP Server

Related Tools

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/panther-labs/mcp-panther'

If you have feedback or need assistance with the MCP directory API, please join our Discord server