You're viewing a demo portfolio

Join the waitlist
PRSM

observability_log_pattern_miner

Active

Tool of gapup-mcp

declared in 0.2.0

As a CTO, extract anomalous log patterns from public breach reports (e.g., Verizon DBIR) and MITRE ATT&CK techniques to optimize SIEM rules and observability pipelines. Inputs include threat actor groups, MITRE tactics (e.g., 'TA0005'), or log sources (e.g., 'AWS CloudTrail'). Outputs structured patterns with MITRE mappings, prevalence scores, and detection recommendations. Ideal for reducing false positives and improving breach detection coverage. Pass async:true to avoid timeout.

Parameters schema

{
  "type": "object",
  "required": [
    "tactic"
  ],
  "properties": {
    "async": {
      "type": "boolean",
      "description": "If true, returns a job_id immediately (<200ms) instead of waiting for the result. Poll the result with job_result(job_id). Use for slow tools to avoid client timeouts."
    },
    "tactic": {
      "type": "string",
      "description": "MITRE ATT&CK tactic ID (e.g., 'TA0005')"
    },
    "technique": {
      "type": "string",
      "description": "MITRE ATT&CK technique ID (e.g., 'T1059')"
    },
    "log_source": {
      "type": "string",
      "description": "Log source type (e.g., 'AWS CloudTrail', 'Windows Event Log')"
    },
    "max_results": {
      "type": "integer",
      "default": 10,
      "maximum": 50,
      "minimum": 1
    },
    "threat_actor": {
      "type": "string",
      "description": "Threat actor group name (e.g., 'APT29')"
    }
  }
}

What this tool wraps· 0 endpoints

min confidence0.700.50

No endpoints wrapped at confidence ≥ 0.50.

Parent server

gapup-mcp

https://github.com/getgapup/gapup-mcp-public

2/7 registries
View full server →
observability_log_pattern_miner — gapup-mcp — PRSM MCP