update_alert_status

Modify the status of multiple Panther alerts by specifying alert IDs and the desired status. Requires 'Manage Alerts' permission to execute. Returns success status, updated alert IDs, and error messages if applicable.

Instructions

Update the status of one or more Panther alerts.

Returns: Dict containing: - success: Boolean indicating if the update was successful - alerts: List of updated alert IDs if successful - message: Error message if unsuccessful

Permissions:{'all_of': ['Manage Alerts']}

Input Schema

Name	Required	Description	Default
`alert_ids`	Yes	List of alert IDs to update
`status`	Yes	New status for the alerts

Input Schema (JSON Schema)

{
  "properties": {
    "alert_ids": {
      "description": "List of alert IDs to update",
      "items": {
        "type": "string"
      },
      "title": "Alert Ids",
      "type": "array"
    },
    "status": {
      "description": "New status for the alerts",
      "examples": [
        "OPEN",
        "TRIAGED",
        "RESOLVED",
        "CLOSED"
      ],
      "title": "Status",
      "type": "string"
    }
  },
  "required": [
    "alert_ids",
    "status"
  ],
  "type": "object"
}

Panther MCP Server

update_alert_status

Instructions

Input Schema

Input Schema (JSON Schema)

Other Tools from Panther MCP Server

Related Tools

MCP directory API