search_solutions
Find Microsoft Sentinel solutions by name, publisher, or keyword. Retrieve details about data connectors, detections, and playbooks from GitHub repositories.
Instructions
Search solutions by name, publisher, or keyword
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Implementation Reference
- src/tools/solutionTools.ts:214-275 (handler)The execute function that implements the search_solutions tool logic. It searches solutions by name (case-insensitive match), filters by publisher and/or support_tier, groups connector-table mappings by solution, and returns matching solutions with connector/table counts.
export const searchSolutionsTool = { name: 'search_solutions', description: 'Search solutions by name, publisher, or keyword', inputSchema: z.object({ query: z.string().describe('Search query'), publisher: z.string().optional().describe('Filter by publisher'), support_tier: z.string().optional().describe('Filter by support tier'), }), execute: async (args: { query: string; publisher?: string; support_tier?: string; }): Promise<SearchResult> => { await ensureAnalysis(); if (!cachedAnalysisResult) { throw new Error('Analysis results not available'); } const queryLower = args.query.toLowerCase(); // Group by solution const solutionMap = new Map<string, any>(); cachedAnalysisResult.mappings.forEach((mapping) => { if (!solutionMap.has(mapping.solution)) { solutionMap.set(mapping.solution, { name: mapping.solution, publisher: mapping.publisher, version: mapping.version, supportTier: mapping.supportTier, connectorIds: new Set<string>(), tables: new Set<string>(), }); } const sol = solutionMap.get(mapping.solution)!; sol.connectorIds.add(mapping.connectorId); sol.tables.add(mapping.tableName); }); // Filter solutions const matchingSolutions = Array.from(solutionMap.values()).filter((sol) => { const matchesQuery = sol.name.toLowerCase().includes(queryLower); const matchesPublisher = !args.publisher || sol.publisher === args.publisher; const matchesTier = !args.support_tier || sol.supportTier === args.support_tier; return matchesQuery && matchesPublisher && matchesTier; }); return { solutions: matchingSolutions.map((sol) => ({ name: sol.name, publisher: sol.publisher, version: sol.version, supportTier: sol.supportTier, connectorCount: sol.connectorIds.size, tableCount: sol.tables.size, })), }; }, }; - src/tools/solutionTools.ts:217-221 (schema)Zod input schema for the search_solutions tool, defining query (required string), publisher (optional string), and support_tier (optional string) parameters.
inputSchema: z.object({ query: z.string().describe('Search query'), publisher: z.string().optional().describe('Filter by publisher'), support_tier: z.string().optional().describe('Filter by support tier'), }), - src/types/index.ts:147-156 (schema)SearchResult interface defining the output shape: an array of solutions with name, publisher, version, optional supportTier, connectorCount, and tableCount.
export interface SearchResult { solutions: Array<{ name: string; publisher: string; version: string; supportTier?: string; connectorCount: number; tableCount: number; }>; } - src/tools/solutionTools.ts:410-417 (registration)solutionTools array registration that includes searchSolutionsTool for export and aggregation.
export const solutionTools = [ analyzeSolutionsTool, getConnectorTablesTool, searchSolutionsTool, getSolutionDetailsTool, listTablesTool, validateConnectorTool, ]; - src/index.ts:27-36 (registration)MCP server registration: list_tools handler exposes the tool name/description/schema, and call_tool handler dispatches by name to the tool's execute function.
// Handle list_tools request server.setRequestHandler(ListToolsRequestSchema, async () => { return { tools: allTools.map((tool) => ({ name: tool.name, description: tool.description, inputSchema: tool.inputSchema, })), }; });