cortex_list_responder_definitions
Lists all installed responder definitions with filters for data type, free-only responders, and search by name or description.
Instructions
List all available responder definitions (installed but not necessarily enabled). Filter by data type or find responders that require no API keys.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| dataType | No | Filter by supported data type (case, case_task, case_artifact, alert, etc.) | |
| freeOnly | No | If true, only return responders that require no configuration/API keys | |
| search | No | Search responder names and descriptions (case-insensitive) | |
| limit | No | Maximum results to return (default: 50) |
Implementation Reference
- The async handler function for cortex_list_responder_definitions. It calls client.listResponderDefinitions(), filters by dataType, freeOnly, and search, limits results, and returns formatted JSON with responder definition details.
async ({ dataType, freeOnly, search, limit }) => { try { let defs = await client.listResponderDefinitions(); if (dataType) { defs = defs.filter((d) => d.dataTypeList.includes(dataType)); } if (freeOnly) { defs = defs.filter( (d) => !d.configurationItems.some((c) => c.required), ); } if (search) { const q = search.toLowerCase(); defs = defs.filter( (d) => d.name.toLowerCase().includes(q) || d.description.toLowerCase().includes(q), ); } const total = defs.length; defs = defs.slice(0, limit); const summary = defs.map((d) => ({ id: d.id, name: d.name, version: d.version, description: d.description, dataTypes: d.dataTypeList, author: d.author, requiresConfig: d.configurationItems.some((c) => c.required), configFields: d.configurationItems.map((c) => ({ name: c.name, required: c.required, type: c.type, description: c.description, })), dockerImage: d.dockerImage, })); return { content: [ { type: "text" as const, text: JSON.stringify( { total, returned: summary.length, definitions: summary, }, null, 2, ), }, ], }; } catch (error) { return { content: [ { type: "text" as const, text: `Error listing responder definitions: ${error instanceof Error ? error.message : String(error)}`, }, ], isError: true, }; } }, - Zod schema for input parameters: optional dataType string, freeOnly boolean, search string, and limit (1-500, default 50).
{ dataType: z .string() .optional() .describe("Filter by supported data type (case, case_task, case_artifact, alert, etc.)"), freeOnly: z .boolean() .optional() .describe("If true, only return responders that require no configuration/API keys"), search: z .string() .optional() .describe("Search responder names and descriptions (case-insensitive)"), limit: z .number() .int() .min(1) .max(500) .default(50) .describe("Maximum results to return (default: 50)"), }, - src/tools/responder-definitions.ts:5-9 (registration)Registration function registerResponderDefinitionTools which registers the tool using server.tool() with the name 'cortex_list_responder_definitions'.
export function registerResponderDefinitionTools( server: McpServer, client: CortexClient, ): void { server.tool( - src/index.ts:9-41 (registration)Import and call site where registerResponderDefinitionTools is imported from responder-definitions.ts and invoked in main().
import { registerResponderDefinitionTools } from "./tools/responder-definitions.js"; import { registerBulkTools } from "./tools/bulk.js"; import { registerStatusTools } from "./tools/status.js"; import { registerOrganizationTools } from "./tools/organizations.js"; import { registerUserTools } from "./tools/users.js"; import { registerResources } from "./resources.js"; import { registerPrompts } from "./prompts.js"; async function main(): Promise<void> { const config = getConfig(); if (!config.verifySsl) { process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; } const server = new McpServer({ name: "cortex-mcp", version: "1.2.0", description: "MCP server for Cortex - observable analysis and active response engine by StrangeBee/TheHive Project", }); const client = new CortexClient(config); // Core analysis tools registerAnalyzerTools(server, client); registerJobTools(server, client); registerResponderTools(server, client); registerBulkTools(server, client); // Administration tools registerAnalyzerDefinitionTools(server, client); registerResponderDefinitionTools(server, client); - src/client.ts:255-257 (helper)The CortexClient.listResponderDefinitions() method that makes the actual HTTP GET request to the /responderdefinition API endpoint.
async listResponderDefinitions(): Promise<ResponderDefinition[]> { return this.request<ResponderDefinition[]>("/responderdefinition", {}, true); }