Anomaly Detection Alert

Polls the Sentinel alert stream for new anomaly detections, filtering by severity and deduplicating repeat events. Run continuously to maintain real-time awareness of suspicious activity across your MCP tool ecosystem.

advanced

Continuous

1 step

Continuous

security gripos-sentinel-mcp

Steps

Poll for active alerts with severity filtering

sentinel_alert_list via gripos-sentinel-mcp

Recipe JSON

{"trigger":"continuous","interval":"60s","steps":[{"tool":"sentinel_alert_list","args":{"status":"active"},"output_as":"active_alerts"}],"escalation":{"critical":"page","warning":"slack","info":"log"}}

Prerequisites

Sentinel anomaly detection thresholds configured
Alert webhooks set up

Similar Recipes

Security Posture Review

Generates a comprehensive security posture report including policy status, active alerts, and compliance score.

MCP Tool Access Review

Reviews which MCP tools are accessible and checks firewall rules for overly permissive configurations.

EOD Status Update

Generates an end-of-day status report combining fleet health and alert summaries.

Run this recipe in Grip OS

Copy the JSON above, paste it into your Grip OS config, and it runs on schedule or on demand.