Web Security
Purpose
Detects web application attacks (OWASP Top 10), API abuse, credential stuffing, web-shell deployment, and HTTP header anomalies from WAF and proxy logs.
MCP Domains
| Domain | Description |
|---|---|
siem | WAF log search, event correlation |
network | Proxy/firewall log analysis |
osint | Threat context enrichment |
waf | WAF rule management |
Tools
| Tool | Description |
|---|---|
read_waf_events | Query WAF event log |
append_waf_rule | Add blocking rule to WAF |
search_logs | Search SIEM for related events |
lookup_ioc | Enrich IOCs with threat intel |
Input schema
{
"query": "string",
"time_range": {"start": "ISO8601", "end": "ISO8601"},
"target_endpoints": ["string"]
}
Output schema
{
"attack_type": "string",
"owasp_category": "string",
"affected_endpoints": ["string"],
"payload_analysis": "string",
"mitre_techniques": ["string"],
"recommended_waf_rules": ["string"],
"severity_score": "int"
}
Memory config
| Parameter | Value |
|---|---|
sliding_window | 30 |
enable_episodic | true |
enable_threat_intel | false |
auto_persist_interval | 20 |
Allow-list
siem, network, osint, waf