Panther

Tools · 36

• add_alert_comment Add a comment to a Panther alert
• start_ai_alert_triage Start an AI-powered triage analysis for a Panther alert with intelligent insights and recommendations
• get_ai_alert_triage_summary Retrieve the latest AI triage summary previously generated for a specific alert
• get_alert Get detailed information about a specific alert
• get_alert_events Get a small sampling of events for a given alert
• list_alerts List alerts with comprehensive filtering options (date range, severity, status, etc.)
• bulk_update_alerts Bulk update multiple alerts with status, assignee, and/or comment changes
• update_alert_assignee Update the assignee of one or more alerts
• update_alert_status Update the status of one or more alerts
• list_alert_comments List all comments for a specific alert
• query_data_lake Execute SQL queries against Panther's data lake with synchronous results
• get_table_schema Get schema information for a specific table
• list_databases List all available data lake databases in Panther
• list_database_tables List all available tables for a specific database in Panther's data lake
• get_alert_event_stats Analyze patterns and relationships across multiple alerts by aggregating their event data into time-based statistics
• list_scheduled_queries List all scheduled queries with pagination support
• get_scheduled_query Get detailed information about a specific scheduled query by ID
• list_log_sources List log sources with optional filters (health status, log types, integration type)
• get_http_log_source Get detailed information about a specific HTTP log source by ID
• list_detections List detections from Panther with comprehensive filtering support. Supports multiple detection types and filtering by name, state, severity, tags, log types, resource types, output IDs (destinations), and more. Returns outputIDs for each detection showing configured alert destinations
• get_detection Get detailed information about a specific detection including the detection body and tests. Accepts a list with one detection type: ["rules"], ["scheduled_rules"], ["simple_rules"], or ["policies"]
• disable_detection Disable a detection by setting enabled to false. Supports rules, scheduled_rules, simple_rules, and policies
• list_global_helpers List global helper functions with comprehensive filtering options (name search, creator, modifier)
• get_global_helper Get detailed information and complete Python code for a specific global helper
• list_data_models List data models that control UDM mappings in rules
• get_data_model Get detailed information about a specific data model
• list_log_type_schemas List available log type schemas with optional filters
• get_log_type_schema_details Get detailed information for specific log type schemas
• get_rule_alert_metrics Get metrics about alerts grouped by rule
• get_severity_alert_metrics Get metrics about alerts grouped by severity
• get_bytes_processed_metrics Get data ingestion metrics by log type and source
• list_users List all Panther user accounts with pagination support
• get_user Get detailed information about a specific user
• get_permissions Get the current user's permissions
• list_roles List all roles with filtering options (name search, role IDs, sort direction)
• get_role Get detailed information about a specific role including permissions