Skip to main content
Glama
Sentinel-One

Purple AI MCP Server

Official
by Sentinel-One

cve_search_by_vendor

Search for CVEs by vendor name and optionally filter by product to find known vulnerabilities affecting your assets.

Instructions

Search for CVEs by vendor name and optionally filter by product.

This tool searches the CVE database for vulnerabilities affecting specific vendors and their products. Can be used to browse available products or get a comprehensive list of CVEs for a vendor/product combination.

What this tool provides:

  • List of CVEs for a specific vendor/product

  • Available products for a vendor (when product not specified)

  • Complete CVE details for each result

  • Sorted by severity and recency

Common Use Cases:

  • Asset vulnerability scanning

  • Vendor risk assessment

  • Product-specific security monitoring

  • Patch management planning

  • Security posture evaluation

Args: vendor: The vendor name (case-insensitive, use lowercase). Examples: 'microsoft', 'apache', 'cisco', 'linux', 'oracle' product: Optional product name (case-insensitive, use lowercase). Examples: 'office', 'httpd', 'ios', 'kernel', 'database' If omitted, returns list of available products for the vendor.

Returns: When product is specified: - JSON string containing array of CVE objects with full details

When product is omitted:
- JSON string containing array of available product names for that vendor

Examples: Search CVEs: vendor="microsoft", product="windows" Search CVEs: vendor="apache", product="httpd" List products: vendor="cisco" (product omitted) List products: vendor="linux" (product omitted)

Notes: - Vendor/product names should be lowercase - Use underscores or hyphens as they appear in CPE names - Product browsing helps discover correct product names - Results may include multiple product versions - No API key required - When vendor/product is not found, returns a structured JSON response with found=false

Raises: CVEClientError: If there's an error communicating with the API.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
vendorYes
productNo

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault
resultYes
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided, but description fully discloses behavioral traits: sorting by severity/recency, error handling (found=false response), API requirements (no key), case-insensitivity, and raised exceptions.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Well-structured with clear sections (summary, what it provides, use cases, args, returns, examples, notes, raises). Every sentence adds value; no redundancy.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Tool has only 2 params and no annotations, but description covers all needed context: inputs, behaviors, return formats, error handling, and practical examples. Output schema implied but description compensates with thorough explanation.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 0%, but description adds detailed semantics: vendor and product are case-insensitive, lowercase, with examples. It explains the dual behavior when product is omitted (returns product list vs CVEs).

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states it searches for CVEs by vendor and optionally product. It distinguishes from sibling tools like cve_search_by_id and the many other tools focused on different resources.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Provides common use cases and examples, and explains when to omit product to browse products. Does not explicitly contrast with alternatives like cve_database_status or cve_search_by_id, but context is sufficiently clear.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Sentinel-One/purple-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server