Vectra AI MCP Server

list_detection_ids

Retrieve detection IDs from Vectra AI security platform with filtering by state, category, source IP, date range, and key asset targeting for threat analysis and incident response.

Instructions

    List detection IDs with filtering and sorting options. Use this to get a list of detection IDs based on various criteria.

    Returns:
        str: JSON string with list of detection IDs.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`ordering`	No	Order by last_timestamp, created_datetime, or id	last_timestamp
`state`	No	Filter by detection state (active, inactive, fixed, filteredbyai, filteredbyrule). Default is 'active'.	active
`detection_category`	No	Filter by detection category. Detections are grouped into one of the following categories: Command & Control, Botnet, Exfiltration, Lateral Movement, Reconnaissance, Info. Can also perform partial word match
`detection_name`	No	Filter by detection name. Can also perform partial word match
`src_ip`	No	Filter by source IP address of the host that generated the detection
`start_date`	No	Filter by start date (YYYY-MM-DDTHH:MM:SS)
`end_date`	No	Filter by end date (YYYY-MM-DDTHH:MM:SS)
`is_targeting_key_asset`	No	Filter for detections targeting a key asset. Defaults to 'False'. Set to 'True' to filter for detections that are targeting key assets. To get all detections regardless of key asset targeting, search for both True and False values.
`limit`	No	Maximum number of detections to return in the batch. Defaults to 1000.

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Tool Definition Quality

C2.7/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It mentions filtering, sorting, and that it returns a JSON string, but lacks critical details: whether this is a read-only operation, potential rate limits, authentication requirements, pagination behavior (beyond the 'limit' parameter), or what happens when no matches are found. For a tool with 9 parameters and no annotations, this is insufficient.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately concise with three sentences that cover purpose and return format. It's front-loaded with the main functionality. However, the 'Returns:' section could be integrated more smoothly, and there's some redundancy ('Use this to get a list...' repeats the purpose). Overall efficient but with minor structural improvements possible.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (9 parameters, filtering/sorting functionality) and the presence of an output schema (which handles return values), the description is minimally adequate. However, with no annotations and multiple sibling tools, it should provide more context about behavioral traits and usage differentiation. The description meets basic requirements but leaves gaps in guidance and transparency.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, meaning all parameters are well-documented in the schema itself. The description adds minimal value beyond the schema, only mentioning 'filtering and sorting options' generically without explaining specific parameters or their interactions. Since the schema does the heavy lifting, the baseline score of 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose3/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description states the tool 'List detection IDs with filtering and sorting options', which provides a clear verb ('List') and resource ('detection IDs'). However, it doesn't distinguish this tool from sibling tools like 'list_detections_with_basic_info' or 'list_detections_with_details', leaving ambiguity about when to use each. The purpose is clear but lacks sibling differentiation.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It mentions 'Use this to get a list of detection IDs based on various criteria', but doesn't specify scenarios where this is preferred over similar tools like 'list_detections_with_basic_info' or 'get_detection_count'. No explicit when/when-not instructions or alternative recommendations are provided.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/vectra-ai-research/vectra-ai-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server