update_alert_assignee
Transfer ownership of multiple alerts to a specified user using their ID. Ensure efficient alert management by reassigning alerts with a single action. Requires 'Manage Alerts' permission.
Instructions
Update the assignee of one or more alerts through the assignee's ID.
Returns: Dict containing: - success: Boolean indicating if the update was successful - alerts: List of updated alert IDs if successful - message: Error message if unsuccessful
Permissions:{'all_of': ['Manage Alerts']}
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| alert_ids | Yes | List of alert IDs to update | |
| assignee_id | Yes | The ID of the user to assign the alerts to |
Implementation Reference
- The core handler function for the 'update_alert_assignee' tool. It uses the @mcp_tool decorator for registration and includes input schema validation via Pydantic's Annotated and Field. The function sends a PATCH request to '/alerts' to update the assignee for the given alert IDs.@mcp_tool( annotations={ "permissions": all_perms(Permission.ALERT_MODIFY), "destructiveHint": True, "idempotentHint": True, } ) async def update_alert_assignee( alert_ids: Annotated[ list[str], Field(description="List of alert IDs to update"), ], assignee_id: Annotated[ str, Field(min_length=1, description="The ID of the user to assign the alerts to"), ], ) -> dict[str, Any]: """Update the assignee of one or more alerts through the assignee's ID. Returns: Dict containing: - success: Boolean indicating if the update was successful - alerts: List of updated alert IDs if successful - message: Error message if unsuccessful """ logger.info(f"Updating assignee for alerts {alert_ids} to user {assignee_id}") try: # Prepare request body body = { "ids": alert_ids, "assignee": assignee_id, } # Execute the REST API call async with get_rest_client() as client: result, status = await client.patch( "/alerts", json_data=body, expected_codes=[204, 400, 404] ) if status == 404: logger.error(f"One or more alerts not found: {alert_ids}") return { "success": False, "message": f"One or more alerts not found: {alert_ids}", } if status == 400: logger.error(f"Bad request when updating alert assignee: {alert_ids}") return { "success": False, "message": f"Bad request when updating alert assignee: {alert_ids}", } logger.info(f"Successfully updated assignee for alerts {alert_ids}") return { "success": True, "alerts": alert_ids, # Return the IDs that were updated } except Exception as e: logger.error(f"Failed to update alert assignee: {str(e)}") return { "success": False, "message": f"Failed to update alert assignee: {str(e)}", }
- src/mcp_panther/panther_mcp_core/tools/alerts.py:578-584 (registration)The @mcp_tool decorator registers this function as the MCP tool named 'update_alert_assignee' with required permissions and hints.@mcp_tool( annotations={ "permissions": all_perms(Permission.ALERT_MODIFY), "destructiveHint": True, "idempotentHint": True, } )
- Input schema defined using Pydantic Annotated types with Field descriptions and validations.async def update_alert_assignee( alert_ids: Annotated[ list[str], Field(description="List of alert IDs to update"), ], assignee_id: Annotated[ str, Field(min_length=1, description="The ID of the user to assign the alerts to"), ], ) -> dict[str, Any]: