Skip to main content
Glama
honeylabshq

honeylabs-mcp

Official

attack_timeline_tool

Displays attack volume over time with hourly or daily buckets. Filter by protocol, country, or port to identify trends and spikes in threat activity.

Instructions

Attack volume over time, bucketed by hour or day. Use for: 'show attack trends this week', 'was there a spike on port 22?', 'how has SSH scanning changed?', 'attack volume from China over 30 days'. bucket: 'hour' or 'day'. Optional filters: filter_protocol ('tls'/'''), filter_country (2-letter code), filter_dest_port. since/until ISO-8601 UTC.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
sinceYes
untilYes
bucketNoday
filter_protocolNo
filter_countryNo
filter_dest_portNo

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault
resultYes
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries full burden. It describes the core behavior (returns bucketed attack volume) and mentions optional filters, but does not disclose whether it is read-only, any rate limits, data freshness, or potential side effects. This is adequate but not thorough.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is concise (two sentences plus a list of use cases and parameter notes) and front-loaded with the main purpose. It could be slightly more organized, but every sentence adds value without redundancy.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the presence of an output schema (which covers return values) and the description's coverage of filters and use cases, the tool is well-specified for an agent to invoke correctly. Missing details like pagination or limits are minor given the context.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, and the description compensates fully by explaining each parameter's purpose and format: bucket ('hour' or 'day'), filter_protocol ('tls' or ''), filter_country (2-letter code), filter_dest_port, and since/until as ISO-8601 UTC. This provides essential context missing from the raw schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Attack volume over time, bucketed by hour or day.' It provides specific use-case examples ('show attack trends this week', 'was there a spike on port 22?') and distinguishes itself from sibling tools by focusing on temporal volume trends rather than enrichment or search.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description includes concrete query examples like 'how has SSH scanning changed?' that implicitly guide usage. However, it does not explicitly state when not to use this tool or contrast with alternatives like search_events_tool, leaving some ambiguity.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/honeylabshq/honeylabs-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server