Add layer 3 attacks Radar tool

Author: andre-j3sus

apps/radar/README.md

@@ -13,7 +13,8 @@ Currently available tools:
 | **Category**           | **Tool**                        | **Description**                                                                                                                |
 | ---------------------- | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ |
 | **HTTP Requests**      | `get_http_requests_data`        | Fetches HTTP request data (timeseries, summaries, and grouped timeseries across dimensions like `deviceType`, `botClass`)      |
-| **L7 Attacks**         | `get_l7_attack_data`            | Fetches L7 attack data (timeseries, summaries, and grouped timeseries across dimensions like `mitigationProduct`, `ipVersion`) |
+| **Layer 7 Attacks**    | `get_l7_attack_data`            | Fetches L7 attack data (timeseries, summaries, and grouped timeseries across dimensions like `mitigationProduct`, `ipVersion`) |
+| **Layer 3 Attacks**    | `get_l3_attack_data`            | Fetches L3 attack data (timeseries, summaries, and grouped timeseries across dimensions like `protocol`, `duration`)           |
 | **Internet Speed**     | `get_internet_speed_data`       | Retrieve summary of bandwidth, latency, jitter, and packet loss, from the previous 90 days of Cloudflare Speed Test.           |
 | **Autonomous Systems** | `list_autonomous_systems`       | Lists ASes; filter by location and sort by population size                                                                     |
 |                        | `get_as_details`                | Retrieves detailed info for a specific ASN                                                                                     |

apps/radar/src/tools/radar.ts

@@ -19,6 +19,7 @@ import {
 	HttpDimensionParam,
 	InternetServicesCategoryParam,
 	IpParam,
+	L3AttackDimensionParam,
 	L7AttackDimensionParam,
 	LocationArrayParam,
 	LocationListParam,
@@ -418,6 +419,63 @@ export function registerRadarTools(agent: RadarMCP) {
 		}
 	)
 
+	agent.server.tool(
+		'get_l3_attack_data',
+		'Retrieve application layer (L3) attack trends.',
+		{
+			dateRange: DateRangeArrayParam.optional(),
+			dateStart: DateStartArrayParam.optional(),
+			dateEnd: DateEndArrayParam.optional(),
+			asn: AsnArrayParam,
+			continent: ContinentArrayParam,
+			location: LocationArrayParam,
+			format: DataFormatParam,
+			dimension: L3AttackDimensionParam,
+		},
+		async ({ dateStart, dateEnd, dateRange, asn, location, continent, format, dimension }) => {
+			try {
+				if (format !== 'timeseries' && !dimension) {
+					throw new Error(`The '${format}' format requires a 'dimension' to group the data.`)
+				}
+
+				const client = getCloudflareClient(agent.props.accessToken)
+				const endpoint = (...args: any) =>
+					format === 'timeseries'
+						? client.radar.attacks.layer3[format](...args)
+						: client.radar.attacks.layer3[format][dimension!](...args)
+
+				const r = await endpoint({
+					asn,
+					continent,
+					location,
+					dateRange,
+					dateStart,
+					dateEnd,
+				})
+
+				return {
+					content: [
+						{
+							type: 'text',
+							text: JSON.stringify({
+								result: r,
+							}),
+						},
+					],
+				}
+			} catch (error) {
+				return {
+					content: [
+						{
+							type: 'text',
+							text: `Error getting L3 attack data: ${error instanceof Error && error.message}`,
+						},
+					],
+				}
+			}
+		}
+	)
+
 	agent.server.tool(
 		'get_internet_speed_data',
 		'Retrieve summary of bandwidth, latency, jitter, and packet loss, from the previous 90 days of Cloudflare Speed Test.',

apps/radar/src/types/radar.ts

@@ -187,3 +187,16 @@ export const L7AttackDimensionParam = z
 	.describe(
 		"Dimension used to group L7 attack data. Allowed only when the format is 'summary' or 'timeseriesGroups'."
 	)
+
+export const L3AttackDimensionParam = z
+	.enum([
+		'protocol',
+		'ipVersion',
+		'vector',
+		'bitrate',
+		// TODO: add 'vertical' and 'industry' once they are in the cloudflare API lib
+	])
+	.optional()
+	.describe(
+		"Dimension used to group L7 attack data. Allowed only when the format is 'summary' or 'timeseriesGroups'."
+	)