post_alert_finding

Post an investigation finding to an alert. Findings are the agent’s analysis output — conclusions, confidence scores, and recommended actions.

Parameters

Parameter	Type	Required	Description
`alert_uuid`	string	Yes	UUID of the alert
`summary`	string	Yes	Brief summary of the finding
`confidence`	float	No	Confidence score (0.0 to 1.0)
`recommended_actions`	string[]	No	List of recommended response actions
`details`	object	No	Additional structured details

Example

{
  "alert_uuid": "9f2a-b3c1-...",
  "summary": "Confirmed malicious login from Tor exit node. IP 185.220.101.47 has 14/90 VT detections and 97% AbuseIPDB confidence.",
  "confidence": 0.95,
  "recommended_actions": [
    "Revoke all active sessions for jsmith@company.com",
    "Force password reset",
    "Review recent file access and data exfiltration indicators"
  ],
  "details": {
    "source_ip_analysis": "Known Tor exit node, active in abuse databases",
    "user_risk": "No recent travel, MFA was bypassed via session token"
  }
}

Return Value

{
  "uuid": "finding-xyz789-...",
  "alert_uuid": "9f2a-b3c1-...",
  "created_at": "2025-01-15T10:45:00Z"
}

Required Scope

alerts:write

MCP Reference

​post_alert_finding

​Parameters

​Example

​Return Value

​Required Scope

post_alert_finding

Parameters

Example

Return Value

Required Scope