cyntrisec

Get security findings from the scan. Args: severity: Filter by severity (CRITICAL, HIGH, MEDIUM, LOW) max_findings: Maximum number of findings to return (default: 20) snapshot_id: Optional snapshot ID (default: latest) Returns: List of security findings with severity and descriptions.

Get assets from the scan with optional filtering. Args: asset_type: Filter by type (e.g., "iam:role", "ec2:instance", "s3:bucket") search: Search by name or ARN (case-insensitive) max_assets: Maximum number of assets to return (default: 50) snapshot_id: Optional snapshot ID (default: latest) Returns: List of assets with their properties.

Get relationships between assets with optional filtering. Args: relationship_type: Filter by type (e.g., "CAN_ASSUME", "CAN_REACH", "MAY_ACCESS") source_name: Filter by source asset name target_name: Filter by target asset name max_relationships: Maximum number to return (default: 50) snapshot_id: Optional snapshot ID (default: latest) Returns: List of relationships with source, target, and type.

Set or retrieve the active snapshot id used for subsequent calls. Args: snapshot_id: Optional scan id/directory name. If omitted, returns current/ latest.

List all available Cyntrisec tools. Returns: List of tools with descriptions.

Get discovered attack paths from the latest scan. Args: max_paths: Maximum number of paths to return (default: 10) min_risk: Minimum risk score filter (0.0-1.0, default: 0.0) snapshot_id: Optional snapshot ID (default: latest) Returns: List of attack paths with risk scores, confidence, and traversed assets.

Get detailed explanation of an attack path. Args: path_id: The attack path ID to explain snapshot_id: Optional snapshot ID (default: latest) Returns: Detailed breakdown of the attack path with each hop explained.

Get detailed explanation of a security finding. Args: finding_id: The finding ID to explain snapshot_id: Optional snapshot ID (default: latest) Returns: Detailed explanation with context, impact, and remediation steps.

Test if a principal can access a resource. Args: principal: IAM role or user name (e.g., "ECforS") resource: Target resource (e.g., "s3://prod-bucket") Returns: Whether access is allowed and via which relationship.

Find optimal remediations that block attack paths. Uses min-cut algorithm to find smallest set of changes that block all attack paths. Args: max_cuts: Maximum number of remediations (default: 5) Returns: List of remediations with coverage percentages.

Get Terraform code snippet for a specific remediation. Args: source_name: Name of the source asset target_name: Name of the target asset relationship_type: Type of relationship (e.g., "CAN_ASSUME", "ALLOWS_TRAFFIC_TO") snapshot_id: Optional snapshot ID (default: latest) Returns: Terraform HCL code snippet for the remediation.

Find unused IAM permissions (blast radius reduction opportunities). Args: days_threshold: Days of inactivity to consider unused Returns: Unused permissions grouped by role with reduction percentages.

Check compliance against CIS AWS or SOC 2 framework. Args: framework: "cis-aws" or "soc2" Returns: Compliance score and failing controls.

Compare latest scan to previous scan. Returns: Changes in assets, relationships, and attack paths.