Server Configuration
Describes the environment variables required to run the server.
Name | Required | Description | Default |
---|---|---|---|
THREATZONE_API_KEY | Yes | Your Threat.Zone API key | |
THREATZONE_API_URL | No | Custom API URL for private tenants or on-premise deployments | https://app.threat.zone |
Schema
Prompts
Interactive templates invoked by user choice
Name | Description |
---|---|
No prompts |
Resources
Contextual data attached and managed by the client
Name | Description |
---|---|
No resources |
Tools
Functions exposed to the LLM to take actions
Name | Description |
---|---|
get_metafields | Get available metafields for scan configuration. |
get_levels | Get threat levels used in analysis results. |
get_statuses | Get submission statuses. |
get_sample_metafield | Get sample metafield configuration for sandbox analysis. |
interpret_status | Interpret a numeric status value from submission results. Args: status_value: Numeric status value (1-5) Returns: Human-readable status description |
interpret_threat_level | Interpret a numeric threat level value from analysis results. Args: level_value: Numeric threat level (0-3) Returns: Human-readable threat level description |
get_submission_status_summary | Get submission details with interpreted status and threat level. Args: uuid: Submission UUID Returns: Submission details with human-readable status and threat level |
get_user_info | Get current user information, workspace details, and usage limits. |
get_server_config | Get current server configuration including API URL and connection status. Returns: Configuration details including API URL, version, and status |
scan_url | Analyze a URL for threats and malicious content. Args: url: The URL to analyze is_public: Whether the scan results should be public |
scan_file_sandbox | Submit a file for advanced sandbox analysis with detailed configuration. Args: file_path: Path to the file to analyze is_public: Whether the scan results should be public (default: False) entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable) environment: Analysis environment - w7_x64, w10_x64, w11_x64, macos, android, linux (default: w10_x64) timeout: Analysis timeout in seconds - 60, 120, 180, 240, 300 (default: 180) work_path: Working directory - desktop, root, %AppData%, windows, temp (default: desktop) mouse_simulation: Enable mouse simulation (default: True) https_inspection: Enable HTTPS inspection (default: False) internet_connection: Enable internet connection (default: False) raw_logs: Include raw logs (default: False) snapshot: Take VM snapshots (default: False) sleep_evasion: Enable sleep evasion techniques (default: False) smart_tracing: Enable smart tracing (default: False) dump_collector: Enable dump collection (default: False) open_in_browser: Open files in browser (default: False) extension_check: Perform extension check (default: True) modules: Analysis modules to use, e.g., ["csi", "cdr"] (default: None) auto_config: Use automatic configuration (default: False) |
scan_file_sandbox_simple | Submit a file for simple sandbox analysis using default settings. This is a simplified version of scan_file_sandbox with default configurations. Use scan_file_sandbox for advanced configuration options. Args: file_path: Path to the file to analyze is_public: Whether the scan results should be public (default: False) entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable) |
scan_file_static | Submit a file for static analysis. Args: file_path: Path to the file to analyze is_public: Whether the scan results should be public entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable) |
scan_file_cdr | Submit a file for CDR (Content Disarm and Reconstruction) processing. Args: file_path: Path to the file to process is_public: Whether the scan results should be public entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable) |
get_submission | Get submission details by UUID. Args: uuid: Submission UUID |
get_submission_indicators | Get all indicators for a specific submission. Args: uuid: Submission UUID |
get_submission_iocs | Get all Indicators of Compromise for a specific submission. Args: uuid: Submission UUID |
get_submission_yara_rules | Get all matched YARA rules for a specific submission. Args: uuid: Submission UUID |
get_submission_varist_results | Get Varist Hybrid Analyzer results for a specific submission. Args: uuid: Submission UUID |
get_submission_artifacts | Get all artifacts for a specific submission. Args: uuid: Submission UUID |
get_submission_config_extractor | Get all extracted configurations for a specific submission. Args: uuid: Submission UUID |
get_submission_dns | Get all DNS queries for a specific submission. Args: uuid: Submission UUID |
get_submission_http | Get all HTTP requests and packets for a specific submission. Args: uuid: Submission UUID |
get_submission_tcp | Get all TCP requests and packets for a specific submission. Args: uuid: Submission UUID |
get_submission_udp | Get all UDP requests and packets for a specific submission. Args: uuid: Submission UUID |
get_submission_network_threats | Get all network threats for a specific submission. Args: uuid: Submission UUID |
get_my_submissions | Get user's submissions with pagination. Args: page: Page number (default: 1) jump: Number of items per page (default: 10) |
get_public_submissions | Get public submissions with pagination. Args: page: Page number (default: 1) jump: Number of items per page (default: 10) |
search_by_hash | Search submissions by file hash (MD5, SHA1, or SHA256). Args: hash: File hash to search for page: Page number (default: 1) jump: Number of items per page (default: 10) |
download_sanitized_file | Download the CDR-sanitized file for a given submission UUID. Args: uuid: Submission UUID Returns: Base64-encoded file content |
download_html_report | Download HTML analysis report for a submission. Args: uuid: Submission UUID Returns: HTML report content |