{"slug":"panther-labs/mcp-panther","name":"Panther","description":"Interact with the Panther security platform to write detections, query logs with natural language, and manage alerts.","category":"development","tags":[],"official":false,"stars":44,"transport":"stdio","install":[{"cmd":"uvx mcp-panther\"","imports":[]}],"tools":[{"name":"add_alert_comment","description":"Add a comment to a Panther alert"},{"name":"start_ai_alert_triage","description":"Start an AI-powered triage analysis for a Panther alert with intelligent insights and recommendations"},{"name":"get_ai_alert_triage_summary","description":"Retrieve the latest AI triage summary previously generated for a specific alert"},{"name":"get_alert","description":"Get detailed information about a specific alert"},{"name":"get_alert_events","description":"Get a small sampling of events for a given alert"},{"name":"list_alerts","description":"List alerts with comprehensive filtering options (date range, severity, status, etc.)"},{"name":"bulk_update_alerts","description":"Bulk update multiple alerts with status, assignee, and/or comment changes"},{"name":"update_alert_assignee","description":"Update the assignee of one or more alerts"},{"name":"update_alert_status","description":"Update the status of one or more alerts"},{"name":"list_alert_comments","description":"List all comments for a specific alert"},{"name":"query_data_lake","description":"Execute SQL queries against Panther's data lake with synchronous results"},{"name":"get_table_schema","description":"Get schema information for a specific table"},{"name":"list_databases","description":"List all available data lake databases in Panther"},{"name":"list_database_tables","description":"List all available tables for a specific database in Panther's data lake"},{"name":"get_alert_event_stats","description":"Analyze patterns and relationships across multiple alerts by aggregating their event data into time-based statistics"},{"name":"list_scheduled_queries","description":"List all scheduled queries with pagination support"},{"name":"get_scheduled_query","description":"Get detailed information about a specific scheduled query by ID"},{"name":"list_log_sources","description":"List log sources with optional filters (health status, log types, integration type)"},{"name":"get_http_log_source","description":"Get detailed information about a specific HTTP log source by ID"},{"name":"list_detections","description":"List detections from Panther with comprehensive filtering support. Supports multiple detection types and filtering by name, state, severity, tags, log types, resource types, output IDs (destinations), and more. Returns outputIDs for each detection showing configured alert destinations"},{"name":"get_detection","description":"Get detailed information about a specific detection including the detection body and tests. Accepts a list with one detection type: [\"rules\"], [\"scheduled_rules\"], [\"simple_rules\"], or [\"policies\"]"},{"name":"disable_detection","description":"Disable a detection by setting enabled to false. Supports rules, scheduled_rules, simple_rules, and policies"},{"name":"list_global_helpers","description":"List global helper functions with comprehensive filtering options (name search, creator, modifier)"},{"name":"get_global_helper","description":"Get detailed information and complete Python code for a specific global helper"},{"name":"list_data_models","description":"List data models that control UDM mappings in rules"},{"name":"get_data_model","description":"Get detailed information about a specific data model"},{"name":"list_log_type_schemas","description":"List available log type schemas with optional filters"},{"name":"get_log_type_schema_details","description":"Get detailed information for specific log type schemas"},{"name":"get_rule_alert_metrics","description":"Get metrics about alerts grouped by rule"},{"name":"get_severity_alert_metrics","description":"Get metrics about alerts grouped by severity"},{"name":"get_bytes_processed_metrics","description":"Get data ingestion metrics by log type and source"},{"name":"list_users","description":"List all Panther user accounts with pagination support"},{"name":"get_user","description":"Get detailed information about a specific user"},{"name":"get_permissions","description":"Get the current user's permissions"},{"name":"list_roles","description":"List all roles with filtering options (name search, role IDs, sort direction)"},{"name":"get_role","description":"Get detailed information about a specific role including permissions"}],"env_vars":["PANTHER_INSTANCE_URL","PANTHER_API_TOKEN"],"auth_type":"none","github":"https://github.com/panther-labs/mcp-panther","homepage":"","server_url":"","status":"active","source":"mcpservers.org","updated_at":"Thu May 28"}