Skip to main content
Glama
Sign In

Panther MCP Server

Official
by panther-labs
GitHub
Python
Apache 2.0
16
  • Apple
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

summarize_alert_events

Aggregate and analyze alert events by grouping them into time windows to identify patterns, related entities, and potential incident scope, aiding security analysts in incident investigation.

Instructions

Analyze patterns and relationships across multiple alerts by aggregating their event data into time-based groups. For each time window (configurable from 1-60 minutes), the tool collects unique entities (IPs, emails, usernames, trace IDs) and alert metadata (IDs, rules, severities) to help identify related activities. Results are ordered chronologically with the most recent first, helping analysts identify temporal patterns, common entities, and potential incident scope.

Returns a dictionary containing query execution details and a query_id for retrieving results.

Input Schema

NameRequiredDescriptionDefault
alert_idsYesList of alert IDs to analyze
end_dateNoThe end date in format "YYYY-MM-DD HH:MM:SSZ" (e.g. "2025-04-22 22:37:41Z"). Defaults to end of today UTC.
start_dateNoThe start date in format "YYYY-MM-DD HH:MM:SSZ" (e.g. "2025-04-22 22:37:41Z"). Defaults to start of today UTC.
time_windowNoThe time window in minutes to group distinct events by

Input Schema (JSON Schema)

{ "properties": { "alert_ids": { "description": "List of alert IDs to analyze", "example": "[\"alert-123\", \"alert-456\", \"alert-789\"]", "items": { "type": "string" }, "title": "Alert Ids", "type": "array" }, "end_date": { "anyOf": [ { "pattern": "^\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}Z$", "type": "string" }, { "type": "null" } ], "default": null, "description": "The end date in format \"YYYY-MM-DD HH:MM:SSZ\" (e.g. \"2025-04-22 22:37:41Z\"). Defaults to end of today UTC.", "title": "End Date" }, "start_date": { "anyOf": [ { "pattern": "^\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}Z$", "type": "string" }, { "type": "null" } ], "default": null, "description": "The start date in format \"YYYY-MM-DD HH:MM:SSZ\" (e.g. \"2025-04-22 22:37:41Z\"). Defaults to start of today UTC.", "title": "Start Date" }, "time_window": { "default": 30, "description": "The time window in minutes to group distinct events by", "maximum": 60, "minimum": 1, "title": "Time Window", "type": "integer" } }, "required": [ "alert_ids" ], "type": "object" }

You must be authenticated.

Other Tools from Panther MCP Server

Related Tools

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/panther-labs/mcp-panther'

If you have feedback or need assistance with the MCP directory API, please join our Discord server