analyze_drift
Compare current DNS security posture against a prior scan snapshot to determine if the domain's score improved, regressed, or remained stable. Provides a drift classification and score delta.
Instructions
Measure whether a domain's DNS security posture improved or regressed by comparing the current state against a prior scan snapshot. Returns a drift classification (improving/stable/regressing/mixed), score delta, and lists of improvements and regressions. Use to answer "did our security score improve or regress since last time?" — distinct from compare_baseline which checks compliance against a fixed policy (not improvement over time).
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Domain to analyze drift for | |
| format | No | Output verbosity. Auto-detected if omitted. | |
| baseline | Yes | Prior scan reference for drift-over-time analysis: a previous ScanScore JSON STRING, or the literal "cached" to reuse the last cached scan. NOT a policy/requirements object — for compliance enforcement against required controls, use compare_baseline instead. | |
| force_refresh | No | Bypass cache and run a fresh check. Useful after DNS changes. |