Tenable Identity Exposure MCP Server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| TIE_URL | Yes | Base URL for the Tenable Identity Exposure API, e.g. https://your-host.tenable.ad | |
| TIE_API_KEY | Yes | API key from TIE console (System > Configuration > API key) | |
| TIE_VERIFY_SSL | No | Set to 'false' to disable SSL verification for self-signed certificates | true |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| tie_catalogA | List all available Tenable Identity Exposure API resources and their paths. Call this first to discover what resources exist before using other tools. |
| tie_requestA | Make a direct HTTP call to any Tenable Identity Exposure API endpoint. Args: method: HTTP method (GET, POST, PUT, PATCH, DELETE). path: API path, e.g. "/api/directories" or "/api/attacks/123". params: Optional query string parameters as a dict. body: Optional request body as a dict (used with POST/PUT/PATCH). Returns: Parsed JSON response from the TIE API. |
| tie_resource_actionB | Perform CRUD operations on a TIE resource. Args: resource: Resource name from tie_catalog (e.g. "directories", "attacks", "users"). action: Operation — list, get, create, update, or delete. id: Resource ID for get/update/delete operations. body: Request body for create/update operations. params: Optional query parameters (e.g. pagination, filters). Examples: List all directories: resource="directories", action="list" Get directory #5: resource="directories", action="get", id=5 List recent attacks: resource="attacks", action="list", params={"page": 1} Create a user: resource="users", action="create", body={...} Delete an alert: resource="alerts", action="delete", id=42 |
| tie_deviances_by_checkerA | List IoE deviances for a given checker within a profile (full detail, no date filter). For a time-bounded view use tie_deviances(hours=...) or tie_recent_activity instead.
The TIE API models this as a POST with a filter Args: checker_id: IoE checker id (see tie_resource_action resource="checkers"). profile_id: Security profile id (default 1). page: Page number (1-based). per_page: Results per page. expression: Optional filter expression object. Defaults to {} (no filter). verbose: If False (default), render descriptions and drop giant attribute values to save tokens. Set True for the full raw payload. |
| tie_deviances_by_directoryA | List IoE deviances for a specific directory (full detail, no date filter). Args: infrastructure_id: Infrastructure (forest) id — see resource="infrastructures". directory_id: Directory id — see resource="directories". page: Page number (1-based). per_page: Results per page. verbose: If False (default), render descriptions and drop giant attribute values. |
| tie_deviancesA | Find AD objects with IoE deviances for a checker within a time window. This is the time-filterable deviance query (server-side dateStart/dateEnd via
the checker's ad-objects/search endpoint). Provide Args: checker_id: IoE checker id (see resource="checkers"). profile_id: Security profile id (default 1). Note: your console may use a non-default profile — call tie_profiles to list them. directory_ids: Restrict to these directory ids (default: all directories in scope). hours: Relative look-back window in hours (e.g. 12). Ignored if date_start given. date_start: Explicit ISO 8601 UTC start (e.g. "2026-07-07T16:00:00.000Z"). date_end: Explicit ISO 8601 UTC end (default: now). reasons: Optional reason ids to filter (see /api/profiles/{id}/checkers/{id}/reasons). show_ignored: Include deviances that are currently ignored (default False). page: Page number (1-based). per_page: Results per page. verbose: If False (default), truncate giant attribute values. |
| tie_attacksA | List IoA attack instances for a resource within a profile. The TIE API requires scoping attacks to a resource. For example, to see attacks against directory id 8: resource_type="directory", resource_value="8". Args: resource_type: What resource_value refers to — infrastructure, directory, hostname, or ip. resource_value: The id (for infrastructure/directory) or name/ip value to scope to. profile_id: Security profile id (default 1). attack_type_ids: Optional list of attack type ids to filter (e.g. DCSync, Kerberoasting). date_start: Optional ISO 8601 start of date range. date_end: Optional ISO 8601 end of date range. include_closed: Include closed attacks (default False). limit: Max results (default 50). order: Sort order by date, "desc" (newest first) or "asc". search: Optional free-text search filter. |
| tie_alertsB | List alerts for a security profile. Args: profile_id: Security profile id (default 1). page: Page number (1-based). per_page: Results per page. archived: Optionally filter by archived status (True/False). |
| tie_scoresA | Get per-directory security scores for a profile. Returns a list of {directoryId, score} reflecting the AD security posture (higher is better; scores reflect outstanding IoE deviances). Args: profile_id: Security profile id (default 1). |
| tie_topologyA | Get the Active Directory topology (domains, forests, and trust relationships). Args: profile_id: Security profile id (default 1). |
| tie_search_eventsA | Search AD security events within a date range. Args: directory_ids: One or more directory ids to search (see resource="directories"). date_start: ISO 8601 start of range, e.g. "2026-07-01T00:00:00.000Z". date_end: ISO 8601 end of range. profile_id: Security profile id (default 1). expression: Optional filter expression object. Defaults to {} (no filter). order: Optional ordering object, e.g. {"column": "date", "direction": "desc"}. |
| tie_whoamiA | Get the current user's identity, roles, and permissions (from the API key). |
| tie_search_ad_objectsA | Search Active Directory objects (users, computers, groups, OUs) by name or attribute. Args: query: Search string to match against AD object names/attributes. directory_id: Restrict search to a specific directory. object_type: Filter by object type: "user", "computer", "group", "ou". page: Page number (1-based). per_page: Results per page. |
| tie_profilesA | List security profiles (id + name). IoE/IoA data is scoped to a profile. The console has a selected profile that the API does not expose, so pass the right profile_id explicitly to other tools. |
| tie_recent_activityA | Unified recent-activity timeline of IoE alerts and IoA attacks in one call. Answers questions like "show me IoE/IoA in the last 12 hours". IoE is sourced from the profile's alert feed (time-ordered) and each in-window alert is enriched with its deviance detail (checker + rendered description). IoA is sourced from the attacks endpoint per directory. Results are merged and sorted newest-first. All timestamps are UTC. Args: hours: Look-back window in hours (default 12). profile_id: Security profile id (default 1). See tie_profiles. include_ioe: Include IoE deviance alerts (default True). include_ioa: Include IoA attacks (default True). directory_ids: Restrict to these directory ids (default: all in scope). max_items: Cap on enriched items per category (default 50); truncation is reported. verbose: If False (default), attribute values are slimmed. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/knethteo/tenable-identity-exposure-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server