get_alert
Retrieve detailed security alert information by ID to investigate threats and monitor incidents in Panther's security platform.
Instructions
Get detailed information about a specific Panther alert by ID
Permissions:{'all_of': ['Read Alerts']}
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| alert_id | Yes | The ID of the alert to fetch |
Implementation Reference
- The main execution logic for the 'get_alert' MCP tool. Fetches alert details by ID using Panther REST API, handles success, not found (404), bad request (400), and errors gracefully.
@mcp_tool( annotations={ "permissions": all_perms(Permission.ALERT_READ), "readOnlyHint": True, } ) async def get_alert( alert_id: Annotated[ str, Field(min_length=1, description="The ID of the alert to fetch"), ], ) -> dict[str, Any]: """Get detailed information about a specific Panther alert by ID""" logger.info(f"Fetching alert details for ID: {alert_id}") try: # Execute the REST API call async with get_rest_client() as client: alert_data, status = await client.get( f"/alerts/{alert_id}", expected_codes=[200, 400, 404] ) if status == 404: logger.warning(f"No alert found with ID: {alert_id}") return {"success": False, "message": f"No alert found with ID: {alert_id}"} if status == 400: logger.error(f"Bad request when fetching alert ID: {alert_id}") return { "success": False, "message": f"Bad request when fetching alert ID: {alert_id}", } logger.info(f"Successfully retrieved alert details for ID: {alert_id}") # Format the response return {"success": True, "alert": alert_data} except Exception as e: logger.error(f"Failed to fetch alert details: {str(e)}") return {"success": False, "message": f"Failed to fetch alert details: {str(e)}"} - src/mcp_panther/server.py:71-76 (registration)Registers all @mcp_tool-decorated functions (including get_alert) with the FastMCP server instance by calling register_all_tools(mcp).
# Register all tools with MCP using the registry register_all_tools(mcp) # Register all prompts with MCP using the registry register_all_prompts(mcp) # Register all resources with MCP using the registry register_all_resources(mcp) - src/mcp_panther/panther_mcp_core/tools/registry.py:75-108 (registration)The function that iterates over the global _tool_registry (populated by @mcp_tool decorators) and registers each tool, including 'get_alert', by calling mcp_instance.tool(name=func.__name__, ...)(func).
def register_all_tools(mcp_instance) -> None: """ Register all tools marked with @mcp_tool with the given MCP instance. Args: mcp_instance: The FastMCP instance to register tools with """ logger.info(f"Registering {len(_tool_registry)} tools with MCP") # Sort tools by name sorted_funcs = sorted(_tool_registry, key=lambda f: f.__name__) for tool in sorted_funcs: logger.debug(f"Registering tool: {tool.__name__}") # Get tool metadata if it exists metadata = getattr(tool, "_mcp_tool_metadata", {}) annotations = metadata.get("annotations", {}) # Create tool decorator with metadata tool_decorator = mcp_instance.tool( name=metadata.get("name"), description=metadata.get("description"), annotations=annotations, ) if annotations and annotations.get("permissions"): if not tool.__doc__: tool.__doc__ = "" tool.__doc__ += f"\n\n Permissions:{annotations.get('permissions')}" # Register the tool tool_decorator(tool) logger.info("All tools registered successfully")