| get_userA | Get the current user of the Intruder API that we are authenticated as |
| get_statusA | Get the status of the Intruder API |
| list_targetsA | List all targets in the Intruder account and their associated IDs and status (one of 'live', 'license_exceeded', 'unscanned', 'unresponsive', 'agent_uninstalled').
|
| list_issuesC | List issues in the Intruder account with optional filters.
Args:
target_addresses: Filter by a list of target addresses
tag_names: Filter by a list of tag names
snoozed: Filter by snoozed status (true or false)
severity: Filter by severity level (one of 'critical', 'high', 'medium', 'low')
|
| list_scansA | List scans in the Intruder account with optional filters.
Args:
status: Filter by scan status (in_progress, completed, cancelled, cancelled_no_active_targets,
cancelled_no_valid_targets, analysing_results)
scan_type: Filter by scan type (assessment_schedule, new_service, cloudbot_new_target,
rapid_remediation, advisory, cloud_security)
The scan_type parameters mean:
- assessment_schedule: Scans that run on a regular schedule
- new_service: Scans that are triggered when a new service is exposed on a target
- cloudbot_new_target: Scans that are triggered when CloudBot discovers a new target in a connected cloud account
- rapid_remediation: Scans that a user can trigger to test if a specific issue has been remediated
- advisory: An issue created by the Intruder security team based on their manual work
- cloud_security: Scans of cloud accounts, checking the configuration of the resources in the cloud account
|
| list_tagsB | List all tags in the Intruder account with optional filters. Tags are applied to targets.
Args:
target_address: Filter by a list of target address
|
| list_occurrencesB | List all occurrences for a specific issue with optional filters.
Args:
issue_id: The ID of the issue to list occurrences for
target_addresses: Filter by a list of target addresses
tag_names: Filter by a list of tag names
snoozed: Filter by snoozed status (true or false)
|
| get_scanner_outputB | Get scanner output for a specific occurrence of an issue.
Args:
issue_id: The ID of the issue
occurrence_id: The ID of the occurrence
|
| create_scanC | Create a new scan.
Args:
target_addresses: List of target addresses to scan
tag_names: List of tag names to scan targets with these tags
|
| get_scanA | Get details of a specific scan.
Args:
scan_id: The ID of the scan to get
|
| cancel_scanA | Cancel a running scan.
Args:
scan_id: The ID of the scan to cancel
|
| delete_targetC | Delete a target.
Args:
target_id: The ID of the target to delete
|
| create_targetsB | Create one or more targets.
Args:
addresses: List of target addresses to create
Example: ['example.com'] for a single target
Example: ['example.com', 'test.com'] for multiple targets
|
| create_target_tagB | Add a tag to a target.
Args:
target_id: The ID of the target to add the tag to
name: The name of the tag to add (max 40 characters)
|
| delete_target_tagA | Remove a tag from a target.
Args:
target_id: The ID of the target to remove the tag from
tag_name: The name of the tag to remove
|
| list_licensesA | List license information for the Intruder account. Shows usage and limits for infrastructure and application licenses. When a license is used, it is tied to the target that used it for 30 days. |
| snooze_issueA | Snooze an issue and all its current and future occurrences.
Args:
issue_id: The ID of the issue to snooze
reason: Reason for snoozing (required, must one of ACCEPT_RISK, FALSE_POSITIVE, MITIGATING_CONTROLS)
details: Optional details for the snooze
duration: Optional duration for the snooze (in seconds)
duration_type: Optional duration type (e.g., 'days', 'hours')
The reasons mean:
- ACCEPT_RISK - Risk accepted for the issue and all of its occurrences
- FALSE_POSITIVE - False positive - issue and all occurrences have been verified as not exploitable
- MITIGATING_CONTROLS - Mitigating controls are in place
|
| snooze_occurrenceA | Snooze a specific occurrence of an issue.
Args:
issue_id: The ID of the issue
occurrence_id: The ID of the occurrence to snooze
reason: Reason for snoozing (required, must be one of ACCEPT_RISK, FALSE_POSITIVE, MITIGATING_CONTROLS)
details: Optional details for the snooze
duration: Optional duration for the snooze (in seconds)
duration_type: Optional duration type (e.g., 'days', 'hours')
The reasons mean:
- ACCEPT_RISK - Risk accepted for the issue and all of its occurrences
- FALSE_POSITIVE - False positive - issue and all occurrences have been verified as not exploitable
- MITIGATING_CONTROLS - Mitigating controls are in place
|
| list_scan_schedulesA | List all scan schedules in the Intruder account, including the full record for each. |
| create_scan_scheduleB | Create a recurring scan schedule.
Args:
name: Name of the schedule
first_scan_time: ISO 8601 timestamp of the first scan. Must be in the future and on the hour
(e.g. '2026-05-01T03:00:00Z', not '2026-05-01T03:12:34Z')
scan_frequency: One of 'daily', 'weekly', 'monthly', 'quarterly'
target_ids: List of target IDs to include in the schedule
tag_names: List of target tag names to include in the schedule
throttled: Whether to throttle the scan
web_ports_only: Only scan standard web ports
upload_to_drata: Upload scan results to Drata
upload_to_vanta: Upload scan results to Vanta
|
| update_scan_scheduleA | Update an existing scan schedule. Only the provided fields are changed.
Args:
schedule_id: The ID of the scan schedule to update
name: Rename the schedule
first_scan_time: ISO 8601 timestamp, in the future and on the hour
scan_frequency: One of 'daily', 'weekly', 'monthly', 'quarterly'
target_ids: Replace the set of target IDs included in the schedule
tag_names: Replace the set of target tag names included in the schedule
throttled: Whether to throttle the scan
web_ports_only: Only scan standard web ports
upload_to_drata: Upload scan results to Drata
upload_to_vanta: Upload scan results to Vanta
|
| delete_scan_scheduleB | Delete a scan schedule.
Args:
schedule_id: The ID of the scan schedule to delete
|
