list_databases
Retrieve all available data lake databases in Panther's security monitoring platform to identify and access security log repositories for investigation.
Instructions
List all available datalake databases in Panther.
Returns: Dict containing: - success: Boolean indicating if the query was successful - databases: List of databases, each containing: - name: Database name - description: Database description - message: Error message if unsuccessful
Permissions:{'all_of': ['Query Data Lake']}
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Implementation Reference
- The primary handler and registration for the 'list_databases' MCP tool. Decorated with @mcp_tool and implements the core logic by executing LIST_DATABASES_QUERY.
@mcp_tool( annotations={ "permissions": all_perms(Permission.DATA_ANALYTICS_READ), "readOnlyHint": True, } ) async def list_databases() -> Dict[str, Any]: """List all available datalake databases in Panther. Returns: Dict containing: - success: Boolean indicating if the query was successful - databases: List of databases, each containing: - name: Database name - description: Database description - message: Error message if unsuccessful """ logger.info("Fetching datalake databases") try: # Execute the query using shared client result = await _execute_query(LIST_DATABASES_QUERY, {}) # Get query data databases = result.get("dataLakeDatabases", []) if not databases: logger.warning("No databases found") return {"success": False, "message": "No databases found"} logger.info(f"Successfully retrieved {len(databases)} results") # Format the response return { "success": True, "status": "succeeded", "databases": databases, "stats": { "database_count": len(databases), }, } except Exception as e: logger.error(f"Failed to fetch database results: {str(e)}") return { "success": False, "message": f"Failed to fetch database results: {str(e)}", } - GraphQL query definition used by list_databases tool to retrieve the list of available data lake databases.
LIST_DATABASES_QUERY = gql(""" query ListDatabases { dataLakeDatabases { name description } } """)