{ "tools": [ { "name": "iam_account_info", "description": "Retrieve the authenticated user's account information and available Red Sift product instances. Returns a JSON object containing: 'email' (user's email address), 'instances' (available product instances by product name, where each instance includes 'id', 'name', and 'description' fields), and 'default_instances' (currently selected default instance for each product). Use this tool first to discover which Red Sift products and instances are available before making product-specific API calls. Products include: Brand Trust, Certificates, OnDMARC.", "inputSchema": { "type": "object", "properties": {} } }, { "name": "iam_invite_user", "description": "Invite a new user to a Red Sift product instance by email address. Creates an invitation that grants the specified user access to the product instance. Returns invitation details including invitationId, invitationCode, and status. By default, an invitation email is automatically sent to the recipient - set skip_email=True to generate the invitation without sending email (useful for programmatic access or custom invitation workflows). Valid products: 'ondmarc', 'brandtrust', 'certificates', 'pulse'. Valid roles: 'owner', 'superadmin', 'superreader'. If roles are not specified, defaults to 'superreader' role. Use 'iam_account_info' first to discover available products and instance IDs. Use 'iam_list_sift_users' to check existing access before inviting. The invitation is created immediately and can be used to access the instance once accepted.", "inputSchema": { "type": "object", "properties": { "product": { "type": "string", "description": "Product name. Valid values: 'ondmarc', 'brandtrust', 'certificates', 'pulse'" }, "instance": { "type": "string", "description": "Instance ID to invite the user to" }, "email": { "type": "string", "description": "Email address of the user to invite" }, "roles": { "type": "array", "description": "List of roles to assign. Valid roles: 'owner', 'superadmin', 'superreader'" }, "skip_email": { "type": "boolean", "description": "If true, creates the invitation without sending an email notification" } }, "required": [ "product", "instance", "email" ] } }, { "name": "iam_update_instance_metadata", "description": "Updates the name and description metadata for a Red Sift product instance. This allows you to set friendly names and descriptions for your instances to help organize and identify them. Call 'iam_account_info' first to discover available products and instance IDs. Valid products: 'ondmarc', 'brandtrust', 'certificates', 'pulse'. Both name and description are optional - provide only the fields you want to update.", "inputSchema": { "type": "object", "properties": { "product": { "type": "string", "description": "Product name. Valid values: 'ondmarc', 'brandtrust', 'certificates', 'pulse'" }, "instance": { "type": "string", "description": "Instance ID to update" }, "name": { "type": "string", "description": "New friendly name for the instance" }, "description": { "type": "string", "description": "New description for the instance" } }, "required": [ "product", "instance" ] } }, { "name": "ondmarc_list_sources", "description": "Lists all sources (IP addresses, domains, and mail servers) sending email on behalf of the specified domain, based on DMARC aggregate reports from the last 7 days. Use optional start and end parameters (format: YYYY/MM/DD) to analyze a different time period. Useful for identifying authorized and unauthorized email sources.", "inputSchema": { "type": "object", "properties": { "domain": { "type": "string", "description": "Domain to list sources for" }, "start": { "type": "string", "description": "Start date in YYYY/MM/DD format (default: 7 days ago)" }, "end": { "type": "string", "description": "End date in YYYY/MM/DD format (default: today)" }, "instance_id": { "type": "string", "description": "Optional OnDMARC instance ID" } }, "required": [ "domain" ] } }, { "name": "ondmarc_compliance_report", "description": "Retrieves aggregated DMARC validation reports for the specified domain covering the last 7 days. Shows pass/fail rates for SPF and DKIM authentication, message volumes, sending sources, geographic distribution, and reasons for any authentication overrides. Use optional start and end parameters (format: YYYY/MM/DD) to analyze a different time period.", "inputSchema": { "type": "object", "properties": { "domain": { "type": "string", "description": "Domain to get compliance report for" }, "start": { "type": "string", "description": "Start date in YYYY/MM/DD format (default: 7 days ago)" }, "end": { "type": "string", "description": "End date in YYYY/MM/DD format (default: today)" }, "instance_id": { "type": "string", "description": "Optional OnDMARC instance ID" } }, "required": [ "domain" ] } }, { "name": "ondmarc_dns_guardian_get_issues", "description": "Retrieves DNS security issues detected by DNS Guardian monitoring. Returns details about dangling DNS records, nameserver problems, SPF subdomain takeover risks, and other DNS vulnerabilities across your monitored domains. Use this to identify and remediate DNS-based security risks.", "inputSchema": { "type": "object", "properties": { "instance_id": { "type": "string", "description": "Optional OnDMARC instance ID" } } } }, { "name": "ondmarc_list_domains", "description": "Retrieves all domains managed by the OnDMARC account. Returns comprehensive domain information including domain names, DMARC policy configuration (policy status, validation issues, warnings), associated tags, notes, and Dynamic SPF activation status (hasDynamicSpf). Use this to get an overview of all monitored domains, check their DMARC compliance status, identify domains with configuration issues, or manage domain organization through tags.", "inputSchema": { "type": "object", "properties": { "instance_id": { "type": "string", "description": "Optional OnDMARC instance ID" } } } }, { "name": "ondmarc_add_domain", "description": "Adds a new domain to the OnDMARC instance for monitoring and DMARC compliance tracking. Optionally auto-identify and classify sources that are recognized in the domain's existing SPF record.", "inputSchema": { "type": "object", "properties": { "domain": { "type": "string", "description": "Domain to add for monitoring" }, "auto_identify_sources": { "type": "boolean", "description": "Whether to auto-identify sources from existing SPF record (default: false)" }, "instance_id": { "type": "string", "description": "Optional OnDMARC instance ID" } }, "required": [ "domain" ] } }, { "name": "ondmarc_get_tags", "description": "Retrieves a list of all tags created for this OnDMARC account. Returns tag objects with their IDs, titles, descriptions, and colors.", "inputSchema": { "type": "object", "properties": { "instance_id": { "type": "string", "description": "Optional OnDMARC instance ID" } } } }, { "name": "ondmarc_add_domain_tags", "description": "Adds tags to a domain in the OnDMARC instance. Tags help organize and categorize domains for better management and filtering. Provide tag titles as a list of strings.", "inputSchema": { "type": "object", "properties": { "domain": { "type": "string", "description": "Domain to add tags to" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "List of tag titles to add" }, "instance_id": { "type": "string", "description": "Optional OnDMARC instance ID" } }, "required": [ "domain", "tags" ] } }, { "name": "ondmarc_remove_domain_tags", "description": "Removes tags from a domain in the OnDMARC instance. Provide tag titles as a list of strings. The tool will automatically look up the corresponding tag IDs.", "inputSchema": { "type": "object", "properties": { "domain": { "type": "string", "description": "Domain to remove tags from" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "List of tag titles to remove" }, "instance_id": { "type": "string", "description": "Optional OnDMARC instance ID" } }, "required": [ "domain", "tags" ] } }, { "name": "ondmarc_activate_dynamic_services", "description": "Activates OnDMARC's Dynamic Services (Dynamic SPF) for the specified domain. Dynamic Services helps you stay within SPF lookup limits by consolidating multiple SPF includes into a single dynamic record that OnDMARC manages. This simplifies SPF record management and prevents SPF validation failures due to exceeding the 10 DNS lookup limit.", "inputSchema": { "type": "object", "properties": { "domain": { "type": "string", "description": "Domain to activate Dynamic Services for" }, "instance_id": { "type": "string", "description": "Optional OnDMARC instance ID" } }, "required": [ "domain" ] } }, { "name": "ondmarc_update_dynamic_dmarc", "description": "Updates the Dynamic Services DMARC record settings for the specified domain. Only the DMARC tags provided in dmarc_settings are changed; others keep their original values. The domain must have Dynamic Services activated. Valid DMARC tags: rua (aggregate report address), ruf (forensic report address), p (policy: none/quarantine/reject), pct (percentage: 0-100), adkim (DKIM alignment: r/s), aspf (SPF alignment: r/s), fo (failure reporting options: 0/1/d/s), rf (report format: afrf), ri (report interval in seconds), sp (subdomain policy: none/quarantine/reject).", "inputSchema": { "type": "object", "properties": { "domain": { "type": "string", "description": "Domain to update DMARC settings for" }, "dmarc_settings": { "type": "object", "additionalProperties": { "type": "string" }, "description": "DMARC tag key-value pairs to update. Valid keys: rua, ruf, p, pct, adkim, aspf, fo, rf, ri, sp" }, "instance_id": { "type": "string", "description": "Optional OnDMARC instance ID" } }, "required": [ "domain", "dmarc_settings" ] } }, { "name": "certificates_list", "description": "Lists certificates in your account with flexible filtering. Use filter='expiring' (default) to see certificates sorted by expiration date (soonest first) for renewal planning and monitoring upcoming expirations. Use filter='all' for complete certificate inventory audits regardless of expiration status. Limited to 25 by default; increase the limit parameter to retrieve more certificates.", "inputSchema": { "type": "object", "properties": { "filter": { "type": "string", "enum": [ "expiring", "all" ], "description": "Filter type: 'expiring' (default) or 'all'" }, "limit": { "type": "number", "description": "Maximum number of certificates to return (default: 25)" }, "instance_id": { "type": "string", "description": "Optional Certificates instance ID" } } } }, { "name": "certificates_list_hosts", "description": "Lists all hosts (domains and subdomains) currently monitored for certificate discovery and tracking. These are the base domains from which certificate discovery originates.", "inputSchema": { "type": "object", "properties": { "instance_id": { "type": "string", "description": "Optional Certificates instance ID" } } } }, { "name": "certificates_add_hosts", "description": "Adds new hosts (domains or subdomains) to monitor for SSL/TLS certificates. The system will automatically discover and track certificates associated with these hosts. Hosts must be valid domain names. Pass multiple hosts as a list to add them in a single operation.", "inputSchema": { "type": "object", "properties": { "hosts": { "type": "array", "items": { "type": "string" }, "description": "List of hosts (domains/subdomains) to add for monitoring" }, "instance_id": { "type": "string", "description": "Optional Certificates instance ID" } }, "required": [ "hosts" ] } }, { "name": "certificates_exclude_hosts", "description": "Prevents specific hosts from being automatically added during certificate discovery. Exclusions only affect newly discovered hosts; existing monitored hosts are not removed. Useful for filtering out third-party or irrelevant subdomains. Pass multiple hosts as a list to exclude them in a single operation.", "inputSchema": { "type": "object", "properties": { "hosts": { "type": "array", "items": { "type": "string" }, "description": "List of hosts to exclude from discovery" }, "instance_id": { "type": "string", "description": "Optional Certificates instance ID" } }, "required": [ "hosts" ] } }, { "name": "certificates_list_discoveries", "description": "Lists certificates automatically discovered through the certificate discovery process, including certificates found on related subdomains and associated infrastructure. Useful for understanding your certificate inventory beyond manually added hosts.", "inputSchema": { "type": "object", "properties": { "instance_id": { "type": "string", "description": "Optional Certificates instance ID" } } } }, { "name": "certificates_list_endpoints", "description": "Lists SSL/TLS endpoints (IP:port combinations) where certificates are deployed, limited to 25 by default. Increase the limit parameter to retrieve more endpoints. Shows where your certificates are actually being used.", "inputSchema": { "type": "object", "properties": { "limit": { "type": "number", "description": "Maximum number of endpoints to return (default: 25)" }, "instance_id": { "type": "string", "description": "Optional Certificates instance ID" } } } }, { "name": "certificates_stats", "description": "Retrieves comprehensive certificate statistics and analytics for your account. Returns detailed counts including: certificate status (active_or_non_expired, active), ownership (own, third_party), expiration status (active_expired, own_expired, third_party_expired), and time-based expiration categories based on days until expiration: 'critical' (days 30-34, next 4 days requiring immediate attention), 'overdue' (days 34-44, 14-day window for overdue renewals), 'due' (days 44-90, 60-day window for upcoming renewals). Also includes service-level breakdowns by protocol type (service_http, service_smtp, service_others), scanned_domains (total monitored domains/subdomains being scanned for discovery), and ca_count (number of distinct certificate authorities represented in your certificate inventory). Useful for certificate inventory overview, compliance reporting, and identifying certificates requiring immediate renewal action.", "inputSchema": { "type": "object", "properties": { "instance_id": { "type": "string", "description": "Optional Certificates instance ID" } } } }, { "name": "certificates_list_issues", "description": "Lists security and configuration issues detected across your monitored hosts by Hardenize. Each issue includes a title, severity, affected subject (domain or IP), root cause, and category. By default returns TLS and PKI category issues covering certificate problems (expiration, weak keys, chain issues, protocol misconfigurations). Use the categories parameter to include other categories such as DNS, Email, Web, or Network. Supports filtering by status, severity (info, low, medium, high, critical, urgent), group, and hostname. Limited to 25 results by default; increase the limit parameter to retrieve more. Use offset for pagination, starting at 0 by default. Results are sorted by severity (ascending) and then by status (ascending). Use certificates_get_issue with a specific issue_id from the results to retrieve full evidence and remediation details.", "inputSchema": { "type": "object", "properties": { "categories": { "type": "string", "description": "Comma-separated issue categories (default: 'TLS,PKI')" }, "status": { "type": "string", "description": "Filter by issue status" }, "severity": { "type": "string", "description": "Filter by severity (info, low, medium, high, critical, urgent)" }, "group": { "type": "string", "description": "Filter by issue group" }, "hostname": { "type": "string", "description": "Filter by hostname" }, "limit": { "type": "number", "description": "Maximum number of results (default: 25)" }, "offset": { "type": "number", "description": "Pagination offset (default: 0)" }, "instance_id": { "type": "string", "description": "Optional Certificates instance ID" } } } }, { "name": "certificates_get_issue", "description": "Retrieves full details for a specific Hardenize security issue by its issue_id (obtained from certificates_list_issues results). Returns comprehensive information including: the affected subject (domain/IP), root cause analysis (cause domain/IP), severity level, category, detailed remediation guidance, and supporting evidence. Use this to understand how to fix a specific issue such as an expiring certificate, weak TLS configuration, or chain problem.", "inputSchema": { "type": "object", "properties": { "issue_id": { "type": "string", "description": "The issue ID to retrieve details for" }, "instance_id": { "type": "string", "description": "Optional Certificates instance ID" } }, "required": [ "issue_id" ] } }, { "name": "certificates_list_identities", "description": "Lists Hardenize identities linked to the Certificates account. Supports pagination via limit and offset, and returns both identities and totalCount.", "inputSchema": { "type": "object", "properties": { "limit": { "type": "number", "description": "Maximum number of identities to return (default: 20)" }, "offset": { "type": "number", "description": "Pagination offset (default: 0)" }, "instance_id": { "type": "string", "description": "Optional Certificates instance ID" } } } }, { "name": "certificates_enable_identity", "description": "Enables a Hardenize identity linked to the Certificates account.", "inputSchema": { "type": "object", "properties": { "identity_id": { "type": "number", "description": "The identity ID to enable" }, "instance_id": { "type": "string", "description": "Optional Certificates instance ID" } }, "required": [ "identity_id" ] } }, { "name": "certificates_disable_identity", "description": "Disables a Hardenize identity linked to the Certificates account.", "inputSchema": { "type": "object", "properties": { "identity_id": { "type": "number", "description": "The identity ID to disable" }, "instance_id": { "type": "string", "description": "Optional Certificates instance ID" } }, "required": [ "identity_id" ] } }, { "name": "certificates_complete_onboarding_setup", "description": "Completes the initial onboarding setup for a Certificates account. Creates a Hardenize organization, configures host defaults, and sets the owner and notification email to the provided address. After successful completion, all other Certificates API endpoints become available, including bulk host creation.", "inputSchema": { "type": "object", "properties": { "email": { "type": "string", "description": "Owner and notification email address" }, "instance_id": { "type": "string", "description": "Optional Certificates instance ID" } }, "required": [ "email" ] } }, { "name": "certificates_link_hardenize_organization", "description": "Links a Certificates product instance with a Hardenize organization for bi-directional integration. This establishes a two-way connection: (1) Certificates can access Hardenize assessment data, and (2) Hardenize can display certificate details in its UI. Prerequisites: Hardenize organization must exist with the specified label.", "inputSchema": { "type": "object", "properties": { "hardenize_org_label": { "type": "string", "description": "The Hardenize organization label to link" }, "instance_id": { "type": "string", "description": "Certificates instance ID (required)" } }, "required": [ "hardenize_org_label", "instance_id" ] } }, { "name": "pulse_get_enabled_services", "description": "Retrieves comprehensive subscription settings and service configurations for the Pulse instance. Returns detailed information including Radar service features (main service, chat, and inbox enablement status), EventHub integrations availability, audit logs configuration, usage limits (maximum Radar users allowed), and subscription metadata (trial status, region, admin privileges). Use this to verify which Pulse services are enabled, check feature availability before performing operations, understand usage quotas, and troubleshoot service access issues.", "inputSchema": { "type": "object", "properties": { "instance_id": { "type": "string", "description": "Optional Pulse instance ID" } } } }, { "name": "pulse_list_integrations", "description": "Lists all EventHub integrations configured in the Pulse instance. Returns an array of integration objects, each containing the integration name, ID, type, services, and categories.", "inputSchema": { "type": "object", "properties": { "instance_id": { "type": "string", "description": "Optional Pulse instance ID" } } } }, { "name": "brandtrust_activity_summary", "description": "Get a summary report from your Brand Trust account. Returns information about image detection (logos, faces, and keywords), priority review items (high risk rating and highest similarity matches), potential assets, and lookalike domains. Use this for a quick overview of your brand protection status.", "inputSchema": { "type": "object", "properties": { "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } } } }, { "name": "brandtrust_list_domains", "description": "Lists all domains being monitored in your Brand Trust account. Returns both active domains (actively scanned for lookalikes) and inactive domains (registered but not monitored).", "inputSchema": { "type": "object", "properties": { "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } } } }, { "name": "brandtrust_add_domain", "description": "Adds a new domain to Brand Trust monitoring. By default, domains are added with 'inactive' status (registered but not scanned). Set status to 'active' to enable lookalike detection and monitoring for that domain. If the domain exists as a lookalike already, it won't be added automatically and an error will be returned — use the brandtrust_add_lookalike_as_domain tool in this case.", "inputSchema": { "type": "object", "properties": { "domain": { "type": "string", "description": "The domain name to add (e.g., example.com)" }, "status": { "type": "string", "enum": [ "inactive", "active" ], "description": "Monitoring status: 'inactive' (default, registered but not scanned) or 'active' (enable lookalike detection)" }, "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } }, "required": [ "domain" ] } }, { "name": "brandtrust_list_takedown", "description": "Lists all takedown requests tracked in your Brand Trust account. Shows the status and details of domains or content you have requested to be taken down for brand infringement.", "inputSchema": { "type": "object", "properties": { "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } } } }, { "name": "brandtrust_list_lookalikes", "description": "Retrieves lookalike domains detected by Brand Trust monitoring with their security assessment and metadata. Returns domains similar to your protected brands based on risk ratings. Filter by risk_level to prioritize investigation: 'high-risk' indicates a high threat level, 'low-risk' indicates a minimal threat, 'unclassified' for newly discovered domains awaiting analysis. Supports pagination for large result sets.", "inputSchema": { "type": "object", "properties": { "risk_level": { "type": "string", "enum": [ "unclassified", "low-risk", "high-risk" ], "description": "Risk level filter: 'unclassified' (default), 'low-risk', or 'high-risk'" }, "page": { "type": "number", "description": "Page number (default: 1)" }, "page_size": { "type": "number", "description": "Results per page (default: 10)" }, "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } } } }, { "name": "brandtrust_read_lookalike", "description": "Sets one or more lookalike domains as read or unread. Use this to track which lookalikes have been reviewed. The domains parameter should be a list of full domain names (e.g., ['suspicious-domain.com']). Setting status='read' indicates the domain has been reviewed, 'unread' resets it.", "inputSchema": { "type": "object", "properties": { "domains": { "type": "array", "items": { "type": "string" }, "description": "List of lookalike domain names to mark" }, "status": { "type": "string", "enum": [ "read", "unread" ], "description": "Read status: 'read' (default) or 'unread'" }, "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } }, "required": [ "domains" ] } }, { "name": "brandtrust_classify_lookalike", "description": "Classifies one or more lookalike domains by risk level. Moves domains between unclassified, low-risk, and high-risk categories. The current classification is auto-detected. Use this after reviewing a lookalike to indicate its threat level.", "inputSchema": { "type": "object", "properties": { "domains": { "type": "array", "items": { "type": "string" }, "description": "List of lookalike domain names to classify" }, "classify_as": { "type": "string", "enum": [ "unclassified", "low-risk", "high-risk" ], "description": "Target risk classification" }, "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } }, "required": [ "domains", "classify_as" ] } }, { "name": "brandtrust_get_lookalike_details", "description": "Retrieves detailed metadata for a specific lookalike domain including web presence data, screenshot metadata, logo detection locations, text detection locations, and visual similarity indicators. Does not include the actual screenshot image (use brandtrust_get_lookalike_screenshot for that). The domain parameter should be the full domain name (e.g., suspicious-domain.com).", "inputSchema": { "type": "object", "properties": { "domain": { "type": "string", "description": "The lookalike domain name (e.g., suspicious-domain.com)" }, "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } }, "required": [ "domain" ] } }, { "name": "brandtrust_get_lookalike_screenshot", "description": "Retrieves the screenshot image for a specific lookalike domain. Returns visual evidence of the domain's appearance. Use brandtrust_get_lookalike_details to retrieve metadata about logo/text detection locations. The domain parameter should be the full domain name (e.g., suspicious-domain.com).", "inputSchema": { "type": "object", "properties": { "domain": { "type": "string", "description": "The lookalike domain name (e.g., suspicious-domain.com)" }, "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } }, "required": [ "domain" ] } }, { "name": "brandtrust_list_logos", "description": "Lists all logos configured in your Brand Trust account. Returns logo metadata including ID, name, brand class, MIME type, and training status. Use this to see which logos are being monitored for detection on lookalike domains.", "inputSchema": { "type": "object", "properties": { "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } } } }, { "name": "brandtrust_get_logo", "description": "Retrieves the logo image file for a specific logo UUID. Use brandtrust_list_logos to get available logo UUIDs and brand names. The logo_uuid should be the UUID from list_logos, and brand should be the brand class name.", "inputSchema": { "type": "object", "properties": { "logo_uuid": { "type": "string", "description": "The UUID of the logo to retrieve" }, "brand": { "type": "string", "description": "The brand class name" }, "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } }, "required": [ "logo_uuid", "brand" ] } }, { "name": "brandtrust_add_logo", "description": "Validates a logo image, checks for duplicates and image quality, then uploads the valid logo image to Brand Trust for monitoring. Logo images must be JPEG, PNG, BMP, or SVG format, less than 1MB, with minimum 128px width and height. Include all logo variants (wordmark, logomark, composite). The brand parameter specifies which brand class to add the logo to. The logo_base64 parameter should be the base64-encoded image content.", "inputSchema": { "type": "object", "properties": { "logo_base64": { "type": "string", "description": "Base64-encoded image content of the logo" }, "brand": { "type": "string", "description": "Brand class name to associate the logo with" }, "filename": { "type": "string", "description": "Filename including extension (default: logo.png)" }, "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } }, "required": [ "logo_base64", "brand" ] } }, { "name": "brandtrust_add_lookalike_as_domain", "description": "Add a lookalike domain and its related subdomains to your monitored domains. Takes a lookalike domain, finds its apex and all related lookalikes, then adds them as monitored domains. The apex is added to domains and all related lookalikes are added to subdomains.", "inputSchema": { "type": "object", "properties": { "domain": { "type": "string", "description": "The lookalike domain name to add as a monitored domain" }, "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } }, "required": [ "domain" ] } }, { "name": "brandtrust_list_faces", "description": "Lists all face images configured in your Brand Trust account for person detection in lookalike content. Returns face records with metadata including IDs, person IDs, and totals.", "inputSchema": { "type": "object", "properties": { "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } } } }, { "name": "brandtrust_list_person_faces", "description": "Lists all face images for a specific person in your Brand Trust account. Use brandtrust_list_faces to get available person IDs. Returns all face records associated with the given person.", "inputSchema": { "type": "object", "properties": { "person_id": { "type": "string", "description": "The person ID to list faces for" }, "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } }, "required": [ "person_id" ] } }, { "name": "brandtrust_get_face_image", "description": "Retrieves the face image file for a specific person and face ID. Use brandtrust_list_faces or brandtrust_list_person_faces to get available person and face IDs.", "inputSchema": { "type": "object", "properties": { "person_id": { "type": "string", "description": "The person ID the face belongs to" }, "face_id": { "type": "string", "description": "The face ID to retrieve" }, "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } }, "required": [ "person_id", "face_id" ] } }, { "name": "brandtrust_upload_face", "description": "Validates and uploads a face image to Brand Trust for person detection in lookalike content. Supported formats: PNG, JPG, JPEG, BMP. The face_base64 parameter should be the base64-encoded image content. The person_id groups faces belonging to the same person. Returns the API response (for example, a face UUID) if provided, otherwise a generic success message.", "inputSchema": { "type": "object", "properties": { "person_id": { "type": "string", "description": "The person ID to associate the face with" }, "face_base64": { "type": "string", "description": "Base64-encoded image content of the face" }, "filename": { "type": "string", "description": "Filename including extension (default: face.png)" }, "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } }, "required": [ "person_id", "face_base64" ] } }, { "name": "brandtrust_delete_face", "description": "Deletes a specific face image from Brand Trust. Use brandtrust_list_faces or brandtrust_list_person_faces to get available person and face IDs.", "inputSchema": { "type": "object", "properties": { "person_id": { "type": "string", "description": "The person ID the face belongs to" }, "face_id": { "type": "string", "description": "The face ID to delete" }, "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } }, "required": [ "person_id", "face_id" ] } }, { "name": "brandtrust_list_detectable_keywords", "description": "Lists all detectable keywords configured in your Brand Trust account. These keywords are used to detect lookalike content containing specific text. Returns keyword strings and total count.", "inputSchema": { "type": "object", "properties": { "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } } } }, { "name": "brandtrust_set_detectable_keywords", "description": "Replaces all detectable keywords in your Brand Trust account with the provided list. These keywords are used to detect lookalike content containing specific text. This operation overwrites all existing keywords.", "inputSchema": { "type": "object", "properties": { "keywords": { "type": "array", "items": { "type": "string" }, "description": "List of keyword strings to set for detection" }, "instance_id": { "type": "string", "description": "Optional Brand Trust instance ID" } }, "required": [ "keywords" ] } }, { "name": "hardenize_get_assessment", "description": "Performs comprehensive security assessment for a domain using Hardenize. Evaluates TLS configuration, certificate validity, DNS security, email authentication, HTTP headers, web application security, and more. Returns assessment summary with overall scores and detailed information about security tests. Use this to audit domain security posture, identify vulnerabilities, troubleshoot security issues, or validate security improvements.\n\nOptional JSONPath filtering: Use the jsonpath_filter parameter to extract specific data from the assessment using JSONPath syntax. This allows you to retrieve only the data you need, reducing response size and processing time.\n\nExamples of jsonpath_filter usage:\n- \"$.summary\" - Extract only the assessment summary section\n- \"$.problematic_tests[*].testType\" - Get list of all test types from problematic tests\n- \"$.scores[?(@.category=='dns')]\" - Get scores for DNS category only\n- \"$.problematic_tests[?(@.quality=='error')]\" - Get only tests with error quality\n\nSet include_good=true to include passed tests in the response (default: false, only shows tests needing attention).", "inputSchema": { "type": "object", "properties": { "domain": { "type": "string", "description": "The domain to assess (e.g., \"example.com\")" }, "include_good": { "type": "boolean", "description": "Include passing tests in the response (default: false)" }, "jsonpath_filter": { "type": "string", "description": "JSONPath expression to filter the response (e.g., \"$.summary\")" }, "refresh": { "type": "boolean", "description": "Force a fresh assessment, bypassing cache (default: false)" } }, "required": [ "domain" ] } }, { "name": "hardenize_get_certificate_by_sha256", "description": "Retrieves a specific X.509 certificate from the Hardenize Certificate Transparency (CT) database using its SHA-256 fingerprint. Returns certificate details including issuer, subject, validity dates, subject alternative names (SANs), public key information, and the certificate in PEM format. Set include_unpacked=true to receive additional parsed certificate fields (extensions, key usage, policies). Use this to investigate certificates found in security scans, validate certificate chains, analyze historical certificates, or retrieve certificates for offline inspection.", "inputSchema": { "type": "object", "properties": { "sha256": { "type": "string", "description": "SHA-256 fingerprint of the certificate (64 hexadecimal characters)" }, "include_unpacked": { "type": "boolean", "description": "Include additional parsed certificate fields (default: false)" } }, "required": [ "sha256" ] } }, { "name": "hardenize_search_certificates_by_hostname", "description": "Searches the Hardenize Certificate Transparency (CT) database for certificates matching a hostname pattern. By default returns certificates that match the hostname exactly, as wildcard (*.example.com), or as subdomains, filtering out expired certificates. Returns up to 50 matches by default (configurable via limit parameter). Each result includes SHA-256 fingerprint, issuer, validity dates, and optionally the PEM-encoded certificate (set include_pem=true). Use this to discover all certificates issued for a domain, investigate potential certificate mis-issuance, audit certificate usage across subdomains, or monitor certificate transparency logs for your domains.", "inputSchema": { "type": "object", "properties": { "host": { "type": "string", "description": "Hostname to search certificates for (e.g., \"example.com\")" }, "include_exact_match": { "type": "boolean", "description": "Include certificates matching the hostname exactly (default: true)" }, "include_wildcard_match": { "type": "boolean", "description": "Include wildcard certificates matching the hostname (default: true)" }, "include_subdomains": { "type": "boolean", "description": "Include certificates for subdomains (default: true)" }, "include_pem": { "type": "boolean", "description": "Include PEM-encoded certificate in results (default: false)" }, "limit": { "type": "number", "description": "Maximum number of certificates to return (default: 50)" } }, "required": [ "host" ] } } ] }