Skip to main content
Glama
jmaciasc-google

Google Threat Intelligence MCP Server

get_threat_profile_associations_timeline

Retrieves a chronological timeline of associations (malware, campaigns, actors, etc.) for a threat profile, with first and last seen timestamps.

Instructions

Retrieves the associations timeline for the given Threat Profile.

Some important response attributes:

  • event_type (str): the type of the timeline association such as Alias, Motivation, Malware, Actor, Toolkit, Report, Campaign, etc.

  • event_entity (str): The name or value of the timeline association.

  • first_seen (int): Unix epoch UTC time (seconds) when the association between the object and the threat profile was made.

  • last_seen (int): Unix epoch UTC time (seconds) of most recent observed relationship between the object and the threat profile.

  • name (str): name of the object directly associated with the threat profile.

  • link (str): URL of the object directly associated with the threat profile

Returns: List of dictionaries containing timeline associations.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
limitNo
profile_idYes

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault
resultYes
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description must fully convey behavioral traits. It lists output attributes, implying a read operation, but does not explicitly state whether the operation is read-only, destructive, or requires specific permissions. No side effects or limitations are mentioned.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness3/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is reasonably concise with a clear first sentence and a structured list of response attributes. However, the list could be streamlined if an output schema were present, and some sentences are redundant (e.g., 'Returns: List of dictionaries').

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Despite having an output schema (inferred), the description lacks context about the timeline concept, data ordering, pagination, or how profile_id relates to the response. For a tool with no annotations and low schema coverage, more completeness is needed to ensure correct usage.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters2/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 0% description coverage, so the description should clarify parameter semantics. It only mentions 'for the given Threat Profile' without explaining the profile_id parameter's format or source. The limit parameter is self-explanatory but no additional context is given for how it affects results.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states 'Retrieves the associations timeline for the given Threat Profile,' which identifies the verb and resource. While it is specific about the output attributes, it does not explicitly differentiate from sibling tools like get_threat_profile or list_threat_profiles, though the name suggests a distinct purpose.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance is provided on when to use this tool versus alternatives such as get_threat_profile_recommendations or search_threat_actors. There is no discussion of prerequisites, typical use cases, or scenarios where this tool is appropriate or not.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/jmaciasc-google/gti-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server