Vectra AI MCP Server

list_detections_with_basic_info

Retrieve filtered lists of security detections from Vectra AI to quickly identify and prioritize potential threats for investigation.

Instructions

    List detections with basic information and filtering options. Use this to get a quick overview of detections without detailed information.
    
    Returns:
        str: JSON string with list of detections ids.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`state`	No	Filter by detection state (active, inactive, fixed, filteredbyai, filteredbyrule). Default is 'active'.	active
`ordering`	No	Order by last_timestamp, created_datetime, or id. Defaults to 'last_timestamp'	last_timestamp
`detection_category`	No	Filter by detection category. Detections are grouped into one of the following categories: Command & Control, Botnet, Exfiltration, Lateral Movement, Reconnaissance, Info. Can also perform partial word match
`detection_name`	No	Filter by detection name. Can also perform partial word match
`src_ip`	No	Filter by source IP address of the host that generated the detection
`start_date`	No	Filter by start date (YYYY-MM-DDTHH:MM:SS)
`end_date`	No	Filter by end date (YYYY-MM-DDTHH:MM:SS)
`is_targeting_key_asset`	No	Filter for detections targeting a key asset. Defaults to 'False'. Set to 'True' to filter for detections that are targeting key assets. To get all detections regardless of key asset targeting, search for both True and False values.
`limit`	No	Maximum number of detections to return in the batch.

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Tool Definition Quality

B3.2/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It mentions the return type ('JSON string with list of detections ids') but lacks critical behavioral details: whether this is a read-only operation, if it requires authentication, pagination behavior (given the 'limit' parameter), rate limits, or what happens with large result sets. For a list tool with 9 parameters, this is inadequate.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is concise and well-structured in three sentences: purpose, usage guidance, and return value. Each sentence adds value, with no redundant information. However, the return value statement could be integrated more smoothly, and it's slightly front-loaded but not perfectly optimized.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity (9 parameters, no annotations, but 100% schema coverage and an output schema exists), the description is minimally adequate. The output schema means the description doesn't need to explain return values in detail, but it lacks behavioral context for a list operation (e.g., pagination, limits, or error handling). It covers the basics but leaves gaps in operational transparency.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema fully documents all 9 parameters with descriptions, defaults, and constraints. The description adds no parameter-specific information beyond the general mention of 'filtering options.' This meets the baseline of 3, as the schema does the heavy lifting, but the description doesn't enhance understanding of parameter interactions or semantics.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'List detections with basic information and filtering options.' It specifies the verb ('list'), resource ('detections'), and scope ('basic information'). However, it doesn't explicitly distinguish this from sibling tools like 'list_detection_ids' or 'list_detections_with_details' beyond mentioning 'quick overview without detailed information,' which is somewhat vague.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides implied usage guidance: 'Use this to get a quick overview of detections without detailed information.' This suggests when to use it (for quick overviews) but doesn't explicitly state when to use alternatives like 'list_detection_ids' (for just IDs) or 'list_detections_with_details' (for detailed info). No explicit exclusions or prerequisites are mentioned.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/vectra-ai-research/vectra-ai-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server