RAD Security
OfficialServer Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| TRANSPORT_TYPE | No | Transport type for Docker container deployment (streamable or sse) | streamable |
| EXCLUDE_TOOLKITS | No | Comma-separated list of toolkits to exclude (all except these will be enabled). Note: If INCLUDE_TOOLKITS is set, EXCLUDE_TOOLKITS is ignored | |
| INCLUDE_TOOLKITS | No | Comma-separated list of toolkits to include (only these will be enabled). Available toolkits: containers, clusters, identities, audit, cloud_inventory, images, kubeobject, misconfigs, runtime, runtime_network, threats, findings, cves, inbox, workflows | |
| RAD_SECURITY_ACCOUNT_ID | No | Your RAD Security account ID | |
| RAD_SECURITY_SECRET_KEY | No | Your RAD Security secret key | |
| RAD_SECURITY_ACCESS_KEY_ID | No | Your RAD Security access key ID |
Capabilities
Server capabilities have not been inspected yet.
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| list_containersB | List containers secured by RAD Security with optional filtering by image name, image digest, namespace, cluster_id, or free text search |
| get_container_detailsB | Get detailed information about a container secured by RAD Security |
| list_clustersB | List Kubernetes clusters managed by RAD Security |
| get_cluster_detailsC | Get detailed information about a specific Kubernetes cluster managed by RAD Security |
| list_identitiesB | Get list of identities for a specific Kubernetes cluster |
| get_identity_detailsC | Get detailed information about a specific identity in a Kubernetes cluster |
| who_shelled_into_podC | Get k8s audit logs with information about users who shelled into a pod |
| list_cloud_resourcesC | List cloud resources for a specific provider with optional filtering |
| get_cloud_resource_detailsC | Get detailed information about a specific cloud resource |
| get_cloud_resource_facetsC | Get available facets for filtering cloud resources from a provider |
| get_cloud_resource_facet_valueC | Get values for a specific facet from a cloud provider |
| list_compliance_frameworksB | List all compliance frameworks available for cloud resources (e.g., CIS, SOC2, PCI-DSS) |
| list_framework_requirementsC | List all requirements for a specific compliance framework |
| list_requirement_controlsB | List controls associated with a specific requirement within a compliance framework |
| list_compliance_controlsC | List all compliance control summaries for the account |
| get_compliance_controlC | Get detailed information about a specific compliance control |
| list_control_resourcesC | List cloud resources associated with a specific compliance control |
| list_imagesC | List container images with optional filtering by page, page size, sort, and search query |
| list_image_vulnerabilitiesB | List vulnerabilities in a container image with optional filtering by severity |
| get_top_vulnerable_imagesC | Get the most vulnerable images from your account |
| get_image_sbomB | Get the SBOM of a container image |
| get_k8s_resource_detailsB | Get the latest manifest of a Kubernetes resource |
| list_k8s_resourcesC | List Kubernetes resources with optional filtering by namespace, resource types, and cluster |
| list_k8s_resource_misconfigsB | Get manifest misconfigurations for a Kubernetes resource |
| get_k8s_resource_misconfigC | Get detailed information about a specific Kubernetes resource misconfiguration |
| list_k8s_resource_misconfig_policiesB | List available misconfiguration policies used by RAD Security to detect Kubernetes resource misconfigurations |
| get_containers_process_treesC | Get process trees for multiple containers |
| get_containers_baselinesC | Get runtime baselines for multiple containers |
| get_container_llm_analysisC | Get LLM analysis of a container's process tree |
| list_http_requestsC | List HTTP requests insights with optional filtering by method, path, source and destination workloads, and PII detection |
| list_network_connectionsC | List network connections with optional filtering |
| list_network_connection_srcsC | List network connection sources with optional filtering by source and destination workloads |
| list_threat_vectorsD | List threat vectors |
| list_security_findingsC | List security findings with optional filtering by types, severities, sources, and status |
| update_security_finding_statusC | Update the status of a security finding |
| list_cve_vendorsB | Get a list of all vendors in the CVE database. Source: cve-search.org |
| list_cve_productsC | Get a list of all products associated with a vendor in the CVE database. Source: cve-search.org |
| search_cvesC | Search CVEs by vendor and optionally product. Source: cve-search.org |
| get_cveB | Get details for a specific CVE ID. Source: cve-search.org |
| get_latest_30_cvesA | Get the latest/newest 30 CVEs including CAPEC, CWE and CPE expansions. Source: cve-search.org |
| mark_inbox_item_as_false_positiveC | Mark an inbox item as a false positive with a reason |
| list_inbox_itemsB | List inbox items with optional filtering by any field. Multiple filters can be combined eg. 'search:cve-2024-12345 and severity:high' |
| get_inbox_item_detailsB | Get detailed information about a specific inbox item |
| list_workflowsB | List all workflows |
| get_workflowC | Get detailed information about a specific workflow by ID. It contains the workflow definition, default arguments, and schema how to run the workflow |
| list_workflow_runsC | List workflow runs with optional filtering by workflow ID |
| get_workflow_runB | Get detailed information about a specific workflow run |
| run_workflowC | Run a workflow with optional argument overrides |
| list_workflow_schedulesC | List workflow schedules with optional filtering by workflow ID |
| search_knowledge_baseC | Search your organization's knowledge base to find relevant uploaded documents, procedures, reports, and other content using natural language queries |
| list_knowledge_base_collectionsC | List all collections in your organization's knowledge base. Collections are used to organize and categorize documents |
| list_knowledge_base_documentsC | List documents in your organization's knowledge base with optional filtering by collections, file type, or status |
| query_knowledge_base_documentA | Query a CSV document from the knowledge base using natural language. IMPORTANT: This tool ONLY works with CSV documents. Use list_knowledge_base_documents with filters='file_type:csv' to find CSV document IDs (search_knowledge_base results also contain document IDs). Results are returned as a markdown table |
| radql_list_data_typesA | List all available RadQL data types (discovery). ALWAYS call this FIRST before using other RadQL tools to discover what data is available to query. Returns data types like 'containers', 'kubernetes_resources', 'inbox_items', 'vulnerabilities', etc. with descriptions. |
| radql_get_type_metadataA | Get schema/metadata for a specific RadQL data type. Shows available fields, data types, which fields can be filtered/searched, and provides query examples. Call this AFTER radql_list_data_types to understand how to query a specific data type. |
| radql_list_filter_valuesA | List possible values for a filter field (e.g., namespace list, cluster list, severity values). Useful for building dynamic filters when you need to know available enum-like values. Call this when constructing filters that need specific values. |
| radql_queryA | Execute RadQL queries for security investigations. Supports: list (filter/search), get_by_id (single item), stats (aggregations). WORKFLOW: radql_list_data_types -> radql_get_type_metadata -> radql_query COMMON FIELDS BY DATA TYPE: containers: name, image_name, image_repo, owner_kind, cluster_id, created_at Example: image_name:nginx AND owner_kind:Pod finding_groups: type, source_kind, source_name, rule_title, severity, event_timestamp Types: k8s_misconfiguration, k8s_audit_logs_anomaly, threat_vector Example: type:k8s_misconfiguration AND severity:critical inbox_items: severity (High|Medium|Low), type, title, archived, false_positive, created_at Example: severity:High AND archived:false kubernetes_resources: kind, name, namespace, cluster_id, owner_kind, created_at Example: kind:Deployment AND namespace:production CRITICAL QUOTING RULES: MUST quote when value contains:
OK to leave unquoted:
For complete schema: call radql_get_type_metadata with target data_type |
| radql_query_builderB | Helper tool to build RadQL queries programmatically from structured conditions. Useful when you need to construct complex filter or stats queries from structured inputs. |
| radql_batch_queryA | Execute multiple RadQL queries in parallel for efficiency. Useful for fetching related data from different data types simultaneously (e.g., container details + vulnerabilities + network connections). |
| list_widget_templatesC | List widget templates with optional filtering by visualization type and category |
| get_widget_templateC | Get detailed information about a specific widget template |
| list_dashboard_templatesB | List dashboard templates with optional filtering by category |
| get_dashboard_templateB | Get detailed information about a specific dashboard template |
| list_dashboardsB | List dashboards for the account |
| get_dashboardB | Get detailed information about a specific dashboard |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/rad-security/mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server