| get_findingsB | Get security findings from the scan.
Args:
severity: Filter by severity (CRITICAL, HIGH, MEDIUM, LOW)
max_findings: Maximum number of findings to return (default: 20)
snapshot_id: Optional snapshot ID (default: latest)
Returns:
List of security findings with severity and descriptions.
|
| get_assetsC | Get assets from the scan with optional filtering.
Args:
asset_type: Filter by type (e.g., "iam:role", "ec2:instance", "s3:bucket")
search: Search by name or ARN (case-insensitive)
max_assets: Maximum number of assets to return (default: 50)
snapshot_id: Optional snapshot ID (default: latest)
Returns:
List of assets with their properties.
|
| get_relationshipsB | Get relationships between assets with optional filtering.
Args:
relationship_type: Filter by type (e.g., "CAN_ASSUME", "CAN_REACH", "MAY_ACCESS")
source_name: Filter by source asset name
target_name: Filter by target asset name
max_relationships: Maximum number to return (default: 50)
snapshot_id: Optional snapshot ID (default: latest)
Returns:
List of relationships with source, target, and type.
|
| get_scan_summaryB | Get summary of the latest AWS scan. Returns asset counts, finding counts, and attack path counts. |
| set_session_snapshotB | Set or retrieve the active snapshot id used for subsequent calls.
Args:
snapshot_id: Optional scan id/directory name. If omitted, returns current/ latest.
|
| list_toolsB | List all available Cyntrisec tools.
Returns:
List of tools with descriptions.
|
| get_attack_pathsB | Get discovered attack paths from the latest scan.
Args:
max_paths: Maximum number of paths to return (default: 10)
min_risk: Minimum risk score filter (0.0-1.0, default: 0.0)
snapshot_id: Optional snapshot ID (default: latest)
Returns:
List of attack paths with risk scores, confidence, and traversed assets.
|
| explain_pathB | Get detailed explanation of an attack path.
Args:
path_id: The attack path ID to explain
snapshot_id: Optional snapshot ID (default: latest)
Returns:
Detailed breakdown of the attack path with each hop explained.
|
| explain_findingB | Get detailed explanation of a security finding.
Args:
finding_id: The finding ID to explain
snapshot_id: Optional snapshot ID (default: latest)
Returns:
Detailed explanation with context, impact, and remediation steps.
|
| check_accessB | Test if a principal can access a resource.
Args:
principal: IAM role or user name (e.g., "ECforS")
resource: Target resource (e.g., "s3://prod-bucket")
Returns:
Whether access is allowed and via which relationship.
|
| get_remediationsA | Find optimal remediations that block attack paths.
Uses min-cut algorithm to find smallest set of changes
that block all attack paths.
Args:
max_cuts: Maximum number of remediations (default: 5)
Returns:
List of remediations with coverage percentages.
|
| get_terraform_snippetA | Get Terraform code snippet for a specific remediation.
Args:
source_name: Name of the source asset
target_name: Name of the target asset
relationship_type: Type of relationship (e.g., "CAN_ASSUME", "ALLOWS_TRAFFIC_TO")
snapshot_id: Optional snapshot ID (default: latest)
Returns:
Terraform HCL code snippet for the remediation.
|
| get_unused_permissionsA | Find unused IAM permissions (blast radius reduction opportunities).
Args:
days_threshold: Days of inactivity to consider unused
Returns:
Unused permissions grouped by role with reduction percentages.
|
| check_complianceC | Check compliance against CIS AWS or SOC 2 framework.
Args:
framework: "cis-aws" or "soc2"
Returns:
Compliance score and failing controls.
|
| compare_scansA | Compare latest scan to previous scan.
Returns:
Changes in assets, relationships, and attack paths.
|
