Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| TRANSPORT_TYPE | No | Transport type for Docker container deployment (streamable or sse) | streamable |
| EXCLUDE_TOOLKITS | No | Comma-separated list of toolkits to exclude (all except these will be enabled). Note: If INCLUDE_TOOLKITS is set, EXCLUDE_TOOLKITS is ignored | |
| INCLUDE_TOOLKITS | No | Comma-separated list of toolkits to include (only these will be enabled). Available toolkits: containers, clusters, identities, audit, cloud_inventory, images, kubeobject, misconfigs, runtime, runtime_network, threats, findings, cves, inbox, workflows | |
| RAD_SECURITY_ACCOUNT_ID | No | Your RAD Security account ID | |
| RAD_SECURITY_SECRET_KEY | No | Your RAD Security secret key | |
| RAD_SECURITY_ACCESS_KEY_ID | No | Your RAD Security access key ID |
Capabilities
Server capabilities have not been inspected yet.
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| list_containers | List containers secured by RAD Security with optional filtering by image name, image digest, namespace, cluster_id, or free text search |
| get_container_details | Get detailed information about a container secured by RAD Security |
| list_clusters | List Kubernetes clusters managed by RAD Security |
| get_cluster_details | Get detailed information about a specific Kubernetes cluster managed by RAD Security |
| list_identities | Get list of identities for a specific Kubernetes cluster |
| get_identity_details | Get detailed information about a specific identity in a Kubernetes cluster |
| who_shelled_into_pod | Get k8s audit logs with information about users who shelled into a pod |
| list_cloud_resources | List cloud resources for a specific provider with optional filtering |
| get_cloud_resource_details | Get detailed information about a specific cloud resource |
| get_cloud_resource_facets | Get available facets for filtering cloud resources from a provider |
| get_cloud_resource_facet_value | Get values for a specific facet from a cloud provider |
| list_compliance_frameworks | List all compliance frameworks available for cloud resources (e.g., CIS, SOC2, PCI-DSS) |
| list_framework_requirements | List all requirements for a specific compliance framework |
| list_requirement_controls | List controls associated with a specific requirement within a compliance framework |
| list_compliance_controls | List all compliance control summaries for the account |
| get_compliance_control | Get detailed information about a specific compliance control |
| list_control_resources | List cloud resources associated with a specific compliance control |
| list_images | List container images with optional filtering by page, page size, sort, and search query |
| list_image_vulnerabilities | List vulnerabilities in a container image with optional filtering by severity |
| get_top_vulnerable_images | Get the most vulnerable images from your account |
| get_image_sbom | Get the SBOM of a container image |
| get_k8s_resource_details | Get the latest manifest of a Kubernetes resource |
| list_k8s_resources | List Kubernetes resources with optional filtering by namespace, resource types, and cluster |
| list_k8s_resource_misconfigs | Get manifest misconfigurations for a Kubernetes resource |
| get_k8s_resource_misconfig | Get detailed information about a specific Kubernetes resource misconfiguration |
| list_k8s_resource_misconfig_policies | List available misconfiguration policies used by RAD Security to detect Kubernetes resource misconfigurations |
| get_containers_process_trees | Get process trees for multiple containers |
| get_containers_baselines | Get runtime baselines for multiple containers |
| get_container_llm_analysis | Get LLM analysis of a container's process tree |
| list_http_requests | List HTTP requests insights with optional filtering by method, path, source and destination workloads, and PII detection |
| list_network_connections | List network connections with optional filtering |
| list_network_connection_srcs | List network connection sources with optional filtering by source and destination workloads |
| list_threat_vectors | List threat vectors |
| list_security_findings | List security findings with optional filtering by types, severities, sources, and status |
| update_security_finding_status | Update the status of a security finding |
| list_cve_vendors | Get a list of all vendors in the CVE database. Source: cve-search.org |
| list_cve_products | Get a list of all products associated with a vendor in the CVE database. Source: cve-search.org |
| search_cves | Search CVEs by vendor and optionally product. Source: cve-search.org |
| get_cve | Get details for a specific CVE ID. Source: cve-search.org |
| get_latest_30_cves | Get the latest/newest 30 CVEs including CAPEC, CWE and CPE expansions. Source: cve-search.org |
| mark_inbox_item_as_false_positive | Mark an inbox item as a false positive with a reason |
| list_inbox_items | List inbox items with optional filtering by any field. Multiple filters can be combined eg. 'search:cve-2024-12345 and severity:high' |
| get_inbox_item_details | Get detailed information about a specific inbox item |
| list_workflows | List all workflows |
| get_workflow | Get detailed information about a specific workflow by ID. It contains the workflow definition, default arguments, and schema how to run the workflow |
| list_workflow_runs | List workflow runs with optional filtering by workflow ID |
| get_workflow_run | Get detailed information about a specific workflow run |
| run_workflow | Run a workflow with optional argument overrides |
| list_workflow_schedules | List workflow schedules with optional filtering by workflow ID |
| search_knowledge_base | Search your organization's knowledge base to find relevant uploaded documents, procedures, reports, and other content using natural language queries |
| list_knowledge_base_collections | List all collections in your organization's knowledge base. Collections are used to organize and categorize documents |
| list_knowledge_base_documents | List documents in your organization's knowledge base with optional filtering by collections, file type, or status |
| query_knowledge_base_document | Query a CSV document from the knowledge base using natural language. IMPORTANT: This tool ONLY works with CSV documents. Use list_knowledge_base_documents with filters='file_type:csv' to find CSV document IDs (search_knowledge_base results also contain document IDs). Results are returned as a markdown table |
| radql_list_data_types | List all available RadQL data types (discovery). ALWAYS call this FIRST before using other RadQL tools to discover what data is available to query. Returns data types like 'containers', 'kubernetes_resources', 'inbox_items', 'vulnerabilities', etc. with descriptions. |
| radql_get_type_metadata | Get schema/metadata for a specific RadQL data type. Shows available fields, data types, which fields can be filtered/searched, and provides query examples. Call this AFTER radql_list_data_types to understand how to query a specific data type. |
| radql_list_filter_values | List possible values for a filter field (e.g., namespace list, cluster list, severity values). Useful for building dynamic filters when you need to know available enum-like values. Call this when constructing filters that need specific values. |
| radql_query | Execute RadQL queries for security investigations. Supports: list (filter/search), get_by_id (single item), stats (aggregations). WORKFLOW: radql_list_data_types -> radql_get_type_metadata -> radql_query COMMON FIELDS BY DATA TYPE: containers: name, image_name, image_repo, owner_kind, cluster_id, created_at Example: image_name:nginx AND owner_kind:Pod finding_groups: type, source_kind, source_name, rule_title, severity, event_timestamp Types: k8s_misconfiguration, k8s_audit_logs_anomaly, threat_vector Example: type:k8s_misconfiguration AND severity:critical inbox_items: severity (High|Medium|Low), type, title, archived, false_positive, created_at Example: severity:High AND archived:false kubernetes_resources: kind, name, namespace, cluster_id, owner_kind, created_at Example: kind:Deployment AND namespace:production CRITICAL QUOTING RULES: MUST quote when value contains:
OK to leave unquoted:
For complete schema: call radql_get_type_metadata with target data_type |
| radql_query_builder | Helper tool to build RadQL queries programmatically from structured conditions. Useful when you need to construct complex filter or stats queries from structured inputs. |
| radql_batch_query | Execute multiple RadQL queries in parallel for efficiency. Useful for fetching related data from different data types simultaneously (e.g., container details + vulnerabilities + network connections). |
| list_widget_templates | List widget templates with optional filtering by visualization type and category |
| get_widget_template | Get detailed information about a specific widget template |
| list_dashboard_templates | List dashboard templates with optional filtering by category |
| get_dashboard_template | Get detailed information about a specific dashboard template |
| list_dashboards | List dashboards for the account |
| get_dashboard | Get detailed information about a specific dashboard |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |