Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| VECTRA_BASE_URL | Yes | Your Vectra portal URL | |
| VECTRA_MCP_HOST | No | Host to bind to for HTTP transports | 0.0.0.0 |
| VECTRA_MCP_PORT | No | Port for HTTP transports | 8000 |
| VECTRA_CLIENT_ID | Yes | Your client ID from Vectra | |
| VECTRA_MCP_DEBUG | No | Enable debug logging | false |
| VECTRA_CLIENT_SECRET | Yes | Your client secret from Vectra | |
| VECTRA_MCP_TRANSPORT | No | Transport protocol (stdio, sse, or streamable-http) | stdio |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| list_detection_ids | List detection IDs with filtering and sorting options. Use this to get a list of detection IDs based on various criteria.
Returns:
str: JSON string with list of detection IDs.
|
| list_detections_with_basic_info | List detections with basic information and filtering options. Use this to get a quick overview of detections without detailed information.
Returns:
str: JSON string with list of detections ids.
|
| list_detections_with_details | List detections with filtering and sorting options. Use this to get a detailed list of detections based on various criteria.
Returns:
str: JSON string with list of detections.
|
| list_entity_detections | List all detections with full details for a specific entity.
Returns:
str: JSON string with list of detections for the entity.
|
| get_detection_count | Get the total count of detections matching the specified criteria.
Returns:
str: Count of detections matching the criteria.
|
| get_detection_details | Get complete detailed information for a particular detection.
Returns:
str: JSON string with detection details.
Raises:
Exception: If fetching detection details fails.
|
| get_detection_summary | Get a concise summary of a detection including its ID, name, category, last timestamp, triage status, state, entity type, and detection summary. The detection summary includes key details about the detection including event specific details and description.
Returns:
str: Formatted string with detection summary.
|
| get_detection_pcap | Get pcap file for a specific detection.
Returns:
str: Base64 encoded pcap data or error message.
Raises:
Exception: If retrieval fails.
|
| list_entities | List entities (hosts & accounts) in Vectra platform based on various filters. This tool returns entities with all their detailed information.
Returns:
str: Formatted string with list of detections.
|
| lookup_entity_info_by_name | Retrieve information about an entity (account or host) by its name. Search is case-insensitive and can match partial names.
Returns:
str: Formatted string with entity information including name, ID, type, last detection timestamp, prioritization status, urgency score, state, and IP address (when available).
If no entities are found, returns a message indicating that no matches were found.
|
| lookup_host_by_ip | Retrieve information about a host entity by its IP address.
Returns:
str: Formatted string with host information including name, ID, type, last detection timestamp, prioritization status, urgency score, state, and IP address.
If no hosts are found with the specified IP address, returns a message indicating that no matches were found.
If an error occurs during the request, raises an exception with the error message.
|
| get_host_details | Get complete detailed information about a specific host entity.
Returns:
str: Formatted string with detailed information about the host entity.
If the host is not found, returns a message indicating that no host was found with the specified ID.
If an error occurs during the request, raises an exception with the error message.
|
| get_account_details | Get complete detailed information about a specific account entity. This tool returns account details including detections, scoring information, associated accounts, access history, detection summaries, external data, and more. Response can be customized using various parameters to include or exclude specific fields and related data.
Returns:
str: JSON string with detailed information about the account. It includes detections, scoring information, associated accounts, access history, detection summaries, external data, and more.
If the account is not found, returns a message indicating that no account was found with the specified ID.
If an error occurs during the request, raises an exception with the error message.
|
| create_assignment | Create investigation assignment for an account or host
Returns:
str: Formatted string with assignment details.
Raises:
Exception: If assignment creation fails.
|
| list_assignments | List all investigation assignments with optional filtering by timestamp and resolved state.
Returns:
str: JSON string with list of assignments.
|
| list_assignments_for_user | List all investigation assignments assigned to a user/analyst.
Returns:
str: JSON string with list of assignments.
|
| delete_assignment | Unassign or delete an investigation assignment by its ID. Use list_assignments and list_assignments_for_user to fetch assignment IDs.
Returns:
str: Confirmation message of deletion.
Raises:
Exception: If deleting assignment fails.
|
| get_assignment_detail_by_id | Retrieve details of a specific investigation assignment.
Returns:
str: JSON string with details of the assignment.
Raises:
Exception: If fetching assignment details fails.
|
| get_assignment_for_entity | Retrieve investigation assignment for a specific account.
Returns:
str: JSON string with assignment details for the account.
Raises:
Exception: If fetching assignment fails.
|
| create_entity_note | Add an investigation note to an entity (host or account).
Returns:
str: Confirmation message with note details.
|
| mark_detection_fixed | Marks or unmark detection as fixed.
For marking as fixed, the detection will be closed as remediated, indicating it has been addressed.
Returns:
str: Confirmation message of operation.
Raises:
Exception: If marking detections fails.
|
| list_platform_users | List users in the Vectra platform.
Returns:
str: JSON string with list of users.
|
| list_lockdown_entities | List entities that are currently in lockdown.
Returns:
str: JSON string with list of entities in lockdown.
|
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| Summarize Detection | Get a detailed summary of a specific detection in Vectra AI platform. |
| Visualize Entity Detections | Visualize realtionship of detections related to a specific entity in Vectra AI platform with a interactive graph. |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |