Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| evtx_list_files | List all EVTX (Windows Event Log) files in a directory. |
| evtx_get_stats | Get statistics about an EVTX file: event counts, time range, Event ID distribution. |
| evtx_search | Search events from EVTX file. Filter by time, Event ID, keywords, provider. |
| evtx_security_search | Search for security events by type: logon, failed_logon, process_creation, etc. |
| evtx_explain_event_id | Get description of a Windows Event ID. |
| registry_get_key | Get registry key and values from a hive file. |
| registry_search | Search registry values by pattern. |
| registry_get_persistence | Get persistence mechanisms (Run keys, services) from registry. |
| registry_get_users | Get user accounts from SAM hive. |
| registry_get_usb_history | Get USB device history from SYSTEM hive. |
| registry_get_system_info | Get OS version, computer name, timezone from registry. |
| registry_get_network | Get network configuration from SYSTEM hive. |
| forensics_list_important_events | List important Event IDs for a log channel. |
| forensics_list_registry_keys | List forensically important registry keys. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |