observability_log_pattern_miner
ActiveTool of gapup-mcp
As a CTO, extract anomalous log patterns from public breach reports (e.g., Verizon DBIR) and MITRE ATT&CK techniques to optimize SIEM rules and observability pipelines. Inputs include threat actor groups, MITRE tactics (e.g., 'TA0005'), or log sources (e.g., 'AWS CloudTrail'). Outputs structured patterns with MITRE mappings, prevalence scores, and detection recommendations. Ideal for reducing false positives and improving breach detection coverage. Pass async:true to avoid timeout.
Parameters schema
{
"type": "object",
"required": [
"tactic"
],
"properties": {
"async": {
"type": "boolean",
"description": "If true, returns a job_id immediately (<200ms) instead of waiting for the result. Poll the result with job_result(job_id). Use for slow tools to avoid client timeouts."
},
"tactic": {
"type": "string",
"description": "MITRE ATT&CK tactic ID (e.g., 'TA0005')"
},
"technique": {
"type": "string",
"description": "MITRE ATT&CK technique ID (e.g., 'T1059')"
},
"log_source": {
"type": "string",
"description": "Log source type (e.g., 'AWS CloudTrail', 'Windows Event Log')"
},
"max_results": {
"type": "integer",
"default": 10,
"maximum": 50,
"minimum": 1
},
"threat_actor": {
"type": "string",
"description": "Threat actor group name (e.g., 'APT29')"
}
}
}No endpoints wrapped at confidence ≥ 0.70.
Parent server
gapup-mcp
https://github.com/getgapup/gapup-mcp-public
2/7 registries