Skip to main content
Glama
solomonneas

rapid7-mcp

by solomonneas

list_threat_indicators

List IPs, domains, and hashes from the InsightIDR threat library. Filter by type, source, threat name, or search value.

Instructions

List IOCs (IPs, domains, hashes) in the InsightIDR threat library

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
sizeNoNumber of results to return (1-100)
typeNoFilter by indicator type
indexNoPagination index
searchNoSearch across indicator values and descriptions
sourceNoFilter by indicator source (e.g., 'rapid7', 'custom', 'misp')
threat_nameNoFilter by associated threat name or campaign
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden for behavioral disclosure. It only states 'List IOCs,' implying a read operation, but does not explain pagination behavior, rate limits, or whether the response includes metadata like total count. Minimal disclosure.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness3/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single sentence, which is concise but lacks sufficient detail. It is not wasteful, but it misses opportunities to add value, such as explaining output format or pagination. Merely adequate.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given no output schema, the description should explain the return format (e.g., list of objects with fields like value, type, source). It does not mention pagination behavior even though the schema includes index and size parameters. The description is incomplete for a paginated list tool.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with descriptions for all 6 parameters. The description adds no additional meaning beyond the schema; it only mentions 'IPs, domains, hashes' which is a subset of the available types. Baseline 3 is appropriate as the schema already documents parameters.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states it lists IOCs (IPs, domains, hashes) in the InsightIDR threat library, specifying the resource and action. However, it does not differentiate from siblings like search_threat_activity or add_threat_indicator, missing a chance to clarify scope.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. No mention of prerequisites, use cases, or situations where another tool would be better, leaving the agent without decision context.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/solomonneas/rapid7-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server