> ## Documentation Index
> Fetch the complete documentation index at: https://docs.calseta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# post_alert_finding

> MCP tool to post an analysis finding for an alert.

## post\_alert\_finding

Post an investigation finding to an alert. Findings are the agent's analysis output — conclusions, confidence scores, and recommended actions.

### Parameters

| Parameter             | Type      | Required | Description                          |
| --------------------- | --------- | -------- | ------------------------------------ |
| `alert_uuid`          | string    | Yes      | UUID of the alert                    |
| `summary`             | string    | Yes      | Brief summary of the finding         |
| `confidence`          | float     | No       | Confidence score (0.0 to 1.0)        |
| `recommended_actions` | string\[] | No       | List of recommended response actions |
| `details`             | object    | No       | Additional structured details        |

### Example

```json theme={null}
{
  "alert_uuid": "9f2a-b3c1-...",
  "summary": "Confirmed malicious login from Tor exit node. IP 185.220.101.47 has 14/90 VT detections and 97% AbuseIPDB confidence.",
  "confidence": 0.95,
  "recommended_actions": [
    "Revoke all active sessions for jsmith@company.com",
    "Force password reset",
    "Review recent file access and data exfiltration indicators"
  ],
  "details": {
    "source_ip_analysis": "Known Tor exit node, active in abuse databases",
    "user_risk": "No recent travel, MFA was bypassed via session token"
  }
}
```

### Return Value

```json theme={null}
{
  "uuid": "finding-xyz789-...",
  "alert_uuid": "9f2a-b3c1-...",
  "created_at": "2025-01-15T10:45:00Z"
}
```

### Required Scope

`alerts:write`
