ReliaQuest GreyMatter MCP Server

147 tools. 91 can modify or destroy data without limits.

14 destructive tools with no built-in limits. Policy required.

Last updated:

91 can modify or destroy data
56 read-only
147 tools total

Community server · catalogue entry verified 30/06/2026

How to control ReliaQuest GreyMatter MCP Server ↓

What ReliaQuest GreyMatter MCP Server exposes to your agents

Read (56) Write / Execute (77) Destructive / Financial (14)
Critical Risk

The most dangerous ReliaQuest GreyMatter MCP Server tools

91 of ReliaQuest GreyMatter MCP Server's 147 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control ReliaQuest GreyMatter MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and ReliaQuest GreyMatter MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "cancel_case": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "acknowledge_assign_and_close_incident": {
    "limits": [
      {
        "counter": "acknowledge_assign_and_close_incident_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "access_control_policies": {
    "limits": [
      {
        "counter": "access_control_policies_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register ReliaQuest GreyMatter MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON RELIAQUEST GREYMATTER →

Instant setup, no code required.

All 147 ReliaQuest GreyMatter MCP Server tools

DESTRUCTIVE 14 tools
Destructive cancel_case Cases \u00b7 mutation cancelCase. Variables: input. Example variables: {\ Destructive delete_access_control_policy DRP Access Control \u00b7 mutation deleteAccessControlPolicy. Variables: after, first, notFilter, order, after Destructive delete_access_group Access Groups \u00b7 mutation deleteAccessGroup. Variables: id. Example variables: {\ Destructive delete_api_key_by_id API Keys \u00b7 mutation deleteApiKeyById. Variables: id, user. Example variables: {\ Destructive delete_api_keys API Keys \u00b7 mutation deleteApiKeys. Variables: user. Example variables: {\ Destructive delete_asset Assets \u00b7 mutation deleteAsset. Variables: input. Example variables: {\ Destructive delete_drp_alert_comment DRP Alerts \u00b7 mutation deleteDrpAlertComment. Variables: input. Example variables: {\ Destructive delete_emergency_contact Emergency Contacts \u00b7 mutation deleteEmergencyContact. Variables: id. Example variables: {\ Destructive delete_pod Access Groups \u00b7 mutation deletePod. Variables: id. Example variables: {\ Destructive delete_reference_list Reference Lists \u00b7 mutation deleteReferenceList. Variables: after, columnSelector, filter, first, order, i Destructive delete_reference_list_column Reference Lists \u00b7 mutation deleteReferenceListColumn. Variables: id. Example variables: {\ Destructive delete_reference_list_row Reference Lists \u00b7 mutation deleteReferenceListRow. Variables: id. Example variables: {\ Destructive delete_role Access Groups \u00b7 mutation deleteRole. Variables: id. Example variables: {\ Destructive delete_user User \u00b7 mutation deleteUser. Variables: user. Example variables: {\
WRITE 74 tools
Write acknowledge_assign_and_close_incident Incidents \u00b7 mutation acknowledgeAssignAndCloseIncident. Variables: input. Example variables: {\ Write acknowledge_incident Acknowledge an incident. input: IncidentAcknowledgementInput { incidentId, acknowledgementMethod (e.g. WEB_UI) Write acknowledge_task Tasks \u00b7 mutation acknowledgeTask. Variables: after, filter, first, order, input. Example variables: {\ Write add_case_comment Cases \u00b7 mutation addCaseComment. Variables: input. Example variables: {\ Write add_children_to_case Cases \u00b7 mutation addChildrenToCase. Variables: input. Example variables: {\ Write add_drp_alert_comment DRP Alerts \u00b7 mutation addDrpAlertComment. Variables: input. Example variables: {\ Write add_incident_comment Add a comment to an incident. input: IncidentCommentInput { incidentId, comment }. Variables: after, filter, f Write add_task_comment Add a comment to a task. input: TaskCommentInput { taskId, comment }. Variables: after, filter, first, order, Write assign_discover_task Discover Tasks \u00b7 mutation assignDiscoverTask. Variables: input. Example variables: {\ Write assign_drp_alert DRP Alerts \u00b7 mutation assignDRPAlert. Variables: input. Example variables: {\ Write assign_drp_alerts DRP Alerts \u00b7 mutation assignDRPAlerts. Variables: input. Example variables: {\ Write assign_incident Assign an incident to a GreyMatter user. input: AssignIncidentInput { incidentId, assigneeId }. Resolve assign Write assign_task Assign a task to a GreyMatter user. input: AssignTaskInput { taskId, assigneeId }. Variables: after, filter, f Write bulk_add_drp_alert_comment DRP Alerts \u00b7 mutation bulkAddDrpAlertComment. Variables: input. Example variables: {\ Write bulk_close_drp_alerts DRP Alerts \u00b7 mutation bulkCloseDrpAlerts. Variables: input. Example variables: {\ Write bulk_close_incidents Incidents \u00b7 mutation bulkCloseIncidents. Variables: input. Example variables: {\ Write bulk_resolve_tasks Tasks \u00b7 mutation bulkResolveTasks. Variables: input. Example variables: {\ Write bulk_update_drp_alert_state DRP Alerts \u00b7 mutation bulkUpdateDrpAlertState. Variables: input. Example variables: {\ Write close_case Cases \u00b7 mutation closeCase. Variables: input. Example variables: {\ Write close_discover_task Discover Tasks \u00b7 mutation closeDiscoverTask. Variables: input. Example variables: {\ Write close_incident Resolve or cancel an incident. request: CloseIncidentRequest { incidentId, state (RESOLVED or CANCELLED), clos Write create_access_control_policy DRP Access Control \u00b7 mutation createAccessControlPolicy. Variables: after, first, notFilter, order, after Write create_access_group Access Groups \u00b7 mutation createAccessGroup. Variables: after, filter, first, order, after1, filter1, firs Write create_activity_log_entry_comment Detections \u00b7 mutation createActivityLogEntryComment. Variables: comment. Example variables: {\ Write create_api_key API Keys \u00b7 mutation createApiKey. Variables: input. Example variables: {\ Write create_case Create a case. NOTE: state is effectively REQUIRED despite being schema-optional \u2014 omitting it makes the Write create_emergency_contact Emergency Contacts \u00b7 mutation createEmergencyContact. Variables: input. Example variables: {\ Write create_pod Access Groups \u00b7 mutation createPod. Variables: after, filter, first, order, after1, filter1, first1, notF Write create_reference_list Reference Lists \u00b7 mutation createReferenceList. Variables: after, columnSelector, filter, first, order, i Write create_reference_list_column Reference Lists \u00b7 mutation createReferenceListColumn. Variables: input. Example variables: {\ Write create_reference_list_row Reference Lists \u00b7 mutation createReferenceListRow. Variables: input. Example variables: {\ Write create_role Access Groups \u00b7 mutation createRole. Variables: after, filter, first, order, after1, filter1, first1, ord Write create_task Tasks \u00b7 mutation createTask. Variables: after, filter, first, order, input. Example variables: {\ Write create_user User \u00b7 mutation createUser. Variables: after, filter, first, order, after1, filter1, first1, order1, afte Write disable_user User \u00b7 mutation disableUser. Variables: after, filter, first, order, after1, filter1, first1, order1, aft Write enable_user User \u00b7 mutation enableUser. Variables: after, filter, first, order, after1, filter1, first1, order1, afte Write generate_password_link User \u00b7 mutation generatePasswordLink. Variables: after, filter, first, order, after1, filter1, first1, or Write release_incident Incidents \u00b7 mutation releaseIncident. Variables: id. Example variables: {\ Write remove_child_from_case Cases \u00b7 mutation removeChildFromCase. Variables: input. Example variables: {\ Write resend_invite User \u00b7 mutation resendInvite. Variables: after, filter, first, order, after1, filter1, first1, order1, af Write reset_mfa User \u00b7 mutation resetMfa. Variables: after, filter, first, order, after1, filter1, first1, order1, after2 Write resolve_task Resolve a task. input: ResolveTaskInput { taskId, closeCode (CANCELLED, DUPLICATE, or RESOLVED), closeNote }. Write retain_incident Incidents \u00b7 mutation retainIncident. Variables: id. Example variables: {\ Write send_forgot_password User \u00b7 mutation sendForgotPassword. Variables: after, filter, first, order, after1, filter1, first1, orde Write un_watch_drp_alert DRP Alerts \u00b7 mutation unWatchDRPAlert. Variables: shortCode. Example variables: {\ Write un_watch_drp_alerts DRP Alerts \u00b7 mutation unWatchDRPAlerts. Variables: input. Example variables: {\ Write unassign_drp_alert DRP Alerts \u00b7 mutation unassignDRPAlert. Variables: input. Example variables: {\ Write unassign_drp_alerts DRP Alerts \u00b7 mutation unassignDRPAlerts. Variables: input. Example variables: {\ Write unresolve_incident Incidents \u00b7 mutation unresolveIncident. Variables: input. Example variables: {\ Write unresolve_task Tasks \u00b7 mutation unresolveTask. Variables: after, filter, first, order, input. Example variables: {\ Write update_access_control_policies DRP Access Control \u00b7 mutation updateAccessControlPolicies. Variables: after, first, notFilter, order, aft Write update_access_control_policy DRP Access Control \u00b7 mutation updateAccessControlPolicy. Variables: after, first, notFilter, order, after Write update_access_group Access Groups \u00b7 mutation updateAccessGroup. Variables: after, filter, first, order, after1, filter1, firs Write update_call_order Emergency Contacts \u00b7 mutation updateCallOrder. Variables: callOrder, id. Example variables: {\ Write update_case Cases \u00b7 mutation updateCase. Variables: input. Example variables: {\ Write update_case_due_date Cases \u00b7 mutation updateCaseDueDate. Variables: input. Example variables: {\ Write update_case_owner Cases \u00b7 mutation updateCaseOwner. Variables: input. Example variables: {\ Write update_discover_task_state Discover Tasks \u00b7 mutation updateDiscoverTaskState. Variables: input. Example variables: {\ Write update_drp_alert_comment DRP Alerts \u00b7 mutation updateDrpAlertComment. Variables: input. Example variables: {\ Write update_drp_alert_state DRP Alerts \u00b7 mutation updateDrpAlertState. Variables: input. Example variables: {\ Write update_emergency_contact Emergency Contacts \u00b7 mutation updateEmergencyContact. Variables: input. Example variables: {\ Write update_incident_state Change an incident Write update_pod Access Groups \u00b7 mutation updatePod. Variables: after, filter, first, order, after1, filter1, first1, notF Write update_reference_list Reference Lists \u00b7 mutation updateReferenceList. Variables: after, columnSelector, filter, first, order, i Write update_reference_list_column Reference Lists \u00b7 mutation updateReferenceListColumn. Variables: input. Example variables: {\ Write update_reference_list_row Reference Lists \u00b7 mutation updateReferenceListRow. Variables: input. Example variables: {\ Write update_role Access Groups \u00b7 mutation updateRole. Variables: after, filter, first, order, after1, filter1, first1, ord Write update_task_retained_status Tasks \u00b7 mutation updateTaskRetainedStatus. Variables: input. Example variables: {\ Write update_task_state Tasks \u00b7 mutation updateTaskState. Variables: after, filter, first, order, input. Example variables: {\ Write update_user User \u00b7 mutation updateUser. Variables: after, filter, first, order, after1, filter1, first1, order1, afte Write upsert_customer_playbook Playbooks \u00b7 mutation upsertCustomerPlaybook. Variables: input. Example variables: {\ Write upsert_playbook_metadata Playbooks \u00b7 mutation upsertPlaybookMetadata. Variables: input. Example variables: {\ Write watch_drp_alert DRP Alerts \u00b7 mutation watchDRPAlert. Variables: after, filter, first, order, after1, filter1, first1, ord Write watch_drp_alerts DRP Alerts \u00b7 mutation watchDRPAlerts. Variables: input. Example variables: {\
READ 56 tools
Read access_control_policies DRP Access Control \u00b7 query accessControlPolicies. Variables: after, customerId, first, policyFilter, poli Read access_control_policy DRP Access Control \u00b7 query accessControlPolicy. Variables: after, first, notFilter, order, after1, first1 Read access_control_resources DRP Access Control \u00b7 query accessControlResources. Example variables: {} Read access_group Access Groups \u00b7 query accessGroup. Variables: after, filter, first, order, after1, filter1, first1, order Read access_groups Access Groups \u00b7 query accessGroups. Variables: after, filter, first, notFilter, order. Example variables: Read api_keys API Keys \u00b7 query apiKeys. Variables: after, filter, first, order, after1, filter1, first1, order1, after2 Read assets Assets \u00b7 query assets. Variables: after, filter, first, order. Example variables: {\ Read audits User Activity \u00b7 query audits. Variables: after, filter, first, order. Example variables: {\ Read case Cases \u00b7 query case. Variables: after, filter, first, order, after1, filter1, first1, order1, after2, filt Read cases List cases (with nested activity/children/comments connections). The OUTER list page size is first3 (set it to Read customer Customer \u00b7 query customer. Variables: after, first, after1, first1. Example variables: {\ Read customer_detection Detections \u00b7 query customerDetection. Variables: after, filter, first, order, by, id. Example variables: Read customer_detection_activity_log_entries Detections \u00b7 query customerDetectionActivityLogEntries. Variables: after, filter, first, order. Example v Read customer_detection_activity_log_entry Detections \u00b7 query customerDetectionActivityLogEntry. Variables: after, filter, first, order, id. Example Read customer_detections Detections \u00b7 query customerDetections. Variables: after, filter, first, order. Example variables: {\ Read customer_playbooks Playbooks \u00b7 query customerPlaybooks. Variables: after, filter, first, order. Example variables: {\ Read customers Customer \u00b7 query customers. Variables: after, filter, first, notFilter, order. Example variables: {\ Read data_source_schema Data \u00b7 query dataSourceSchema. Variables: by. Example variables: {\ Read detection_rules List deployed detection rules across GreyMatter integrations (includes MITRE ATT&CK mapping where available). Read discover_task Discover Tasks \u00b7 query discoverTask. Variables: after, filter, first, order, after1, filter1, first1, ord Read discover_tasks Discover Tasks \u00b7 query discoverTasks. Variables: after, filter, first, order, after1, filter1, first1, or Read draft_customer_detection Detections \u00b7 query draftCustomerDetection. Variables: after, filter, first, order, by. Example variables: Read drp_alert DRP Alerts \u00b7 query drpAlert. Variables: after, first, after1, first1, by. Example variables: {\ Read drp_alerts DRP Alerts \u00b7 query drpAlerts. Variables: after, filter, first, orderBy. Example variables: {\ Read emergency_contact Emergency Contacts \u00b7 query emergencyContact. Variables: after, first, after1, first1, after2, filter, fir Read emergency_contacts Emergency Contacts \u00b7 query emergencyContacts. Variables: after, filter, first, order. Example variables: Read greymatter_field Fields \u00b7 query greymatterField. Variables: by. Example variables: {\ Read greymatter_fields Fields \u00b7 query greymatterFields. Variables: after, filter, first, order. Example variables: {\ Read health_incidents Incidents \u00b7 query healthIncidents. Variables: after, first, incidentFilter, incidentOrder. Example variab Read identities Identities \u00b7 query identities. Variables: after, filter, first, order. Example variables: {\ Read incident Fetch a single incident by id or ticket number, including comments, artifacts, metadata, rule, and assignee. V Read incidents List security incidents with filtering (state, severity, updated time range) and ordering. Relay-paginated (ed Read indicator Indicators \u00b7 query indicator. Variables: by. Example variables: {\ Read indicators Indicators \u00b7 query indicators. Variables: after, filter, first, order. Example variables: {\ Read integration Query Management \u00b7 query integration. Variables: after, filter, first, order, after1, first1, after2, fir Read integrations Query Management \u00b7 query integrations. Variables: after, first, integrationFilter, integrationOrder. Exam Read me User \u00b7 query me. Variables: after, filter, first, order. Example variables: {\ Read node Utilities \u00b7 query node. Variables: id. Example variables: {\ Read permissions Access Groups \u00b7 query permissions. Example variables: {} Read playbook_run Playbooks \u00b7 query playbookRun. Variables: after, filter, first, order, after1, filter1, first1, order1, a Read playbook_run_filter_data Playbooks \u00b7 query playbookRunFilterData. Variables: after, filter, first, order, after1, filter1, first1, Read playbook_runs Playbooks \u00b7 query playbookRuns. Variables: after, filter, first, orderBy. Example variables: {\ Read playbooks Playbooks \u00b7 query playbooks. Example variables: {} NOTE: supportedTechnologies is omitted from this query Read pod Access Groups \u00b7 query pod. Variables: after, filter, first, order, after1, filter1, first1, notFilter, or Read pods Access Groups \u00b7 query pods. Variables: after, filter, first, notFilter, order. Example variables: {\ Read rate_limit Return current GreyMatter API rate-limit usage (limit is 5000 points/hour per company account). Example variab Read recommended_playbooks Playbooks \u00b7 query recommendedPlaybooks. Variables: filter. Example variables: {\ Read reference_list Reference Lists \u00b7 query referenceList. Variables: after, filter, first, order, after1, filter1, first1, o Read reference_lists Reference Lists \u00b7 query referenceLists. Variables: after, filter, first, order. Example variables: {\ Read role Access Groups \u00b7 query role. Variables: after, filter, first, order, after1, filter1, first1, order1, id. Read roles Access Groups \u00b7 query roles. Variables: after, filter, first, notFilter, order. Example variables: {\ Read search_history Query Management \u00b7 query searchHistory. Variables: after, by, filter, first, order. Example variables: {\ Read task Fetch a single task by id, including comments. Variables: after, filter, first, order, after1, filter1, first1 Read tasks List tasks (non-security / engineering items) with filtering and ordering. Relay-paginated. Variables: after, Read time_buckets Data \u00b7 query timeBuckets. Variables: filter. Example variables: {\ Read user User \u00b7 query user. Variables: after, filter, first, order, after1, filter1, first1, order1, after2, filte

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about ReliaQuest GreyMatter MCP Server

Can an AI agent delete data through the ReliaQuest GreyMatter MCP Server MCP server? +

Yes. The ReliaQuest GreyMatter MCP Server server exposes 14 destructive tools including cancel_case, delete_access_control_policy, delete_access_group. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through ReliaQuest GreyMatter MCP Server? +

The ReliaQuest GreyMatter MCP Server server has 74 write tools including acknowledge_assign_and_close_incident, acknowledge_incident, acknowledge_task. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach ReliaQuest GreyMatter MCP Server.

How many tools does the ReliaQuest GreyMatter MCP Server MCP server expose? +

147 tools across 4 categories: Destructive, Execute, Read, Write. 56 are read-only. 91 can modify, create, or delete data.

How do I enforce a policy on ReliaQuest GreyMatter MCP Server? +

Register the ReliaQuest GreyMatter MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every ReliaQuest GreyMatter MCP Server tool call.

Deterministic rules across all 147 ReliaQuest GreyMatter MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

147 ReliaQuest GreyMatter MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.