Skip to main content
Glama
panther-labs

Panther MCP Server

Official
by panther-labs
OverviewInspectSchemaRelated ServersScoreDiscussions
Python
Remote

update_alert_status

Modify the status of security alerts in Panther's monitoring platform to track investigation progress and resolution.

Instructions

Update the status of one or more Panther alerts.

Returns: Dict containing: - success: Boolean indicating if the update was successful - alerts: List of updated alert IDs if successful - message: Error message if unsuccessful

Permissions:{'all_of': ['Manage Alerts']}

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
alert_idsYesList of alert IDs to update
statusYesNew status for the alerts

Implementation Reference

  • src/mcp_panther/panther_mcp_core/tools/alerts.py:430-507 (handler)
    The complete tool implementation including @mcp_tool registration decorator, Pydantic input schema with validation, and handler logic that performs a PATCH request to the Panther REST API to update the status of specified alerts.
    @mcp_tool( annotations={ "permissions": all_perms(Permission.ALERT_MODIFY), "destructiveHint": True, "idempotentHint": True, } ) async def update_alert_status( alert_ids: Annotated[ list[str], Field(description="List of alert IDs to update"), ], status: Annotated[ str, BeforeValidator(_validate_alert_status), Field( description="New status for the alerts", examples=["OPEN", "TRIAGED", "RESOLVED", "CLOSED"], ), ], ) -> dict[str, Any]: """Update the status of one or more Panther alerts. Returns: Dict containing: - success: Boolean indicating if the update was successful - alerts: List of updated alert IDs if successful - message: Error message if unsuccessful """ logger.info(f"Updating status for alerts {alert_ids} to {status}") try: # Validate status (defensive programming - should also be caught by validator) valid_statuses = {"OPEN", "TRIAGED", "RESOLVED", "CLOSED"} if status not in valid_statuses: raise ValueError( f"Invalid status '{status}'. Must be one of: {', '.join(sorted(valid_statuses))}" ) # Prepare request body body = { "ids": alert_ids, "status": status, } # Execute the REST API call async with get_rest_client() as client: result, status_code = await client.patch( "/alerts", json_data=body, expected_codes=[204, 400, 404] ) if status_code == 404: logger.error(f"One or more alerts not found: {alert_ids}") return { "success": False, "message": f"One or more alerts not found: {alert_ids}", } if status_code == 400: logger.error(f"Bad request when updating alert status: {alert_ids}") return { "success": False, "message": f"Bad request when updating alert status: {alert_ids}", } logger.info(f"Successfully updated {len(alert_ids)} alerts to status {status}") return { "success": True, "alerts": alert_ids, # Return the IDs that were updated } except Exception as e: logger.error(f"Failed to update alert status: {str(e)}") return { "success": False, "message": f"Failed to update alert status: {str(e)}", }

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/panther-labs/mcp-panther'

If you have feedback or need assistance with the MCP directory API, please join our Discord server